Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Closed Topic
 
Topic Tools
  #61  
Old November 6th, 2017, 09:20 PM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
2) Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2017 02
Ran by Darryl (administrator) on WIZARDS-PC (06-11-2017 21:44:09)
Running from C:\Users\Darryl\Desktop
Loaded Profiles: Darryl (Available Profiles: Darryl & Administrator)
Platform: Microsoft Windows 7 Home Basic Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\MTN Online\ApplicationController.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\HSPA USB Modem\Driver\DevMon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.ex e
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManage r.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
() C:\Program Files\HSPA USB Modem\HSPA USB Modem.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DevMon] => C:\Program Files\HSPA USB Modem\Driver\DevMon.exe [45056 2013-12-06] ()
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1807240 2010-08-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9652840 2010-08-11] (Realtek Semiconductor)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-08] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-917511795-3256536166-560280740-1000\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
HKU\S-1-5-21-917511795-3256536166-560280740-1000\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [261984 2013-10-30] (Bitdefender)
HKU\S-1-5-21-917511795-3256536166-560280740-1000\...\MountPoints2: {e0d0c9a4-6990-11e7-9fa4-90a4de6a0dc0} - F:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2017-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder [2017-10-02] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-07-14]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{61B8ADB1-26E9-4985-80C8-84B326C30146}: [NameServer] 41.50.20.61 41.50.20.29
Tcpip\..\Interfaces\{DD0E4987-FE7E-4B4E-BD96-BA9F8683CC36}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{F481106B-D2B0-446C-818C-5B39B3DF0A40}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-917511795-3256536166-560280740-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-za/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-12] (Oracle Corporation)
BHO: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-08-23] ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-12] (Oracle Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\\bdwteff => not found
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1229199 .dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1 .dll [2017-08-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-03-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-14] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default [2017-11-06]
CHR Extension: (Google Drive) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2017-10-05]
CHR Extension: (YouTube) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2017-10-05]
CHR Extension: (Adblock Plus) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb [2017-10-07]
CHR Extension: (Webutation) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfclfmabiojpommfcalfdgjjea ahnjbj [2017-10-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-10-05]
CHR Extension: (Gmail) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2017-10-05]
CHR Extension: (Chrome Media Router) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-10-05]
CHR Profile: C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-10-08]
CHR Profile: C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 FLAME II MTN MODEM Service; C:\Program Files\MTN Online\ApplicationController.exe [574464 2015-12-15] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1221384 2013-11-11] (Bitdefender)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae.sys [59904 2017-10-04] ()
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [94208 2010-08-10] (ELAN Microelectronics Corp.)
R3 hwdatacard; C:\windows\System32\DRIVERS\ZDDriver.sys [106496 2010-01-14] (ZD Secret Incorporated)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [166840 2017-10-31] (Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [91576 2017-11-06] (Malwarebytes)
R3 MBAMProtection; C:\windows\System32\DRIVERS\mbam.sys [40384 2017-11-06] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [221112 2017-11-06] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [65824 2017-11-06] (Malwarebytes)
S3 SCDModem; C:\windows\System32\DRIVERS\SCDModem.sys [22528 2016-02-01] (SCD-MBB Device)
S3 SCDSerials; C:\windows\System32\DRIVERS\SCDSerials.sys [22528 2016-02-01] (SCD-MBB Device)
S3 SCDUsbHub; C:\windows\System32\DRIVERS\SCDUsbHub.sys [15272 2016-02-01] (DriverCoding Incorporated.)
S3 tapwindscribe0901; C:\windows\System32\DRIVERS\tapwindscribe0901.sys [41976 2017-03-29] (The OpenVPN Project)
S3 catchme; \??\C:\Users\Darryl\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-06 21:44 - 2017-11-06 21:45 - 000011121 _____ C:\Users\Darryl\Desktop\FRST.txt
2017-11-06 21:43 - 2017-11-06 21:43 - 000000000 ____D C:\Users\Darryl\Desktop\FRST-OlderVersion
2017-11-06 21:38 - 2017-11-06 21:38 - 000004306 _____ C:\Users\Darryl\Desktop\RK 6 11 17.txt
2017-11-06 20:22 - 2017-11-06 20:22 - 000000153 _____ C:\Users\Darryl\Desktop\Fixlist.txt
2017-11-04 21:17 - 2017-11-04 21:17 - 000030295 _____ C:\ProgramData\agent.update.1509823025.bdinstall.b in
2017-11-04 21:06 - 2017-11-06 19:14 - 000000000 ____D C:\Program Files\Bitdefender Agent
2017-11-04 21:06 - 2017-11-04 21:06 - 000047570 _____ C:\ProgramData\agent.1509822383.bdinstall.bin
2017-11-04 21:06 - 2017-11-04 21:06 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2017-11-04 20:52 - 2017-11-04 20:52 - 000285798 _____ C:\ProgramData\1509821187.bdinstall.bin
2017-11-04 20:52 - 2017-11-04 20:52 - 000049277 _____ C:\ProgramData\1509821498.bdinstall.bin
2017-11-04 20:52 - 2017-11-04 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 60-Second Virus Scanner
2017-11-04 20:41 - 2017-11-04 20:45 - 009932672 _____ C:\Users\Darryl\Downloads\bitdefender_online.exe
2017-10-31 19:31 - 2017-11-06 20:52 - 000065824 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2017-10-31 19:31 - 2017-11-06 19:40 - 000091576 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2017-10-31 19:31 - 2017-11-06 19:40 - 000040384 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2017-10-31 19:31 - 2017-10-31 19:31 - 000166840 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2017-10-31 19:30 - 2017-11-06 19:40 - 000221112 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2017-10-31 19:30 - 2017-10-31 19:30 - 000001980 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-31 19:30 - 2017-10-31 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-31 19:30 - 2017-10-31 19:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-31 19:30 - 2017-10-31 19:30 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-31 19:30 - 2017-10-04 13:15 - 000059904 _____ C:\windows\system32\Drivers\mbae.sys
2017-10-31 19:23 - 2017-10-31 19:27 - 071535032 _____ (Malwarebytes ) C:\Users\Darryl\Downloads\mb3-setup-1878.1878-3.2.2.2029.exe
2017-10-28 19:08 - 2017-10-28 19:08 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Sun
2017-10-28 19:08 - 2017-10-28 19:08 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Sun
2017-10-28 19:03 - 2017-10-28 19:03 - 000000000 ____D C:\Users\Administrator\Documents\Bluetooth Exchange Folder
2017-10-28 19:03 - 2017-10-28 19:03 - 000000000 ____D C:\Users\Administrator\AppData\Local\Broadcom
2017-10-23 13:39 - 2017-10-23 13:39 - 000298436 _____ C:\Users\Darryl\Downloads\doc10384620171023113911. pdf
2017-10-22 13:35 - 2017-10-22 13:35 - 000000000 ____D C:\windows\system32\Adobe
2017-10-22 13:34 - 2017-10-22 13:34 - 005838640 _____ (Adobe Systems Inc.) C:\Users\Darryl\Downloads\Shockwave_Installer_Slim .exe
2017-10-22 12:47 - 2017-10-22 12:47 - 000803328 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2017-10-22 12:47 - 2017-10-22 12:47 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2017-10-22 12:47 - 2017-10-22 12:47 - 000000000 ____D C:\windows\system32\Macromed
2017-10-22 12:47 - 2017-10-22 12:47 - 000000000 ____D C:\Users\Darryl\AppData\Roaming\Macromedia
2017-10-22 12:35 - 2017-10-22 12:44 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-10-22 12:34 - 2017-10-22 12:35 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-10-22 12:34 - 2017-10-22 12:34 - 000000000 ____D C:\Program Files\Adobe
2017-10-20 03:04 - 2017-10-20 03:04 - 000000000 ____D C:\Users\Darryl\AppData\LocalLow\Oracle
2017-10-13 19:29 - 2017-10-13 19:29 - 124059592 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe
2017-10-13 19:25 - 2017-09-13 17:13 - 004001512 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2017-10-13 19:25 - 2017-09-13 17:13 - 003945704 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-10-13 19:25 - 2017-09-13 17:13 - 000137960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-10-13 19:25 - 2017-09-13 17:13 - 000067304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-10-13 19:25 - 2017-09-13 17:10 - 001310528 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000830464 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000828928 _____ (Microsoft Corporation) C:\windows\system32\wlansvc.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000655360 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000428032 _____ (Microsoft Corporation) C:\windows\system32\wlanmsm.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000392704 _____ (Microsoft Corporation) C:\windows\system32\wlansec.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000261120 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000254464 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000223232 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000141312 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000083968 _____ (Microsoft Corporation) C:\windows\system32\wlanhlp.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000080896 _____ (Microsoft Corporation) C:\windows\system32\wlanapi.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-10-13 19:25 - 2017-09-13 17:08 - 001062912 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-10-13 19:25 - 2017-09-13 17:08 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-10-13 19:25 - 2017-09-13 17:08 - 000644096 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2017-10-13 19:25 - 2017-09-13 17:08 - 000554496 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-10-13 19:25 - 2017-09-13 17:08 - 000082432 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-10-13 19:25 - 2017-09-13 17:08 - 000050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-10-13 19:25 - 2017-09-13 17:08 - 000038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2017-10-13 19:25 - 2017-09-13 17:08 - 000017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-10-13 19:25 - 2017-09-13 17:08 - 000006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2017-10-13 19:25 - 2017-09-13 16:53 - 000271360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nwifi.sys
2017-10-13 19:25 - 2017-09-13 16:50 - 000097792 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-10-13 19:25 - 2017-09-13 16:50 - 000050688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2017-10-13 19:25 - 2017-09-13 16:50 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-10-13 19:25 - 2017-09-13 16:50 - 000029696 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-10-13 19:25 - 2017-09-13 16:50 - 000016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-10-13 19:25 - 2017-09-13 16:48 - 000262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2017-10-13 19:25 - 2017-09-13 16:46 - 000226304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-10-13 19:25 - 2017-09-13 16:46 - 000124416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-10-13 19:25 - 2017-09-13 16:46 - 000098304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-10-13 19:25 - 2017-09-13 16:46 - 000069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2017-10-13 19:25 - 2017-09-13 16:46 - 000036352 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-10-13 19:25 - 2017-09-13 16:46 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-10-13 19:25 - 2017-09-13 16:46 - 000015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-10-13 19:25 - 2017-09-09 01:47 - 000347344 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-10-13 19:25 - 2017-09-08 17:14 - 001213672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2017-10-13 19:25 - 2017-09-08 17:10 - 001549824 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2017-10-13 19:25 - 2017-09-08 17:10 - 001363968 _____ (Microsoft Corporation) C:\windows\system32\Query.dll
2017-10-13 19:25 - 2017-09-08 17:10 - 000109568 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2017-10-13 19:25 - 2017-09-08 17:09 - 001400320 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2017-10-13 19:25 - 2017-09-08 17:09 - 000666624 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2017-10-13 19:25 - 2017-09-08 17:09 - 000337408 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2017-10-13 19:25 - 2017-09-08 17:09 - 000306688 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2017-10-13 19:25 - 2017-09-08 17:09 - 000197120 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2017-10-13 19:25 - 2017-09-08 17:09 - 000104448 _____ (Microsoft Corporation) C:\windows\system32\mssitlb.dll
2017-10-13 19:25 - 2017-09-08 17:09 - 000059392 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2017-10-13 19:25 - 2017-09-08 17:09 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
2017-10-13 19:25 - 2017-09-08 17:00 - 000427520 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2017-10-13 19:25 - 2017-09-08 17:00 - 000164352 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2017-10-13 19:25 - 2017-09-08 16:59 - 000086528 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2017-10-13 19:25 - 2017-09-08 16:59 - 000009728 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll
2017-10-13 19:25 - 2017-09-08 16:50 - 002402304 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-10-13 19:25 - 2017-09-08 16:20 - 000640512 _____ (Microsoft Corporation) C:\windows\system32\mswstr10.dll
2017-10-13 19:25 - 2017-09-08 16:20 - 000345088 _____ (Microsoft Corporation) C:\windows\system32\msexcl40.dll
2017-10-13 19:25 - 2017-09-08 16:20 - 000008704 _____ (Microsoft Corporation) C:\windows\system32\msjint40.dll
2017-10-13 19:25 - 2017-09-07 21:27 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-10-13 19:25 - 2017-09-07 21:26 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-10-13 19:25 - 2017-09-07 21:11 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-10-13 19:25 - 2017-09-07 21:10 - 000499200 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-10-13 19:25 - 2017-09-07 21:10 - 000341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-10-13 19:25 - 2017-09-07 21:10 - 000047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-10-13 19:25 - 2017-09-07 21:09 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-10-13 19:25 - 2017-09-07 21:04 - 020267008 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-10-13 19:25 - 2017-09-07 21:03 - 002292736 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-10-13 19:25 - 2017-09-07 21:03 - 000047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-10-13 19:25 - 2017-09-07 21:02 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-10-13 19:25 - 2017-09-07 20:59 - 000476160 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-10-13 19:25 - 2017-09-07 20:58 - 000663040 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-10-13 19:25 - 2017-09-07 20:58 - 000620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-10-13 19:25 - 2017-09-07 20:58 - 000115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-10-13 19:25 - 2017-09-07 20:58 - 000104960 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-10-13 19:25 - 2017-09-07 20:52 - 000667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-10-13 19:25 - 2017-09-07 20:49 - 000416256 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-10-13 19:25 - 2017-09-07 20:44 - 000073216 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2017-10-13 19:25 - 2017-09-07 20:44 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-10-13 19:25 - 2017-09-07 20:43 - 000091136 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-10-13 19:25 - 2017-09-07 20:40 - 000168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-10-13 19:25 - 2017-09-07 20:39 - 000076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-10-13 19:25 - 2017-09-07 20:37 - 000279040 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-10-13 19:25 - 2017-09-07 20:36 - 000130048 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-10-13 19:25 - 2017-09-07 20:29 - 004547072 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-10-13 19:25 - 2017-09-07 20:29 - 000230400 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-10-13 19:25 - 2017-09-07 20:26 - 000694784 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-10-13 19:25 - 2017-09-07 20:26 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-10-13 19:25 - 2017-09-07 20:25 - 002058752 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-10-13 19:25 - 2017-09-07 20:25 - 001155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-10-13 19:25 - 2017-09-07 20:17 - 013677568 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-10-13 19:25 - 2017-09-07 20:01 - 002767872 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-10-13 19:25 - 2017-09-07 19:57 - 001316864 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-10-13 19:25 - 2017-09-07 19:57 - 000710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-10-13 19:25 - 2017-09-07 17:12 - 002755072 _____ (Microsoft Corporation) C:\windows\system32\themeui.dll
2017-10-13 19:25 - 2017-09-07 16:48 - 000313856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2017-10-13 19:25 - 2017-09-07 16:48 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2017-10-13 19:25 - 2017-09-07 16:48 - 000115712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2017-10-08 13:35 - 2017-10-13 20:13 - 000000000 ____D C:\Users\Darryl\AppData\Local\ESET
2017-10-08 13:33 - 2017-10-08 13:35 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Darryl\Downloads\esetonlinescanner_enu.ex e
2017-10-08 12:15 - 2017-10-08 12:15 - 000000000 ____D C:\Users\Darryl\Downloads\RevoUninstaller_Portable
2017-10-07 11:45 - 2017-10-07 11:45 - 000000385 _____ C:\Users\Administrator\AppData\Roaminguser_gensett .xml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-06 21:44 - 2017-09-09 17:31 - 000000000 ____D C:\FRST
2017-11-06 21:43 - 2017-09-09 17:28 - 001799680 _____ (Farbar) C:\Users\Darryl\Desktop\FRST.exe
2017-11-06 20:35 - 2017-09-26 22:39 - 000024688 _____ C:\windows\system32\Drivers\TrueSight.sys
2017-11-06 20:33 - 2017-09-26 22:35 - 000000961 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-11-06 20:33 - 2017-09-26 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-11-06 20:33 - 2017-09-26 22:35 - 000000000 ____D C:\Program Files\RogueKiller
2017-11-06 20:29 - 2009-07-14 06:34 - 000014512 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-06 20:29 - 2009-07-14 06:34 - 000014512 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-06 20:18 - 2009-07-26 22:06 - 000781790 _____ C:\windows\system32\PerfStringBackup.INI
2017-11-06 20:18 - 2009-07-14 04:37 - 000000000 ____D C:\windows\inf
2017-11-06 19:39 - 2017-10-03 09:57 - 000000000 ____D C:\Program Files\Bitdefender
2017-11-06 19:39 - 2017-10-02 11:36 - 000000000 ____D C:\ProgramData\Bitdefender
2017-11-06 19:39 - 2009-07-14 06:53 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-11-06 18:05 - 2017-07-16 19:28 - 000000000 ____D C:\Users\Darryl\AppData\Roaming\Skype
2017-11-04 20:51 - 2017-10-03 09:57 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2017-11-04 20:48 - 2017-07-16 00:36 - 000064034 _____ C:\bdlog.txt
2017-11-04 00:58 - 2017-09-27 23:22 - 000000000 ____D C:\Users\Darryl\AppData\Roaming\vlc
2017-11-01 01:42 - 2009-07-14 06:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-10-27 20:35 - 2009-07-14 04:37 - 000000000 ____D C:\windows\system32\NDF
2017-10-24 21:19 - 2009-07-14 04:37 - 000000000 ____D C:\windows\ModemLogs
2017-10-24 21:17 - 2017-07-31 19:40 - 000000000 ____D C:\Program Files\MTN Online
2017-10-22 12:48 - 2017-07-15 19:45 - 000000000 ____D C:\Users\Darryl\AppData\Local\Adobe
2017-10-22 12:42 - 2017-08-30 23:48 - 000000000 ____D C:\Users\Darryl\AppData\Local\CrashDumps
2017-10-22 12:41 - 2011-04-06 04:29 - 000000000 ____D C:\ProgramData\Adobe
2017-10-22 12:40 - 2017-08-11 14:08 - 000000000 ____D C:\Users\Darryl\AppData\LocalLow\Adobe
2017-10-22 12:40 - 2017-07-14 10:48 - 000000000 ____D C:\Users\Darryl\AppData\Roaming\Adobe
2017-10-15 16:18 - 2017-10-01 14:04 - 000000000 ____D C:\Users\Darryl\Desktop\LaunchContinuuum
2017-10-15 14:42 - 2009-07-14 04:37 - 000000000 ____D C:\windows\rescache
2017-10-13 20:14 - 2009-07-14 06:33 - 000298384 _____ C:\windows\system32\FNTCACHE.DAT
2017-10-13 19:40 - 2017-07-14 10:41 - 000000000 ____D C:\windows\system32\MRT
2017-10-13 19:28 - 2017-07-14 10:41 - 124059592 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-10-08 16:39 - 2017-08-05 16:26 - 000001148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-10-08 16:39 - 2017-08-05 16:26 - 000001136 _____ C:\Users\Public\Desktop\paint.net.lnk
2017-10-08 16:39 - 2017-08-05 16:25 - 000000000 ____D C:\Program Files\paint.net

==================== Files in the root of some directories =======

2017-11-04 20:52 - 2017-11-04 20:52 - 000285798 _____ () C:\ProgramData\1509821187.bdinstall.bin
2017-11-04 20:52 - 2017-11-04 20:52 - 000049277 _____ () C:\ProgramData\1509821498.bdinstall.bin
2017-11-04 21:06 - 2017-11-04 21:06 - 000047570 _____ () C:\ProgramData\agent.1509822383.bdinstall.bin
2017-11-04 21:17 - 2017-11-04 21:17 - 000030295 _____ () C:\ProgramData\agent.update.1509823025.bdinstall.b in

Some files in TEMP:
====================
2017-11-06 20:34 - 2017-09-13 17:10 - 001310528 _____ (Microsoft Corporation) C:\Users\Darryl\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-31 21:54

==================== End of FRST.txt ============================


  #62  
Old November 6th, 2017, 09:21 PM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
2) Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2017 02
Ran by Darryl (administrator) on WIZARDS-PC (06-11-2017 21:44:09)
Running from C:\Users\Darryl\Desktop
Loaded Profiles: Darryl (Available Profiles: Darryl & Administrator)
Platform: Microsoft Windows 7 Home Basic Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\MTN Online\ApplicationController.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\HSPA USB Modem\Driver\DevMon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.ex e
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManage r.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
() C:\Program Files\HSPA USB Modem\HSPA USB Modem.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DevMon] => C:\Program Files\HSPA USB Modem\Driver\DevMon.exe [45056 2013-12-06] ()
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1807240 2010-08-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9652840 2010-08-11] (Realtek Semiconductor)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-08] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-917511795-3256536166-560280740-1000\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
HKU\S-1-5-21-917511795-3256536166-560280740-1000\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [261984 2013-10-30] (Bitdefender)
HKU\S-1-5-21-917511795-3256536166-560280740-1000\...\MountPoints2: {e0d0c9a4-6990-11e7-9fa4-90a4de6a0dc0} - F:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2017-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder [2017-10-02] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-07-14]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{61B8ADB1-26E9-4985-80C8-84B326C30146}: [NameServer] 41.50.20.61 41.50.20.29
Tcpip\..\Interfaces\{DD0E4987-FE7E-4B4E-BD96-BA9F8683CC36}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{F481106B-D2B0-446C-818C-5B39B3DF0A40}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-917511795-3256536166-560280740-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-za/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-12] (Oracle Corporation)
BHO: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-08-23] ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-12] (Oracle Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\\bdwteff => not found
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1229199 .dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1 .dll [2017-08-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-03-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-14] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default [2017-11-06]
CHR Extension: (Google Drive) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2017-10-05]
CHR Extension: (YouTube) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2017-10-05]
CHR Extension: (Adblock Plus) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb [2017-10-07]
CHR Extension: (Webutation) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfclfmabiojpommfcalfdgjjea ahnjbj [2017-10-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-10-05]
CHR Extension: (Gmail) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2017-10-05]
CHR Extension: (Chrome Media Router) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-10-05]
CHR Profile: C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-10-08]
CHR Profile: C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 FLAME II MTN MODEM Service; C:\Program Files\MTN Online\ApplicationController.exe [574464 2015-12-15] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1221384 2013-11-11] (Bitdefender)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae.sys [59904 2017-10-04] ()
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [94208 2010-08-10] (ELAN Microelectronics Corp.)
R3 hwdatacard; C:\windows\System32\DRIVERS\ZDDriver.sys [106496 2010-01-14] (ZD Secret Incorporated)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [166840 2017-10-31] (Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [91576 2017-11-06] (Malwarebytes)
R3 MBAMProtection; C:\windows\System32\DRIVERS\mbam.sys [40384 2017-11-06] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [221112 2017-11-06] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [65824 2017-11-06] (Malwarebytes)
S3 SCDModem; C:\windows\System32\DRIVERS\SCDModem.sys [22528 2016-02-01] (SCD-MBB Device)
S3 SCDSerials; C:\windows\System32\DRIVERS\SCDSerials.sys [22528 2016-02-01] (SCD-MBB Device)
S3 SCDUsbHub; C:\windows\System32\DRIVERS\SCDUsbHub.sys [15272 2016-02-01] (DriverCoding Incorporated.)
S3 tapwindscribe0901; C:\windows\System32\DRIVERS\tapwindscribe0901.sys [41976 2017-03-29] (The OpenVPN Project)
S3 catchme; \??\C:\Users\Darryl\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-06 21:44 - 2017-11-06 21:45 - 000011121 _____ C:\Users\Darryl\Desktop\FRST.txt
2017-11-06 21:43 - 2017-11-06 21:43 - 000000000 ____D C:\Users\Darryl\Desktop\FRST-OlderVersion
2017-11-06 21:38 - 2017-11-06 21:38 - 000004306 _____ C:\Users\Darryl\Desktop\RK 6 11 17.txt
2017-11-06 20:22 - 2017-11-06 20:22 - 000000153 _____ C:\Users\Darryl\Desktop\Fixlist.txt
2017-11-04 21:17 - 2017-11-04 21:17 - 000030295 _____ C:\ProgramData\agent.update.1509823025.bdinstall.b in
2017-11-04 21:06 - 2017-11-06 19:14 - 000000000 ____D C:\Program Files\Bitdefender Agent
2017-11-04 21:06 - 2017-11-04 21:06 - 000047570 _____ C:\ProgramData\agent.1509822383.bdinstall.bin
2017-11-04 21:06 - 2017-11-04 21:06 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2017-11-04 20:52 - 2017-11-04 20:52 - 000285798 _____ C:\ProgramData\1509821187.bdinstall.bin
2017-11-04 20:52 - 2017-11-04 20:52 - 000049277 _____ C:\ProgramData\1509821498.bdinstall.bin
2017-11-04 20:52 - 2017-11-04 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 60-Second Virus Scanner
2017-11-04 20:41 - 2017-11-04 20:45 - 009932672 _____ C:\Users\Darryl\Downloads\bitdefender_online.exe
2017-10-31 19:31 - 2017-11-06 20:52 - 000065824 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2017-10-31 19:31 - 2017-11-06 19:40 - 000091576 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2017-10-31 19:31 - 2017-11-06 19:40 - 000040384 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2017-10-31 19:31 - 2017-10-31 19:31 - 000166840 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2017-10-31 19:30 - 2017-11-06 19:40 - 000221112 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2017-10-31 19:30 - 2017-10-31 19:30 - 000001980 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-31 19:30 - 2017-10-31 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-31 19:30 - 2017-10-31 19:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-31 19:30 - 2017-10-31 19:30 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-31 19:30 - 2017-10-04 13:15 - 000059904 _____ C:\windows\system32\Drivers\mbae.sys
2017-10-31 19:23 - 2017-10-31 19:27 - 071535032 _____ (Malwarebytes ) C:\Users\Darryl\Downloads\mb3-setup-1878.1878-3.2.2.2029.exe
2017-10-28 19:08 - 2017-10-28 19:08 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Sun
2017-10-28 19:08 - 2017-10-28 19:08 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Sun
2017-10-28 19:03 - 2017-10-28 19:03 - 000000000 ____D C:\Users\Administrator\Documents\Bluetooth Exchange Folder
2017-10-28 19:03 - 2017-10-28 19:03 - 000000000 ____D C:\Users\Administrator\AppData\Local\Broadcom
2017-10-23 13:39 - 2017-10-23 13:39 - 000298436 _____ C:\Users\Darryl\Downloads\doc10384620171023113911. pdf
2017-10-22 13:35 - 2017-10-22 13:35 - 000000000 ____D C:\windows\system32\Adobe
2017-10-22 13:34 - 2017-10-22 13:34 - 005838640 _____ (Adobe Systems Inc.) C:\Users\Darryl\Downloads\Shockwave_Installer_Slim .exe
2017-10-22 12:47 - 2017-10-22 12:47 - 000803328 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2017-10-22 12:47 - 2017-10-22 12:47 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2017-10-22 12:47 - 2017-10-22 12:47 - 000000000 ____D C:\windows\system32\Macromed
2017-10-22 12:47 - 2017-10-22 12:47 - 000000000 ____D C:\Users\Darryl\AppData\Roaming\Macromedia
2017-10-22 12:35 - 2017-10-22 12:44 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-10-22 12:34 - 2017-10-22 12:35 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-10-22 12:34 - 2017-10-22 12:34 - 000000000 ____D C:\Program Files\Adobe
2017-10-20 03:04 - 2017-10-20 03:04 - 000000000 ____D C:\Users\Darryl\AppData\LocalLow\Oracle
2017-10-13 19:29 - 2017-10-13 19:29 - 124059592 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe
2017-10-13 19:25 - 2017-09-13 17:13 - 004001512 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2017-10-13 19:25 - 2017-09-13 17:13 - 003945704 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-10-13 19:25 - 2017-09-13 17:13 - 000137960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-10-13 19:25 - 2017-09-13 17:13 - 000067304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-10-13 19:25 - 2017-09-13 17:10 - 001310528 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000830464 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000828928 _____ (Microsoft Corporation) C:\windows\system32\wlansvc.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000655360 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000428032 _____ (Microsoft Corporation) C:\windows\system32\wlanmsm.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000392704 _____ (Microsoft Corporation) C:\windows\system32\wlansec.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000261120 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000254464 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000223232 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000141312 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000083968 _____ (Microsoft Corporation) C:\windows\system32\wlanhlp.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000080896 _____ (Microsoft Corporation) C:\windows\system32\wlanapi.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2017-10-13 19:25 - 2017-09-13 17:09 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-10-13 19:25 - 2017-09-13 17:08 - 001062912 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-10-13 19:25 - 2017-09-13 17:08 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-10-13 19:25 - 2017-09-13 17:08 - 000644096 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2017-10-13 19:25 - 2017-09-13 17:08 - 000554496 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-10-13 19:25 - 2017-09-13 17:08 - 000082432 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-10-13 19:25 - 2017-09-13 17:08 - 000050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-10-13 19:25 - 2017-09-13 17:08 - 000038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2017-10-13 19:25 - 2017-09-13 17:08 - 000017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-10-13 19:25 - 2017-09-13 17:08 - 000006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2017-10-13 19:25 - 2017-09-13 16:53 - 000271360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nwifi.sys
2017-10-13 19:25 - 2017-09-13 16:50 - 000097792 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-10-13 19:25 - 2017-09-13 16:50 - 000050688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2017-10-13 19:25 - 2017-09-13 16:50 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-10-13 19:25 - 2017-09-13 16:50 - 000029696 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-10-13 19:25 - 2017-09-13 16:50 - 000016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-10-13 19:25 - 2017-09-13 16:48 - 000262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2017-10-13 19:25 - 2017-09-13 16:46 - 000226304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-10-13 19:25 - 2017-09-13 16:46 - 000124416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-10-13 19:25 - 2017-09-13 16:46 - 000098304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-10-13 19:25 - 2017-09-13 16:46 - 000069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2017-10-13 19:25 - 2017-09-13 16:46 - 000036352 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-10-13 19:25 - 2017-09-13 16:46 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-10-13 19:25 - 2017-09-13 16:46 - 000015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-10-13 19:25 - 2017-09-09 01:47 - 000347344 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-10-13 19:25 - 2017-09-08 17:14 - 001213672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2017-10-13 19:25 - 2017-09-08 17:10 - 001549824 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2017-10-13 19:25 - 2017-09-08 17:10 - 001363968 _____ (Microsoft Corporation) C:\windows\system32\Query.dll
2017-10-13 19:25 - 2017-09-08 17:10 - 000109568 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2017-10-13 19:25 - 2017-09-08 17:09 - 001400320 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2017-10-13 19:25 - 2017-09-08 17:09 - 000666624 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2017-10-13 19:25 - 2017-09-08 17:09 - 000337408 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2017-10-13 19:25 - 2017-09-08 17:09 - 000306688 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2017-10-13 19:25 - 2017-09-08 17:09 - 000197120 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2017-10-13 19:25 - 2017-09-08 17:09 - 000104448 _____ (Microsoft Corporation) C:\windows\system32\mssitlb.dll
2017-10-13 19:25 - 2017-09-08 17:09 - 000059392 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2017-10-13 19:25 - 2017-09-08 17:09 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
2017-10-13 19:25 - 2017-09-08 17:00 - 000427520 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2017-10-13 19:25 - 2017-09-08 17:00 - 000164352 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2017-10-13 19:25 - 2017-09-08 16:59 - 000086528 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2017-10-13 19:25 - 2017-09-08 16:59 - 000009728 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll
2017-10-13 19:25 - 2017-09-08 16:50 - 002402304 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-10-13 19:25 - 2017-09-08 16:20 - 000640512 _____ (Microsoft Corporation) C:\windows\system32\mswstr10.dll
2017-10-13 19:25 - 2017-09-08 16:20 - 000345088 _____ (Microsoft Corporation) C:\windows\system32\msexcl40.dll
2017-10-13 19:25 - 2017-09-08 16:20 - 000008704 _____ (Microsoft Corporation) C:\windows\system32\msjint40.dll
2017-10-13 19:25 - 2017-09-07 21:27 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-10-13 19:25 - 2017-09-07 21:26 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-10-13 19:25 - 2017-09-07 21:11 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-10-13 19:25 - 2017-09-07 21:10 - 000499200 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-10-13 19:25 - 2017-09-07 21:10 - 000341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-10-13 19:25 - 2017-09-07 21:10 - 000047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-10-13 19:25 - 2017-09-07 21:09 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-10-13 19:25 - 2017-09-07 21:04 - 020267008 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-10-13 19:25 - 2017-09-07 21:03 - 002292736 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-10-13 19:25 - 2017-09-07 21:03 - 000047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-10-13 19:25 - 2017-09-07 21:02 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-10-13 19:25 - 2017-09-07 20:59 - 000476160 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-10-13 19:25 - 2017-09-07 20:58 - 000663040 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-10-13 19:25 - 2017-09-07 20:58 - 000620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-10-13 19:25 - 2017-09-07 20:58 - 000115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-10-13 19:25 - 2017-09-07 20:58 - 000104960 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-10-13 19:25 - 2017-09-07 20:52 - 000667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-10-13 19:25 - 2017-09-07 20:49 - 000416256 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-10-13 19:25 - 2017-09-07 20:44 - 000073216 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2017-10-13 19:25 - 2017-09-07 20:44 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-10-13 19:25 - 2017-09-07 20:43 - 000091136 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-10-13 19:25 - 2017-09-07 20:40 - 000168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-10-13 19:25 - 2017-09-07 20:39 - 000076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-10-13 19:25 - 2017-09-07 20:37 - 000279040 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-10-13 19:25 - 2017-09-07 20:36 - 000130048 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-10-13 19:25 - 2017-09-07 20:29 - 004547072 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-10-13 19:25 - 2017-09-07 20:29 - 000230400 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-10-13 19:25 - 2017-09-07 20:26 - 000694784 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-10-13 19:25 - 2017-09-07 20:26 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-10-13 19:25 - 2017-09-07 20:25 - 002058752 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-10-13 19:25 - 2017-09-07 20:25 - 001155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-10-13 19:25 - 2017-09-07 20:17 - 013677568 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-10-13 19:25 - 2017-09-07 20:01 - 002767872 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-10-13 19:25 - 2017-09-07 19:57 - 001316864 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-10-13 19:25 - 2017-09-07 19:57 - 000710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-10-13 19:25 - 2017-09-07 17:12 - 002755072 _____ (Microsoft Corporation) C:\windows\system32\themeui.dll
2017-10-13 19:25 - 2017-09-07 16:48 - 000313856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2017-10-13 19:25 - 2017-09-07 16:48 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2017-10-13 19:25 - 2017-09-07 16:48 - 000115712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2017-10-08 13:35 - 2017-10-13 20:13 - 000000000 ____D C:\Users\Darryl\AppData\Local\ESET
2017-10-08 13:33 - 2017-10-08 13:35 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Darryl\Downloads\esetonlinescanner_enu.ex e
2017-10-08 12:15 - 2017-10-08 12:15 - 000000000 ____D C:\Users\Darryl\Downloads\RevoUninstaller_Portable
2017-10-07 11:45 - 2017-10-07 11:45 - 000000385 _____ C:\Users\Administrator\AppData\Roaminguser_gensett .xml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-06 21:44 - 2017-09-09 17:31 - 000000000 ____D C:\FRST
2017-11-06 21:43 - 2017-09-09 17:28 - 001799680 _____ (Farbar) C:\Users\Darryl\Desktop\FRST.exe
2017-11-06 20:35 - 2017-09-26 22:39 - 000024688 _____ C:\windows\system32\Drivers\TrueSight.sys
2017-11-06 20:33 - 2017-09-26 22:35 - 000000961 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-11-06 20:33 - 2017-09-26 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-11-06 20:33 - 2017-09-26 22:35 - 000000000 ____D C:\Program Files\RogueKiller
2017-11-06 20:29 - 2009-07-14 06:34 - 000014512 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-06 20:29 - 2009-07-14 06:34 - 000014512 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-06 20:18 - 2009-07-26 22:06 - 000781790 _____ C:\windows\system32\PerfStringBackup.INI
2017-11-06 20:18 - 2009-07-14 04:37 - 000000000 ____D C:\windows\inf
2017-11-06 19:39 - 2017-10-03 09:57 - 000000000 ____D C:\Program Files\Bitdefender
2017-11-06 19:39 - 2017-10-02 11:36 - 000000000 ____D C:\ProgramData\Bitdefender
2017-11-06 19:39 - 2009-07-14 06:53 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-11-06 18:05 - 2017-07-16 19:28 - 000000000 ____D C:\Users\Darryl\AppData\Roaming\Skype
2017-11-04 20:51 - 2017-10-03 09:57 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2017-11-04 20:48 - 2017-07-16 00:36 - 000064034 _____ C:\bdlog.txt
2017-11-04 00:58 - 2017-09-27 23:22 - 000000000 ____D C:\Users\Darryl\AppData\Roaming\vlc
2017-11-01 01:42 - 2009-07-14 06:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-10-27 20:35 - 2009-07-14 04:37 - 000000000 ____D C:\windows\system32\NDF
2017-10-24 21:19 - 2009-07-14 04:37 - 000000000 ____D C:\windows\ModemLogs
2017-10-24 21:17 - 2017-07-31 19:40 - 000000000 ____D C:\Program Files\MTN Online
2017-10-22 12:48 - 2017-07-15 19:45 - 000000000 ____D C:\Users\Darryl\AppData\Local\Adobe
2017-10-22 12:42 - 2017-08-30 23:48 - 000000000 ____D C:\Users\Darryl\AppData\Local\CrashDumps
2017-10-22 12:41 - 2011-04-06 04:29 - 000000000 ____D C:\ProgramData\Adobe
2017-10-22 12:40 - 2017-08-11 14:08 - 000000000 ____D C:\Users\Darryl\AppData\LocalLow\Adobe
2017-10-22 12:40 - 2017-07-14 10:48 - 000000000 ____D C:\Users\Darryl\AppData\Roaming\Adobe
2017-10-15 16:18 - 2017-10-01 14:04 - 000000000 ____D C:\Users\Darryl\Desktop\LaunchContinuuum
2017-10-15 14:42 - 2009-07-14 04:37 - 000000000 ____D C:\windows\rescache
2017-10-13 20:14 - 2009-07-14 06:33 - 000298384 _____ C:\windows\system32\FNTCACHE.DAT
2017-10-13 19:40 - 2017-07-14 10:41 - 000000000 ____D C:\windows\system32\MRT
2017-10-13 19:28 - 2017-07-14 10:41 - 124059592 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-10-08 16:39 - 2017-08-05 16:26 - 000001148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-10-08 16:39 - 2017-08-05 16:26 - 000001136 _____ C:\Users\Public\Desktop\paint.net.lnk
2017-10-08 16:39 - 2017-08-05 16:25 - 000000000 ____D C:\Program Files\paint.net

==================== Files in the root of some directories =======

2017-11-04 20:52 - 2017-11-04 20:52 - 000285798 _____ () C:\ProgramData\1509821187.bdinstall.bin
2017-11-04 20:52 - 2017-11-04 20:52 - 000049277 _____ () C:\ProgramData\1509821498.bdinstall.bin
2017-11-04 21:06 - 2017-11-04 21:06 - 000047570 _____ () C:\ProgramData\agent.1509822383.bdinstall.bin
2017-11-04 21:17 - 2017-11-04 21:17 - 000030295 _____ () C:\ProgramData\agent.update.1509823025.bdinstall.b in

Some files in TEMP:
====================
2017-11-06 20:34 - 2017-09-13 17:10 - 001310528 _____ (Microsoft Corporation) C:\Users\Darryl\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-31 21:54

==================== End of FRST.txt ============================
  #63  
Old November 6th, 2017, 09:23 PM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
Frst wasn't thought of so 2 of 4. 3) Fixlog, 4) Addition...
Fix result of Farbar Recovery Scan Tool (x86) Version: 02-11-2017 02
Ran by Darryl (06-11-2017 22:05:04) Run:5
Running from C:\Users\Darryl\Desktop
Loaded Profiles: Darryl (Available Profiles: Darryl & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
netsh advfirewall reset
netsh int ip reset c: \ resetlog.txt
netsh int ipv6 reset
netsh winsock reset
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************

netsh advfirewall reset => Error: No automatic fix found for this entry.
netsh int ip reset c: \ resetlog.txt => Error: No automatic fix found for this entry.
netsh int ipv6 reset => Error: No automatic fix found for this entry.
netsh winsock reset => Error: No automatic fix found for this entry.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24318066 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 3387659 B
Edge => 0 B
Chrome => 142252750 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 6558 B
Darryl => 215572209 B
Administrator => 0 B

RecycleBin => 332248 B
EmptyTemp: => 376 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:05:10 ====
  #64  
Old November 6th, 2017, 09:24 PM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
4) Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2017 02
Ran by Darryl (06-11-2017 21:45:40)
Running from C:\Users\Darryl\Desktop
Microsoft Windows 7 Home Basic Service Pack 1 (X86) (2017-07-14 08:09:26)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-917511795-3256536166-560280740-500 - Administrator - Enabled) => C:\Users\Administrator
Darryl (S-1-5-21-917511795-3256536166-560280740-1000 - Administrator - Enabled) => C:\Users\Darryl
Guest (S-1-5-21-917511795-3256536166-560280740-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
BatteryLifeExtender (HKLM\...\{E308B555-8434-4AF8-B66F-729897C75F93}) (Version: 1.0.6 - Samsung)
Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung)
ETDWare PS/2-X86 8.0.7.0_WHQL (HKLM\...\Elantech) (Version: 8.0.7.0 - ELAN Microelectronic Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HSPA USB Modem (HKLM\...\HSPA USB Modem) (Version: 1.0.0.1 - HSPA USB Modem)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2302 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
K-Lite Codec Pack 12.2.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 12.2.5 - KLCP)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.24.27.3 - Marvell)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.25.00.03 - Huawei Technologies Co.,Ltd)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MTN Online (HKLM\...\MTN Online_is1) (Version: - TCT Mobile Limited)
OpenOffice 4.1.3 (HKLM\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141666}) (Version: 4.0.19 - dotPDN LLC)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6176 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.17.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.17.0 - Adlice Software)
Samsung AnyWeb Print (HKLM\...\{1DF9729D-2A51-4CA1-B4CE-2B432D7ABA7C}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
Samsung AnyWeb Print (HKLM\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.19.0 - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.6 - Samsung)
Samsung Support Center (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.24 - Samsung)
Samsung Universal Print Driver (HKLM\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Skype™ 7.39 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6200 - Broadcom Corporation)
Xvid Plus Codec Pack (HKLM\...\Xvid Plus Codec Pack) (Version: 1.00 - Xvid Plus Codec Pack)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02626086-B4DC-4B5F-A57A-E67C95226B3B} - C:\Windows\System32\Tasks\EasySpeedUpManager => Command(1): "%programfiles%\Samsung\EasySpeedUpManager\EasySpe edUpManager2.exe" -> /s
Task: {02626086-B4DC-4B5F-A57A-E67C95226B3B} - C:\Windows\System32\Tasks\EasySpeedUpManager => Command(2): C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManage r.exe [2010-02-10] (Samsung Electronics Co., Ltd.)
Task: {03CA8E0E-C161-4313-ABF0-B7F9A0381EA1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-20] (Adobe Systems Incorporated)
Task: {0506265F-CCE6-4722-86A0-3EB2217B40C3} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-02-07] (SAMSUNG Electronics)
Task: {3276D76B-0957-4260-B5FA-981D96F9B17B} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-08-09] (Samsung Electronics Co., Ltd.)
Task: {4B98D1BE-12F8-4658-B596-0D4AC83403F2} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-06-21] (Bitdefender)
Task: {6B2B613C-02AF-49C9-B3CF-13C98432B417} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {6EC0F541-9061-4D48-BC4E-B7CE6F94EFBF} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExten der.exe [2010-08-12] (Samsung Electronics. Co. Ltd.)
Task: {AE2EF44D-5E1A-445C-BE28-EE49DD6B727F} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {B30CFFD6-C26F-494D-BD5E-1B88135D6667} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.e xe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {B5CB4607-8B4C-4A45-8D4A-475764C3454F} - System32\Tasks\{429FD52C-A832-4207-8A7E-20E682FD8515} => C:\windows\system32\pcalua.exe -a G:\setup.exe -d G:\
Task: {CFCFCB43-8880-49B7-9683-4DD6AE0F8056} - System32\Tasks\advSRS5 => C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-07-27] (SEC)
Task: {DB0B9A2A-1D5A-4BFD-8EA1-703BEB197FD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-07-14] (Google Inc.)
Task: {DF6907F2-A9D6-4E5B-837A-1829D5A652CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-07-14] (Google Inc.)
Task: {E1808027-8070-4E55-99F2-128F1F02B1D1} - System32\Tasks\{CC1C8BBB-550A-4CA1-953C-5D21EA5C48EF} => "c:\program files\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.38.0.101/en/abandoninstall?source=lightinstaller&page=tsInstal l
Task: {F1E9C86E-89DF-431F-8E6D-CE7E33D9F6AC} - System32\Tasks\{E61BA67E-CE31-4A16-83FA-96992D5CDF35} => C:\windows\system32\pcalua.exe -a "C:\Program Files\revouninstaller-portable\Revouninstaller.exe" -d "C:\Program Files\revouninstaller-portable"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2011-04-06 04:32 - 2008-06-05 01:53 - 000026624 _____ () C:\windows\System32\spd__l.dll
2017-07-31 19:40 - 2015-12-15 15:02 - 000574464 _____ () C:\Program Files\MTN Online\ApplicationController.exe
2017-07-31 19:40 - 2016-02-01 11:11 - 000011362 _____ () C:\Program Files\MTN Online\mingwm10.dll
2017-07-31 19:40 - 2016-02-01 11:11 - 000043008 _____ () C:\Program Files\MTN Online\libgcc_s_dw2-1.dll
2017-07-31 19:40 - 2016-02-01 11:11 - 002537472 _____ () C:\Program Files\MTN Online\QtCore4.dll
2017-07-31 19:40 - 2015-12-15 14:58 - 001054208 _____ () C:\Program Files\MTN Online\Common.dll
2017-07-31 19:40 - 2016-02-01 11:11 - 009814016 _____ () C:\Program Files\MTN Online\QtGui4.dll
2017-07-31 19:40 - 2016-02-01 11:11 - 001140224 _____ () C:\Program Files\MTN Online\QtNetwork4.dll
2017-08-12 20:55 - 2014-02-15 08:59 - 000239184 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2017-10-31 19:30 - 2017-10-04 13:15 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-31 19:30 - 2017-10-04 13:15 - 001798608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-08-22 21:12 - 2013-12-06 11:01 - 000045056 _____ () C:\Program Files\HSPA USB Modem\Driver\DevMon.exe
2011-04-06 04:33 - 2010-06-08 05:15 - 000618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2011-04-06 04:30 - 2006-08-12 05:48 - 000049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2011-04-06 04:33 - 2010-05-07 16:22 - 001636864 _____ () C:\Program Files\Samsung\Samsung Recovery Solution 5\Resdll.dll
2017-08-22 21:12 - 2014-03-10 10:16 - 002088960 _____ () C:\Program Files\HSPA USB Modem\HSPA USB Modem.exe
2017-08-22 21:12 - 2014-01-13 11:45 - 004620288 _____ () C:\Program Files\HSPA USB Modem\lang\Common_DataCrad.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Darryl\Downloads\bitdefender_online.exe:B DU [0]
AlternateDataStreams: C:\Users\Darryl\Downloads\mb3-setup-1878.1878-3.2.2.2029.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2017-10-02 09:25 - 000000035 _____ C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-917511795-3256536166-560280740-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Darryl\AppData\Roaming\Microsoft\Windows\ Themes\TranscodedWallpaper.jpg
DNS Servers: 41.50.20.61 - 41.50.20.29
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B807B4BA-1DC9-44A5-8946-253559FA7C16}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1A7B83C8-FAA8-4462-BB18-27F84A9956A0}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{A65094D5-6822-498D-A50A-62CDE3A085D2}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{FB4CB921-5CB8-40F4-8A39-49E0FD3E0431}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
FirewallRules: [{82E94864-FD48-407D-99FD-5B0C81E50127}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{A4AB4B86-2FB3-4BF0-A734-EA6096C38F36}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-10-2017 15:22:24 Scheduled Checkpoint
22-10-2017 13:53:22 Restore Point Created by FRST
31-10-2017 22:01:41 Scheduled Checkpoint
01-11-2017 01:39:51 Restore Point Created by FRST
04-11-2017 20:45:47 Revo Uninstaller's restore point - Bitdefender Total Security 2015
04-11-2017 20:59:47 Revo Uninstaller's restore point - Bitdefender Agent
04-11-2017 21:04:19 Revo Uninstaller's restore point - Bitdefender Agent

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2017 08:21:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KSt artMem.exe.Manifest".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture=" amd64",publicKeyToken="6595b64144ccf1df",type="win 32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/06/2017 08:21:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture=" amd64",publicKeyToken="6595b64144ccf1df",type="win 32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/06/2017 08:19:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\samsung\easy display manager\RunGfxUI64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture=" amd64",publicKeyToken="6595b64144ccf1df",type="win 32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/06/2017 08:19:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\hspa usb modem\driver\win64\DPInst.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture=" amd64",publicKeyToken="6595b64144ccf1df",type="win 32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/06/2017 07:37:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 61.0.3163.100 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fa0

Start Time: 01d3571918dc15a4

Termination Time: 0

Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Report Id: ea7e9941-c317-11e7-97b8-90a4de6a0dc0

Error: (11/06/2017 09:37:53 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={E04FB62D-8A96-47D0-8904-A9FF47DB98F8}: The user WIZARDS-PC\Darryl dialed a connection named Cell-C which has failed. The error code returned on failure is 797.

Error: (11/05/2017 07:09:43 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={9A13CE5D-A95F-4CC6-B7EA-ABDAF62DB89F}: The user WIZARDS-PC\Darryl dialed a connection named Cell-C which has failed. The error code returned on failure is 0.

Error: (11/05/2017 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (11/04/2017 09:04:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary bdselfpr.

System Error:
The system cannot find the file specified.
.

Error: (11/04/2017 08:59:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary bdselfpr.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (11/06/2017 07:37:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {51FA2736-5DEE-11D4-98E8-006008BF430C} did not register with DCOM within the required timeout.

Error: (11/06/2017 09:37:53 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR41.

Error: (11/04/2017 09:03:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ProductAgentService service terminated unexpectedly. It has done this 1 time(s).

Error: (11/04/2017 08:48:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).

Error: (11/01/2017 01:46:00 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\bcmihvsrv.dll

Error: (11/01/2017 01:46:00 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\bcmihvsrv.dll

Error: (11/01/2017 01:45:50 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vsserv service.

Error: (11/01/2017 01:45:16 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\bcmihvsrv.dll

Error: (11/01/2017 01:41:08 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (11/01/2017 01:40:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: Celeron(R) Dual-Core CPU T3500 @ 2.10GHz
Percentage of memory in use: 48%
Total physical RAM: 2008.61 MB
Available physical RAM: 1036.51 MB
Total Virtual: 2727.61 MB
Available Virtual: 1405.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:114 GB) (Free:80.49 GB) NTFS
Drive d: () (Fixed) (Total:168.77 GB) (Free:124.21 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 298.1 GB) (Disk ID: 29AB717C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=114 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=168.8 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15.2 GB) - (Type=27)

==================== End of Addition.txt ============================
  #65  
Old November 6th, 2017, 09:27 PM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
4) Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2017 02
Ran by Darryl (06-11-2017 21:45:40)
Running from C:\Users\Darryl\Desktop
Microsoft Windows 7 Home Basic Service Pack 1 (X86) (2017-07-14 08:09:26)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-917511795-3256536166-560280740-500 - Administrator - Enabled) => C:\Users\Administrator
Darryl (S-1-5-21-917511795-3256536166-560280740-1000 - Administrator - Enabled) => C:\Users\Darryl
Guest (S-1-5-21-917511795-3256536166-560280740-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
BatteryLifeExtender (HKLM\...\{E308B555-8434-4AF8-B66F-729897C75F93}) (Version: 1.0.6 - Samsung)
Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung)
ETDWare PS/2-X86 8.0.7.0_WHQL (HKLM\...\Elantech) (Version: 8.0.7.0 - ELAN Microelectronic Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HSPA USB Modem (HKLM\...\HSPA USB Modem) (Version: 1.0.0.1 - HSPA USB Modem)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2302 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
K-Lite Codec Pack 12.2.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 12.2.5 - KLCP)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.24.27.3 - Marvell)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.25.00.03 - Huawei Technologies Co.,Ltd)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MTN Online (HKLM\...\MTN Online_is1) (Version: - TCT Mobile Limited)
OpenOffice 4.1.3 (HKLM\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141666}) (Version: 4.0.19 - dotPDN LLC)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6176 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.17.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.17.0 - Adlice Software)
Samsung AnyWeb Print (HKLM\...\{1DF9729D-2A51-4CA1-B4CE-2B432D7ABA7C}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
Samsung AnyWeb Print (HKLM\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.19.0 - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.6 - Samsung)
Samsung Support Center (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.24 - Samsung)
Samsung Universal Print Driver (HKLM\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Skype™ 7.39 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6200 - Broadcom Corporation)
Xvid Plus Codec Pack (HKLM\...\Xvid Plus Codec Pack) (Version: 1.00 - Xvid Plus Codec Pack)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-917511795-3256536166-560280740-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02626086-B4DC-4B5F-A57A-E67C95226B3B} - C:\Windows\System32\Tasks\EasySpeedUpManager => Command(1): "%programfiles%\Samsung\EasySpeedUpManager\EasySpe edUpManager2.exe" -> /s
Task: {02626086-B4DC-4B5F-A57A-E67C95226B3B} - C:\Windows\System32\Tasks\EasySpeedUpManager => Command(2): C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManage r.exe [2010-02-10] (Samsung Electronics Co., Ltd.)
Task: {03CA8E0E-C161-4313-ABF0-B7F9A0381EA1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-20] (Adobe Systems Incorporated)
Task: {0506265F-CCE6-4722-86A0-3EB2217B40C3} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-02-07] (SAMSUNG Electronics)
Task: {3276D76B-0957-4260-B5FA-981D96F9B17B} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-08-09] (Samsung Electronics Co., Ltd.)
Task: {4B98D1BE-12F8-4658-B596-0D4AC83403F2} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-06-21] (Bitdefender)
Task: {6B2B613C-02AF-49C9-B3CF-13C98432B417} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {6EC0F541-9061-4D48-BC4E-B7CE6F94EFBF} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExten der.exe [2010-08-12] (Samsung Electronics. Co. Ltd.)
Task: {AE2EF44D-5E1A-445C-BE28-EE49DD6B727F} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {B30CFFD6-C26F-494D-BD5E-1B88135D6667} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.e xe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {B5CB4607-8B4C-4A45-8D4A-475764C3454F} - System32\Tasks\{429FD52C-A832-4207-8A7E-20E682FD8515} => C:\windows\system32\pcalua.exe -a G:\setup.exe -d G:\
Task: {CFCFCB43-8880-49B7-9683-4DD6AE0F8056} - System32\Tasks\advSRS5 => C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-07-27] (SEC)
Task: {DB0B9A2A-1D5A-4BFD-8EA1-703BEB197FD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-07-14] (Google Inc.)
Task: {DF6907F2-A9D6-4E5B-837A-1829D5A652CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-07-14] (Google Inc.)
Task: {E1808027-8070-4E55-99F2-128F1F02B1D1} - System32\Tasks\{CC1C8BBB-550A-4CA1-953C-5D21EA5C48EF} => "c:\program files\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.38.0.101/en/abandoninstall?source=lightinstaller&page=tsInstal l
Task: {F1E9C86E-89DF-431F-8E6D-CE7E33D9F6AC} - System32\Tasks\{E61BA67E-CE31-4A16-83FA-96992D5CDF35} => C:\windows\system32\pcalua.exe -a "C:\Program Files\revouninstaller-portable\Revouninstaller.exe" -d "C:\Program Files\revouninstaller-portable"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2011-04-06 04:32 - 2008-06-05 01:53 - 000026624 _____ () C:\windows\System32\spd__l.dll
2017-07-31 19:40 - 2015-12-15 15:02 - 000574464 _____ () C:\Program Files\MTN Online\ApplicationController.exe
2017-07-31 19:40 - 2016-02-01 11:11 - 000011362 _____ () C:\Program Files\MTN Online\mingwm10.dll
2017-07-31 19:40 - 2016-02-01 11:11 - 000043008 _____ () C:\Program Files\MTN Online\libgcc_s_dw2-1.dll
2017-07-31 19:40 - 2016-02-01 11:11 - 002537472 _____ () C:\Program Files\MTN Online\QtCore4.dll
2017-07-31 19:40 - 2015-12-15 14:58 - 001054208 _____ () C:\Program Files\MTN Online\Common.dll
2017-07-31 19:40 - 2016-02-01 11:11 - 009814016 _____ () C:\Program Files\MTN Online\QtGui4.dll
2017-07-31 19:40 - 2016-02-01 11:11 - 001140224 _____ () C:\Program Files\MTN Online\QtNetwork4.dll
2017-08-12 20:55 - 2014-02-15 08:59 - 000239184 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2017-10-31 19:30 - 2017-10-04 13:15 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-31 19:30 - 2017-10-04 13:15 - 001798608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-08-22 21:12 - 2013-12-06 11:01 - 000045056 _____ () C:\Program Files\HSPA USB Modem\Driver\DevMon.exe
2011-04-06 04:33 - 2010-06-08 05:15 - 000618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2011-04-06 04:30 - 2006-08-12 05:48 - 000049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2011-04-06 04:33 - 2010-05-07 16:22 - 001636864 _____ () C:\Program Files\Samsung\Samsung Recovery Solution 5\Resdll.dll
2017-08-22 21:12 - 2014-03-10 10:16 - 002088960 _____ () C:\Program Files\HSPA USB Modem\HSPA USB Modem.exe
2017-08-22 21:12 - 2014-01-13 11:45 - 004620288 _____ () C:\Program Files\HSPA USB Modem\lang\Common_DataCrad.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Darryl\Downloads\bitdefender_online.exe:B DU [0]
AlternateDataStreams: C:\Users\Darryl\Downloads\mb3-setup-1878.1878-3.2.2.2029.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2017-10-02 09:25 - 000000035 _____ C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-917511795-3256536166-560280740-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Darryl\AppData\Roaming\Microsoft\Windows\ Themes\TranscodedWallpaper.jpg
DNS Servers: 41.50.20.61 - 41.50.20.29
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B807B4BA-1DC9-44A5-8946-253559FA7C16}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1A7B83C8-FAA8-4462-BB18-27F84A9956A0}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{A65094D5-6822-498D-A50A-62CDE3A085D2}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{FB4CB921-5CB8-40F4-8A39-49E0FD3E0431}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
FirewallRules: [{82E94864-FD48-407D-99FD-5B0C81E50127}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{A4AB4B86-2FB3-4BF0-A734-EA6096C38F36}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-10-2017 15:22:24 Scheduled Checkpoint
22-10-2017 13:53:22 Restore Point Created by FRST
31-10-2017 22:01:41 Scheduled Checkpoint
01-11-2017 01:39:51 Restore Point Created by FRST
04-11-2017 20:45:47 Revo Uninstaller's restore point - Bitdefender Total Security 2015
04-11-2017 20:59:47 Revo Uninstaller's restore point - Bitdefender Agent
04-11-2017 21:04:19 Revo Uninstaller's restore point - Bitdefender Agent

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2017 08:21:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KSt artMem.exe.Manifest".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64 ",publicKeyToken="6595b64144ccf1df",type="win32",v ersion="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/06/2017 08:21:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64 ",publicKeyToken="6595b64144ccf1df",type="win32",v ersion="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/06/2017 08:19:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\samsung\easy display manager\RunGfxUI64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64 ",publicKeyToken="6595b64144ccf1df",type="win32",v ersion="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/06/2017 08:19:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\hspa usb modem\driver\win64\DPInst.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64 ",publicKeyToken="6595b64144ccf1df",type="win32",v ersion="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/06/2017 07:37:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 61.0.3163.100 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fa0

Start Time: 01d3571918dc15a4

Termination Time: 0

Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Report Id: ea7e9941-c317-11e7-97b8-90a4de6a0dc0

Error: (11/06/2017 09:37:53 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={E04FB62D-8A96-47D0-8904-A9FF47DB98F8}: The user WIZARDS-PC\Darryl dialed a connection named Cell-C which has failed. The error code returned on failure is 797.

Error: (11/05/2017 07:09:43 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={9A13CE5D-A95F-4CC6-B7EA-ABDAF62DB89F}: The user WIZARDS-PC\Darryl dialed a connection named Cell-C which has failed. The error code returned on failure is 0.

Error: (11/05/2017 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (11/04/2017 09:04:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary bdselfpr.

System Error:
The system cannot find the file specified.
.

Error: (11/04/2017 08:59:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary bdselfpr.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (11/06/2017 07:37:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {51FA2736-5DEE-11D4-98E8-006008BF430C} did not register with DCOM within the required timeout.

Error: (11/06/2017 09:37:53 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR41.

Error: (11/04/2017 09:03:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ProductAgentService service terminated unexpectedly. It has done this 1 time(s).

Error: (11/04/2017 08:48:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).

Error: (11/01/2017 01:46:00 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\bcmihvsrv.dll

Error: (11/01/2017 01:46:00 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\bcmihvsrv.dll

Error: (11/01/2017 01:45:50 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vsserv service.

Error: (11/01/2017 01:45:16 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\bcmihvsrv.dll

Error: (11/01/2017 01:41:08 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (11/01/2017 01:40:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: Celeron(R) Dual-Core CPU T3500 @ 2.10GHz
Percentage of memory in use: 48%
Total physical RAM: 2008.61 MB
Available physical RAM: 1036.51 MB
Total Virtual: 2727.61 MB
Available Virtual: 1405.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:114 GB) (Free:80.49 GB) NTFS
Drive d: () (Fixed) (Total:168.77 GB) (Free:124.21 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 298.1 GB) (Disk ID: 29AB717C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=114 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=168.8 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15.2 GB) - (Type=27)

==================== End of Addition.txt ============================
  #66  
Old November 6th, 2017, 09:28 PM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
That's it for tonight mate. I pray that your 'Admin' advice is going to solve the Groups intrusion & get rid of Paki's Hack AdminS. Thanks once again.
  #67  
Old November 7th, 2017, 03:32 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
Quote:
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces\{61B8ADB1-26E9-4985-80C8-84B326C30146} |NameServer : 41.50.20.61 41.50.20.29 ([South Africa][-]) -> Found
Norton safe web says this address is secure
https://safeweb.norton.com/report/sh...ww.cellc.co.za

Please look:https://myip.ms/info/whois/41.50.26....ww.cellc.co.za

If you have no interest with this address, if you want we can delete it.
=======================================
Quote:
Bitdefender\60-Second Virus Scanner
I see this program a new. Not in your previous reports. Also,you are also sending unnecessary reports. It creates confusion this. I can not help you like this.
  #68  
Old November 13th, 2017, 11:51 AM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
Hi Olgun,

Sorry for the late reply - hard week, harder weekend.

I was 200km away from that IP's location, surely the IP lookup can recognise a difference of such great distance. What do you think?

Yes BD 60 minute Scanneris new!
Quote:
you should not change the antivirus,as much as possible ..You can use free software.
Now I am confused. If you tell me to do something & I do it, why do you then question it? Must I remove the program? What then do I use? It was free. You had told me to use free. You make it sound like I am deliberately trying to make your life difficult. I am not.
Virtually every answer I send says "thank you", to show you how much your advice is so valued.

Because I had to remove Bitdefender, I ran Rougue Killer & saw that it detected 3x Warnings, so I included the RK report so that you could tell me what to do with them & mainly be aware that they were on the machine. Olgun, if I didn't tell you about them & you found I'd known for a long time & not told you - then you would have a right to be mad. Sending an additional report is not a sin, it is relevant information of a bug in the system that you need be aware of. You use this statement
Quote:
I can not help you like this.
too loosely. This is a IT Professionals warning he will stop help! Obviously, if seeing this quote is not deserved a person will get upset for being wrongly accused over something wrong if they only thought they were trying to help the IT expert. I'm just trying to offer what you need to advise me correctly on what to do. Understand, I am very grateful for your help & not trying to hide info
from you. And definitely not trying to make you mad or confused (I understand & try to accommodate you as I know English isn't your 1st language. I respect your status as a Professional & a Turk dealing in another language and again, I say thank you. If helping upsets you, I won't volunteer things in future but I don't see how this can help either you or the person with a problem.

What must I do with the PUM's?

Is there any further news from your Admins about Kakalan's e-mail? Is he a Professional at Cybertech?

I did a Junk File cleanout, disk check & Netsat check (this I'm scared to include the result, in case I do wrong again. Is the # of unlisted Ports listening, anything important? If so ask & I will send them to you.

Friend please note, I really value your input & wish to release you to help others if you are happy the Hack is out. I also am wanting to avoid having left something behind that I need come back again & to run all the tests & checks again. Many thanks.
  #69  
Old November 16th, 2017, 12:51 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
Hi Sonic Feathers,
Sorry for the delay.
Quote:
You make it sound like I am deliberately trying to make your life difficult.
I am not.
I am sorry. My intention is not to upset you. You got me wrong or i guess i didn't make myself clear.
All i want, do not send me the reports i do not want please.They are for me unnecessary and confusing. There is no other problem.
================================================== ===

Quote:
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces\{61B8ADB1-26E9-4985-80C8-84B326C30146} |NameServer : 41.50.20.61 41.50.20.29 ([South Africa][-]) -> Found
If you want, you can delete this information.
If you decide to erase it, you can run the RogueKiller again and delete this line.

I recommend, you open a new thread on the win 7 section for UAC.
They can help you better.

Have a nice day.
  #70  
Old November 17th, 2017, 05:10 PM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
Hi Olgun,

Thank you for your reply and contents. I will erase that IP then. Yes, ok I'll do so. Once that is done I think all the damage will be rectified. I take it that that is us done, so I extend my hand in extreme gratitude to you for all your help & will recommend to any others who have issues to approach Cybertech for assistance. You are blessed with a phenomenal gift & I hope it fulfills your lifes' ambitions.
  #71  
Old November 18th, 2017, 01:03 PM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
Olgun,

May I just check with you? Are the number of open ports which are Status: Listening anything of importance?

Also I came upon a screen save on a Sercom Backdoor Entry which I had saved & only found now. How I found it - I can't remember. Is it anything to worry about or that must be deleted or adjusted? As depicted below...

[IMG][/IMG]

Thanks.
  #72  
Old November 18th, 2017, 09:17 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
Quote:
You are blessed with a phenomenal gift & I hope it fulfills your lifes' ambitions.
Thank you. But, i want to say again, didn't wanna upset you

Quote:
Originally Posted by Sonic Feathers View Post
Olgun,

May I just check with you? Are the number of open ports which are Status: Listening anything of importance?

Also I came upon a screen save on a Sercom Backdoor Entry which I had saved & only found now. How I found it - I can't remember. Is it anything to worry about or that must be deleted or adjusted? As depicted below...

[IMG][/IMG]

Thanks.
Quote:
fixlist content:
*****************
Start
netsh advfirewall reset
netsh int ip reset c: \ resetlog.txt
netsh int ipv6 reset
netsh winsock reset
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************

netsh advfirewall reset => Error: No automatic fix found for this entry.
netsh int ip reset c: \ resetlog.txt => Error: No automatic fix found for this entry.
netsh int ipv6 reset => Error: No automatic fix found for this entry.
netsh winsock reset => Error: No automatic fix found for this entry.
I'm trying to help you.However, I do not see any harmful files.Some of your problems seem to be related to your settings. For all of this, other friends can help better to you.
  #73  
Old December 5th, 2017, 05:16 PM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
Hi Olgun,
My sincerest apologies, I have been swamped with work & unable to check back on Cybertech to reply.
Thank you for all your help to have cleared my system. You gave it your all & I appreciate it in the extreme. Thanks also for the above code. I will run it as you have taught me. I can get the UAC sorted myself now, I downloaded instructions from Microsoft.
I take it that we are finished here, will you close the topic as successful with a 5/5 response please?
If you do celebrate Christmas, may I take the opportunity to wish you & your family 'A merry Festive Season'. In case you are Muslim, Allah yardımcın olsun. Go well friend.
  #74  
Old December 5th, 2017, 05:21 PM
Sonic Feathers Sonic Feathers is offline
Member
 
Join Date: Sep 2017
Posts: 53
Hi, better to leave it open, so that if I can in the next while, I can use the links to donate.
  #75  
Old December 8th, 2017, 10:32 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
You're welcome. I understand. Yes,i do celebrate Christmas but i am a secular Muslim. Thank you for your good wishes.Happy new year to you and your family. God help us !

Kind regards.
Closed Topic

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 08:04 PM.