Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trying to clean infected webpage.gen2 [Solved]


  • This topic is locked This topic is locked

#1
cypher.image

cypher.image

    Member

  • Member
  • PipPip
  • 22 posts

Hello,

 

I am having trouble removing something affecting my temp folder and preventing Windows from updating.  It seems that scans will not pick up something dropping files into my temp folder that are trying to access my registry.  My antivirus, Avira, keeps detecting multiple suspicious patterns every few minutes.  Also when I try to update windows on restart it never does anything and says I still need to update.  I believe this is resulting in a slow experience and affecting my web browsing. 

Your community has been so helpful in the past and I appreciate everything you do.  I don't know what has caused this and I am asking for your help.  Thank you for your time. 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-09-2017 01
Ran by Chay Siboura (administrator) on MAEPAW-PC (28-09-2017 15:50:08)
Running from C:\Users\Chay Siboura\Desktop
Loaded Profiles: Chay Siboura (Available Profiles: Chay Siboura)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1441792 2010-06-08] (Intel® Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-07-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2010-01-11] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-459188570-3383872282-3772164316-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-459188570-3383872282-3772164316-1005\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [808448 2017-01-31] (Bitdefender)
HKU\S-1-5-21-459188570-3383872282-3772164316-1005\...\MountPoints2: {6e70bb46-7391-11e5-b1f6-002454eb65bc} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [808448 2017-01-31] (Bitdefender)
HKU\S-1-5-18\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-01-07] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2014-12-26] (Microsoft Corporation)
BootExecute: autocheck autochk * bddel.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{53F98673-296A-4427-A3DC-0005AE05CDB0}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{66E7E996-5ED6-496C-BEFD-40CFEDEE38FA}: [DhcpNameServer] 192.168.1.1
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-459188570-3383872282-3772164316-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\S-1-5-21-459188570-3383872282-3772164316-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_en
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-06-23] (Bitdefender)
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-06-23] (Bitdefender)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-09-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-20] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-06-23] (Bitdefender)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-06-23] (Bitdefender)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
Toolbar: HKU\S-1-5-21-459188570-3383872282-3772164316-1005 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
 
FireFox:
========
FF ProfilePath: C:\Users\Chay Siboura\AppData\Roaming\Mozilla\Firefox\Profiles\uzqbvdme.default [2017-09-28]
FF Homepage: Mozilla\Firefox\Profiles\uzqbvdme.default -> hxxp://www.google.com/
FF Extension: (Avira Browser Safety) - C:\Users\Chay Siboura\AppData\Roaming\Mozilla\Firefox\Profiles\uzqbvdme.default\Extensions\[email protected] [2016-09-25]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-12-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff [2017-01-31]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-09] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2011-12-06] (Nexon)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-04-19] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-04-19] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR NewTab: Default ->  Not-active:"chrome-extension://hohgmhnldfionknlilmdfobfheikniin/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://www.searchencrypt.com/encsearch?q={searchTerms}
CHR DefaultSearchKeyword: Default -> se
CHR Profile: C:\Users\Chay Siboura\AppData\Local\Google\Chrome\User Data\Default [2017-09-28]
CHR Extension: (Google Docs) - C:\Users\Chay Siboura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-21]
CHR Extension: (Google Drive) - C:\Users\Chay Siboura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-21]
CHR Extension: (YouTube) - C:\Users\Chay Siboura\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-21]
CHR Extension: (Search Encrypt) - C:\Users\Chay Siboura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfepjimmefpblmiemkioljocpmhniogl [2017-08-13]
CHR Extension: (Google Docs Offline) - C:\Users\Chay Siboura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-21]
CHR Extension: (MaptoDirections) - C:\Users\Chay Siboura\AppData\Local\Google\Chrome\User Data\Default\Extensions\hohgmhnldfionknlilmdfobfheikniin [2017-08-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chay Siboura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\Chay Siboura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-21]
CHR Extension: (Chrome Media Router) - C:\Users\Chay Siboura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-09-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-09-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-09-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-09-28] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [402768 2017-08-30] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [328880 2017-07-26] (Avira Operations GmbH & Co. KG)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-07] (Red Bend Ltd.) [File not signed]
S2 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-04] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S2 scupdate; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [157656 2016-09-25] (Avira Operations GmbH \u0026 Co. KG)
S3 scupdatem; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [157656 2016-09-25] (Avira Operations GmbH \u0026 Co. KG)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [75312 2017-09-27] (Avira Operations GmbH & Co. KG)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1577760 2017-01-31] (Bitdefender)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-07] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\windows\System32\DRIVERS\avc3.sys [1603264 2016-08-29] (BitDefender)
R3 avchv; C:\windows\System32\DRIVERS\avchv.sys [271272 2015-06-23] (BitDefender)
S3 avckf; C:\windows\System32\DRIVERS\avckf.sys [850464 2016-08-29] (BitDefender)
R0 avdevprot; C:\windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-18] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [194272 2017-09-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [151128 2017-08-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-22] (Avira Operations GmbH & Co. KG)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-21] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\windows\system32\drivers\bdsandbox.sys [82824 2015-02-21] (BitDefender SRL)
R1 BDVEDISK; C:\windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R0 gzflt; C:\windows\System32\DRIVERS\gzflt.sys [160032 2015-06-23] (BitDefender LLC)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [55232 2017-09-26] ()
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-11-09] (Windows ® 2003 DDK 3790 provider)
R0 trufos; C:\windows\System32\DRIVERS\trufos.sys [477272 2015-06-23] (BitDefender S.R.L.)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2010-01-12] (CyberLink Corp.)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S0 yptnqxf; System32\drivers\tanc.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-28 15:46 - 2017-09-28 15:51 - 000024206 _____ C:\Users\Chay Siboura\Desktop\FRST.txt
2017-09-28 15:46 - 2017-09-28 15:46 - 000000000 ____D C:\FRST
2017-09-28 15:44 - 2017-09-28 15:44 - 002399744 _____ (Farbar) C:\Users\Chay Siboura\Desktop\FRST64.exe
2017-09-28 15:15 - 2017-09-28 15:15 - 000027624 _____ C:\windows\system32\bddel.exe
2017-09-28 15:15 - 2017-09-28 15:15 - 000000818 _____ C:\windows\system32\bddel.dat
2017-09-28 11:30 - 2017-09-28 11:30 - 000000146 _____ C:\Users\Chay Siboura\Desktop\Sound - Shortcut.lnk
2017-09-28 11:07 - 2017-09-28 15:13 - 000003292 _____ C:\windows\System32\Tasks\Avira_Antivirus_Systray
2017-09-28 11:07 - 2017-09-28 11:07 - 000003122 _____ C:\windows\System32\Tasks\Avira SystrayStartTrigger
2017-09-28 11:07 - 2017-09-28 11:07 - 000001116 _____ C:\Users\Public\Desktop\Avira.lnk
2017-09-28 10:57 - 2017-09-28 10:57 - 000003662 _____ C:\windows\System32\Tasks\AviraSystemSpeedupUpdate
2017-09-28 10:55 - 2017-09-28 15:04 - 000000000 ____D C:\Users\Public\Speedup Sessions
2017-09-27 03:14 - 2017-09-27 03:14 - 000000000 ____D C:\Users\Chay Siboura\AppData\Local\ESET
2017-09-27 03:13 - 2017-09-27 03:14 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Chay Siboura\Downloads\esetonlinescanner_enu.exe
2017-09-26 03:08 - 2017-09-26 03:09 - 000055232 _____ C:\windows\system32\Drivers\hitmanpro37.sys
2017-09-26 03:06 - 2017-09-26 03:06 - 000002060 _____ C:\windows\system32\.crusader
2017-09-26 02:41 - 2017-09-26 03:06 - 000000000 ____D C:\ProgramData\HitmanPro
2017-09-26 02:41 - 2017-09-26 02:41 - 000000000 ____D C:\Program Files\HitmanPro
2017-09-26 01:24 - 2017-09-27 03:23 - 000001909 _____ C:\Users\Chay Siboura\Desktop\JRT.txt
2017-09-26 01:04 - 2017-09-27 02:26 - 000000000 ____D C:\AdwCleaner
2017-09-26 01:00 - 2017-09-26 01:04 - 011584088 _____ (SurfRight B.V.) C:\Users\Chay Siboura\Downloads\HitmanPro_x64.exe
2017-09-26 00:57 - 2017-09-26 00:57 - 001790024 _____ (Malwarebytes) C:\Users\Chay Siboura\Downloads\JRT.exe
2017-09-26 00:55 - 2017-09-26 00:57 - 008182736 _____ (Malwarebytes) C:\Users\Chay Siboura\Downloads\adwcleaner_7.0.2.1.exe
2017-09-16 00:38 - 2017-09-16 00:39 - 009826968 _____ (Piriform Ltd) C:\Users\Chay Siboura\Downloads\ccsetup534.exe
2017-09-12 23:35 - 2017-08-19 11:28 - 000197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2017-09-12 23:35 - 2017-08-19 11:10 - 000180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2017-09-12 23:35 - 2017-08-16 11:29 - 000806912 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2017-09-12 23:35 - 2017-08-16 11:10 - 000629760 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2017-09-12 23:35 - 2017-08-16 10:57 - 003224576 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-09-12 23:35 - 2017-08-15 21:10 - 000395976 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-09-12 23:35 - 2017-08-15 20:25 - 000347336 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-09-12 23:35 - 2017-08-15 11:29 - 014182400 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2017-09-12 23:35 - 2017-08-15 11:29 - 001867264 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2017-09-12 23:35 - 2017-08-15 11:10 - 012880896 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2017-09-12 23:35 - 2017-08-15 11:10 - 001499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2017-09-12 23:35 - 2017-08-15 10:06 - 015260160 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-09-12 23:35 - 2017-08-15 10:01 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2017-09-12 23:35 - 2017-08-15 10:01 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-09-12 23:35 - 2017-08-15 10:01 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-09-12 23:35 - 2017-08-15 09:58 - 013673984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-09-12 23:35 - 2017-08-14 13:35 - 003203584 _____ (Microsoft Corporation) C:\windows\system32\mmcndmgr.dll
2017-09-12 23:35 - 2017-08-14 13:35 - 002150912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmcndmgr.dll
2017-09-12 23:35 - 2017-08-14 13:35 - 000355328 _____ (Microsoft Corporation) C:\windows\system32\mmcbase.dll
2017-09-12 23:35 - 2017-08-14 13:35 - 000303104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmcbase.dll
2017-09-12 23:35 - 2017-08-14 13:35 - 000172544 _____ (Microsoft Corporation) C:\windows\SysWOW64\cic.dll
2017-09-12 23:35 - 2017-08-14 13:35 - 000131072 _____ (Microsoft Corporation) C:\windows\system32\mmcshext.dll
2017-09-12 23:35 - 2017-08-14 13:35 - 000128512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmcshext.dll
2017-09-12 23:35 - 2017-08-14 13:34 - 000211968 _____ (Microsoft Corporation) C:\windows\system32\cic.dll
2017-09-12 23:35 - 2017-08-13 17:37 - 002144256 _____ (Microsoft Corporation) C:\windows\system32\mmc.exe
2017-09-12 23:35 - 2017-08-13 17:30 - 001401344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmc.exe
2017-09-12 23:35 - 2017-08-13 14:58 - 025730560 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-09-12 23:35 - 2017-08-13 13:24 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-09-12 23:35 - 2017-08-13 13:24 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-09-12 23:35 - 2017-08-13 13:06 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-09-12 23:35 - 2017-08-13 13:05 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-09-12 23:35 - 2017-08-13 13:05 - 000417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-09-12 23:35 - 2017-08-13 13:05 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-09-12 23:35 - 2017-08-13 13:05 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-09-12 23:35 - 2017-08-13 13:04 - 002899968 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-09-12 23:35 - 2017-08-13 12:56 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-09-12 23:35 - 2017-08-13 12:55 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-09-12 23:35 - 2017-08-13 12:54 - 020269056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-09-12 23:35 - 2017-08-13 12:52 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-09-12 23:35 - 2017-08-13 12:51 - 005981696 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-09-12 23:35 - 2017-08-13 12:51 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-09-12 23:35 - 2017-08-13 12:51 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-09-12 23:35 - 2017-08-13 12:50 - 000817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-09-12 23:35 - 2017-08-13 12:50 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-09-12 23:35 - 2017-08-13 12:46 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2017-09-12 23:35 - 2017-08-13 12:41 - 000968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-09-12 23:35 - 2017-08-13 12:38 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-09-12 23:35 - 2017-08-13 12:30 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2017-09-12 23:35 - 2017-08-13 12:29 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-09-12 23:35 - 2017-08-13 12:29 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2017-09-12 23:35 - 2017-08-13 12:29 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2017-09-12 23:35 - 2017-08-13 12:29 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-09-12 23:35 - 2017-08-13 12:29 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2017-09-12 23:35 - 2017-08-13 12:28 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-09-12 23:35 - 2017-08-13 12:27 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-09-12 23:35 - 2017-08-13 12:24 - 002291200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-09-12 23:35 - 2017-08-13 12:24 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-09-12 23:35 - 2017-08-13 12:23 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-09-12 23:35 - 2017-08-13 12:22 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2017-09-12 23:35 - 2017-08-13 12:21 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2017-09-12 23:35 - 2017-08-13 12:20 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-09-12 23:35 - 2017-08-13 12:19 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2017-09-12 23:35 - 2017-08-13 12:18 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-09-12 23:35 - 2017-08-13 12:17 - 000663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-09-12 23:35 - 2017-08-13 12:17 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2017-09-12 23:35 - 2017-08-13 12:17 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2017-09-12 23:35 - 2017-08-13 12:07 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-09-12 23:35 - 2017-08-13 12:04 - 000807936 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-09-12 23:35 - 2017-08-13 12:04 - 000726528 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-09-12 23:35 - 2017-08-13 12:02 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-09-12 23:35 - 2017-08-13 12:01 - 002134528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-09-12 23:35 - 2017-08-13 12:01 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2017-09-12 23:35 - 2017-08-13 12:01 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-09-12 23:35 - 2017-08-13 12:00 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2017-09-12 23:35 - 2017-08-13 11:57 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2017-09-12 23:35 - 2017-08-13 11:53 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2017-09-12 23:35 - 2017-08-13 11:48 - 004547072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-09-12 23:35 - 2017-08-13 11:46 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-09-12 23:35 - 2017-08-13 11:44 - 000694784 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-09-12 23:35 - 2017-08-13 11:43 - 002058752 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-09-12 23:35 - 2017-08-13 11:43 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2017-09-12 23:35 - 2017-08-13 11:40 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-09-12 23:35 - 2017-08-13 11:27 - 001544704 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-09-12 23:35 - 2017-08-13 11:18 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-09-12 23:35 - 2017-08-13 11:17 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-09-12 23:35 - 2017-08-13 11:14 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-09-12 23:35 - 2017-08-13 11:13 - 001314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-09-12 23:35 - 2017-08-11 02:42 - 000631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-09-12 23:35 - 2017-08-11 02:38 - 005547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-09-12 23:35 - 2017-08-11 02:38 - 000706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-09-12 23:35 - 2017-08-11 02:38 - 000154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-09-12 23:35 - 2017-08-11 02:38 - 000095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-09-12 23:35 - 2017-08-11 02:36 - 001732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 002065408 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 001212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000757248 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000512000 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000346112 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000313856 _____ (Microsoft Corporation) C:\windows\system32\Wldap32.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000026112 _____ (Microsoft Corporation) C:\windows\system32\nsisvc.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000025600 _____ (Microsoft Corporation) C:\windows\system32\winnsi.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2017-09-12 23:35 - 2017-08-11 02:35 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\nsi.dll
2017-09-12 23:35 - 2017-08-11 02:34 - 001460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-09-12 23:35 - 2017-08-11 02:34 - 001163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2017-09-12 23:35 - 2017-08-11 02:34 - 000971776 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2017-09-12 23:35 - 2017-08-11 02:34 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2017-09-12 23:35 - 2017-08-11 02:34 - 000731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-09-12 23:35 - 2017-08-11 02:34 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-09-12 23:35 - 2017-08-11 02:34 - 000419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2017-09-12 23:35 - 2017-08-11 02:34 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-09-12 23:35 - 2017-08-11 02:34 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-09-12 23:35 - 2017-08-11 02:34 - 000166400 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2017-09-12 23:35 - 2017-08-11 02:34 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-09-12 23:35 - 2017-08-11 02:34 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-09-12 23:35 - 2017-08-11 02:34 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2017-09-12 23:35 - 2017-08-11 02:34 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-09-12 23:35 - 2017-08-11 02:34 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-09-12 23:35 - 2017-08-11 02:34 - 000022528 _____ (Microsoft Corporation) C:\windows\system32\inetppui.dll
2017-09-12 23:35 - 2017-08-11 02:34 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-09-12 23:35 - 2017-08-11 02:34 - 000008704 _____ (Microsoft Corporation) C:\windows\system32\comcat.dll
2017-09-12 23:35 - 2017-08-11 02:24 - 004001000 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2017-09-12 23:35 - 2017-08-11 02:24 - 003945704 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2017-09-12 23:35 - 2017-08-11 02:21 - 001314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2017-09-12 23:35 - 2017-08-11 02:20 - 000061952 _____ (Microsoft Corporation) C:\windows\system32\ntprint.exe
2017-09-12 23:35 - 2017-08-11 02:20 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\wpnpinst.exe
2017-09-12 23:35 - 2017-08-11 02:19 - 001417728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000299008 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000271360 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wldap32.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000016384 _____ (Microsoft Corporation) C:\windows\SysWOW64\winnsi.dll
2017-09-12 23:35 - 2017-08-11 02:19 - 000008704 _____ (Microsoft Corporation) C:\windows\SysWOW64\nsi.dll
2017-09-12 23:35 - 2017-08-11 02:12 - 000025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2017-09-12 23:35 - 2017-08-11 02:09 - 000061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.exe
2017-09-12 23:35 - 2017-08-11 02:07 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-09-12 23:35 - 2017-08-11 02:07 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2017-09-12 23:35 - 2017-08-11 02:06 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-09-12 23:35 - 2017-08-11 02:03 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2017-09-12 23:35 - 2017-08-11 02:03 - 000026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2017-09-12 23:35 - 2017-08-11 02:02 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2017-09-12 23:35 - 2017-08-11 02:00 - 000262656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2017-09-12 23:35 - 2017-08-11 02:00 - 000159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-09-12 23:35 - 2017-08-11 01:59 - 000460800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2017-09-12 23:35 - 2017-08-11 01:59 - 000405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2017-09-12 23:35 - 2017-08-11 01:59 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-09-12 23:35 - 2017-08-11 01:59 - 000168448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2017-09-12 23:35 - 2017-08-11 01:59 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-09-12 23:35 - 2017-08-11 01:58 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2017-09-12 23:35 - 2017-08-11 01:58 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-09-12 23:35 - 2017-08-11 01:58 - 000026112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nsiproxy.sys
2017-09-12 23:35 - 2017-08-11 01:55 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-09-12 23:35 - 2017-07-07 11:29 - 001143296 _____ (Microsoft Corporation) C:\windows\system32\DXPTaskRingtone.dll
2017-09-12 23:35 - 2017-07-07 11:10 - 000973312 _____ (Microsoft Corporation) C:\windows\SysWOW64\DXPTaskRingtone.dll
2017-09-12 23:34 - 2017-08-11 02:35 - 000026112 _____ (Microsoft Corporation) C:\windows\system32\oleres.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleres.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 02:07 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-09-12 23:34 - 2017-08-11 02:01 - 000007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\comcat.dll
2017-09-12 23:34 - 2017-08-11 02:00 - 000050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-09-12 23:34 - 2017-08-11 01:56 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2017-09-12 23:34 - 2017-08-11 01:56 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2017-09-12 23:34 - 2017-08-11 01:56 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2017-09-12 23:34 - 2017-08-11 01:56 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2017-09-12 23:34 - 2017-08-11 01:55 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 01:55 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 01:55 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-09-12 23:34 - 2017-08-11 01:55 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-28 15:34 - 2014-12-21 20:56 - 000000000 ____D C:\Users\Chay Siboura\AppData\Roaming\BitTorrent
2017-09-28 15:12 - 2009-07-13 23:20 - 000000000 ____D C:\windows\inf
2017-09-28 15:11 - 2009-07-14 00:45 - 000014144 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-28 15:11 - 2009-07-14 00:45 - 000014144 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-28 15:04 - 2011-12-16 00:00 - 000000000 ____D C:\Users\Chay Siboura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2017-09-28 14:59 - 2009-07-14 01:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-09-28 14:19 - 2013-06-01 11:08 - 000567863 _____ C:\bdlog.txt
2017-09-28 11:07 - 2016-09-25 15:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-09-28 11:07 - 2016-09-25 14:59 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-28 11:02 - 2016-12-09 17:22 - 000000000 ____D C:\Users\Chay Siboura\AppData\LocalLow\Mozilla
2017-09-28 10:54 - 2016-09-25 15:00 - 000000000 ____D C:\Program Files (x86)\Avira
2017-09-28 10:50 - 2016-09-25 15:09 - 000194272 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2017-09-27 01:58 - 2017-04-21 14:11 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-27 01:58 - 2017-04-21 14:11 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-27 01:56 - 2016-08-05 22:10 - 000000000 ____D C:\Program Files\CCleaner
2017-09-26 03:08 - 2011-12-16 00:00 - 000000000 ____D C:\Users\Chay Siboura
2017-09-26 01:42 - 2015-04-19 10:57 - 000192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-21 00:53 - 2009-07-13 23:20 - 000000000 ____D C:\windows\system32\NDF
2017-09-21 00:24 - 2017-04-09 18:50 - 000000000 ____D C:\Program Files (x86)\Java
2017-09-20 20:58 - 2016-09-25 15:18 - 000001040 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-09-20 08:35 - 2017-04-09 18:50 - 000000000 ____D C:\ProgramData\Oracle
2017-09-20 03:22 - 2017-04-09 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-09-20 03:21 - 2017-04-09 18:51 - 000097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2017-09-16 22:55 - 2009-07-14 01:13 - 000798844 _____ C:\windows\system32\PerfStringBackup.INI
2017-09-16 00:50 - 2016-08-05 22:10 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-15 11:58 - 2016-12-25 23:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-15 11:58 - 2012-11-04 19:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-14 13:03 - 2009-07-13 23:20 - 000000000 ____D C:\windows\rescache
2017-09-14 12:24 - 2011-01-15 02:11 - 000000000 ____D C:\windows\Minidump
2017-09-13 13:30 - 2009-07-14 00:45 - 000281184 _____ C:\windows\system32\FNTCACHE.DAT
2017-09-13 03:14 - 2015-01-02 01:33 - 000791458 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2017-09-13 01:59 - 2013-10-31 22:39 - 000803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-09-13 01:59 - 2013-10-31 22:39 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-09-13 01:59 - 2011-10-18 17:53 - 000000000 ____D C:\windows\system32\Macromed
2017-09-13 01:59 - 2011-06-09 21:41 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-13 01:59 - 2010-07-07 22:52 - 000000000 ____D C:\windows\SysWOW64\Macromed
2017-08-30 23:58 - 2016-02-06 07:49 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-30 11:54 - 2016-09-25 15:09 - 000151128 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
 
==================== Files in the root of some directories =======
 
2016-07-19 18:18 - 2016-07-19 18:18 - 000000000 _____ () C:\Users\Chay Siboura\AppData\Local\{11C0B566-2264-4740-B842-1D5CEC2F95C0}
2015-09-10 07:22 - 2015-09-10 07:22 - 000000000 _____ () C:\Users\Chay Siboura\AppData\Local\{21633B3A-C3DE-4AB8-9ADB-481F9D239DA0}
2016-01-10 22:12 - 2016-01-10 22:12 - 000000000 _____ () C:\Users\Chay Siboura\AppData\Local\{84492E86-62F7-4C90-855E-F0C93AFD8E1F}
2016-05-29 22:59 - 2016-05-29 22:59 - 000000000 _____ () C:\Users\Chay Siboura\AppData\Local\{BBC1ADB8-D07A-46B8-AD0E-0D274D26AF95}
2016-04-29 22:11 - 2016-04-29 22:11 - 000000000 _____ () C:\Users\Chay Siboura\AppData\Local\{D6E02F0C-DA57-45C8-9322-69F212D428D5}
2011-01-07 01:20 - 2011-01-07 01:20 - 000000056 ____H () C:\ProgramData\ezsidmv.dat
2010-07-07 23:01 - 2010-07-07 23:01 - 000000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-07-07 22:59 - 2010-07-07 23:00 - 000000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2010-07-07 22:55 - 2010-07-07 22:56 - 000000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-07-07 23:00 - 2010-07-07 23:01 - 000000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2010-07-07 22:54 - 2010-07-07 22:55 - 000000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-07-07 22:56 - 2010-07-07 22:59 - 000000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-20 01:06
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
Ran by Chay Siboura (28-09-2017 15:53:26)
Running from C:\Users\Chay Siboura\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-01-06 22:51:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-459188570-3383872282-3772164316-500 - Administrator - Disabled)
Chay Siboura (S-1-5-21-459188570-3383872282-3772164316-1005 - Administrator - Enabled) => C:\Users\Chay Siboura
Guest (S-1-5-21-459188570-3383872282-3772164316-501 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{1B48601D-0537-4589-9952-A8989BE8249A}) (Version: 1.2.96.16095 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{4771539a-931b-4378-8d4a-721ba62effca}) (Version: 1.2.95.14694 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.31.27 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.10.1.26323 - Avira Operations GmbH & Co. KG)
Avira Scout (HKLM-x32\...\Avira Scout) (Version: 17.6.3071.2851 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.2.0.6363 - Avira Operations GmbH & Co. KG)
BatteryLifeExtender (HKLM-x32\...\{74A579FB-EB06-497D-B194-01590D6FE51A}) (Version: 1.0.5 - Samsung)
Best Buy pc app (HKLM\...\{FBBC4667-2521-4E78-B1BD-8706F774549B}) (Version: 3.0.0.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.20.0.1429 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3226 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2511 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3604b - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3904 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3228f - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2429 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
Easimap 6 (HKLM-x32\...\{88ECA389-19EC-47C8-A0A5-7068F2407983}) (Version: 150.4 - MBE Systems)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{559D1FDB-6D5C-4EF3-8F63-5E1E93A0A244}) (Version: 4.4.1 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.11 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2141 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.0005 - Intel Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
MapleStory (HKLM-x32\...\MapleStory) (Version:  - )
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.1 - Pando Networks Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.0.2 - Samsung)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} =>  -> No File
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} =>  -> No File
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} =>  -> No File
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} =>  -> No File
ContextMenuHandlers1: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender 2015\bdfvsctx.dll [2015-06-23] (Bitdefender)
ContextMenuHandlers1: [SafeBoxContext] -> {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} =>  -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-09-28] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender 2015\bdfvsctx.dll [2015-06-23] (Bitdefender)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
ContextMenuHandlers5: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender 2015\bdfvsctx.dll [2015-06-23] (Bitdefender)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2010-06-03] (Intel Corporation)
ContextMenuHandlers5: [SafeBoxContext] -> {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} =>  -> No File
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
ContextMenuHandlers6: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender 2015\bdfvsctx.dll [2015-06-23] (Bitdefender)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [SafeBoxContext] -> {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} =>  -> No File
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-09-28] (Avira Operations GmbH & Co. KG)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {049CD6CD-2F60-40CF-BBBB-9B749A5E26C4} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-05-31] (Samsung Electronics. Co. Ltd.)
Task: {0FC7438A-0575-455D-823A-CF4236FDB841} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-28] (SAMSUNG Electronics co., LTD.)
Task: {10079767-249E-4680-A150-F85A04E30229} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2017-09-27] (Avira Operations GmbH & Co. KG)
Task: {1E20D889-4A10-42A6-9EDC-64D7C036B07F} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {28ED7DF3-2414-421E-8E53-624D280F8008} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {3DC3BECC-127A-447D-A3E6-6A612A6C4924} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-09-27] (Avira Operations GmbH & Co. KG)
Task: {43540A34-49F2-4A4D-BAD3-12BAC6D82AF7} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {45C4B0F2-4C63-4C96-8C33-35964C2FDD0E} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-18] (SEC)
Task: {6D9D7B1D-FF86-45A8-893F-81696BFD8AD8} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2017-09-28] (Avira Operations GmbH & Co. KG )
Task: {71533EC7-7F34-499F-B9EE-FCAAB3B082A2} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)
Task: {7A544432-1801-4AE8-A400-6AE821F46C30} - System32\Tasks\AviraScoutUpdateTaskMachineUA => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2016-09-25] (Avira Operations GmbH \u0026 Co. KG)
Task: {80E333CA-C2CB-4AE4-9540-A1C9F19BE44D} - System32\Tasks\AviraScoutUpdateTaskMachineCore => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2016-09-25] (Avira Operations GmbH \u0026 Co. KG)
Task: {99C4FDC5-0F28-47C5-A2C6-ABA3F4CBD376} - System32\Tasks\{B489F412-1686-4385-994B-ACC32DF9270C} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {9BE848CD-CDCF-4903-88BF-1B242A3D085A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {9C962EAB-6466-41CD-A45F-A2F0B8609BCD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {A113B886-4A12-43CD-BEF8-9B1A1A13BC5C} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {B4F57EA8-210E-47AA-A5A6-CD3F522443D4} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe [2015-06-23] (Bitdefender)
Task: {B8606766-2959-4D44-8660-437931843D0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {BC50FC77-A2F8-4147-8F96-9E322D9202F9} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2017-09-28] (Avira Operations GmbH & Co. KG)
Task: {F4CBE51F-D3C3-486D-B5F7-B0FE665B6B7A} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
Task: {FB266C2D-2564-426F-BF15-4AE070FBD79D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FFAA16DD-A29C-4169-8D95-47F6E175FC47} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-04 12:59 - 2014-08-27 17:31 - 000265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-01-04 12:59 - 2013-09-03 15:29 - 000101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-01-04 12:59 - 2014-12-17 15:34 - 000003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-01-04 12:59 - 2012-10-29 15:22 - 000152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2017-02-07 11:20 - 2017-02-07 11:21 - 001008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_020\ashttpbr.mdl
2017-02-07 11:20 - 2017-02-07 11:21 - 000541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_020\ashttpdsp.mdl
2017-02-07 11:20 - 2017-02-07 11:21 - 003243920 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_020\ashttpph.mdl
2017-02-07 11:20 - 2017-02-07 11:21 - 001544568 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02451_020\ashttprbl.mdl
2010-03-04 20:21 - 2010-03-04 20:21 - 001501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-07-07 22:59 - 2009-07-07 14:23 - 000247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-01-04 12:59 - 2013-03-25 16:16 - 001117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2017-09-27 01:58 - 2017-09-21 03:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-27 01:58 - 2017-09-21 03:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2010-07-07 23:03 - 2006-08-11 23:48 - 000049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2009-12-04 03:59 - 2009-12-04 03:59 - 000619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-12-04 04:04 - 2009-12-04 04:04 - 000013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [280]
AlternateDataStreams: C:\ProgramData\Temp:F0D7EE30 [138]
AlternateDataStreams: C:\Users\Chay Siboura\Downloads\bitdefender_isecurity.exe:BDU [0]
AlternateDataStreams: C:\Users\Chay Siboura\Downloads\bitdefender_tsecurity.exe:BDU [0]
AlternateDataStreams: C:\Users\Chay Siboura\Downloads\BitTorrent.exe:BDU [0]
AlternateDataStreams: C:\Users\Chay Siboura\Downloads\ChromeSetup(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Chay Siboura\Downloads\ChromeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Chay Siboura\Downloads\Firefox Setup Stub 39.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Chay Siboura\Downloads\JihosoftAndroidRecoveryTrial7.exe:BDU [0]
AlternateDataStreams: C:\Users\Chay Siboura\Downloads\mbam-setup-2.1.4.1018.exe:BDU [0]
AlternateDataStreams: C:\Users\Chay Siboura\Downloads\PeerBlock-Setup_v1.2_r693.exe:BDU [0]
AlternateDataStreams: C:\Users\Chay Siboura\Downloads\stellarphoenixphotorecovery.exe:BDU [0]
AlternateDataStreams: C:\Users\Chay Siboura\Downloads\TFC.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-459188570-3383872282-3772164316-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Chay Siboura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: Avira System Speedup User Starter => "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"
MSCONFIG\startupreg: Bdagent => "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
MSCONFIG\startupreg: Bitdefender Wallet Agent => "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelWireless => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Trend Micro Titanium => 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{881C08B1-3F9D-4F40-B63C-676BE1CF96C2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{D8FE88FC-43D5-4E38-824F-42A00B493390}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{F3E15459-3CF0-4FCE-A218-7A6A896FF566}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{81784A68-5D11-45EA-9F3A-03A50D5F02A1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{D817C859-BB62-45F1-A3BD-F7A1652E0AA8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6D1918A4-04E7-4168-A31C-19C9DAA60882}] => (Allow) svchost.exe
FirewallRules: [{5AE3AC06-C122-422C-9E42-1B32816D1CDA}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{90144BAA-8252-4F1D-998E-9074D6B08E3D}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{9A836E07-6C0B-4F49-8C94-D827E3115F65}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{8C628BDF-71BE-4DE3-9EFE-7357EBB78AAB}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{79C12C00-284F-48DE-80F1-627AA076EBAC}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{52FDCB71-C68D-4DE7-8C63-13425BDFB47D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{555E0B99-665D-4FD8-8862-D0B4574CFAB8}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{92882A68-5E23-434F-8C5A-B8CE375FB46D}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{A4B32677-9F52-4D05-B2DA-4AA31B75B8BC}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{13421037-05BC-4BB4-BF38-4CE087CFAE88}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{4306A315-1CF9-4203-8690-D8897C8F03D3}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{E8FC783D-AD95-4607-82A6-152F192E13A0}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{2B963C51-F093-4DFA-B2D2-4798E3801536}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{D242C56B-3FDD-4669-8DA7-558CC63FDDEC}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{B7814D38-FA47-4ABA-8C29-4F6C29E1FDF7}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{9161C5E3-CE77-4430-A033-A3DD4CBDE076}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{6F1DC00C-3E40-48E5-B4C7-60358BE48723}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{72F3F028-A170-4598-8EBF-695C214752BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{18A274BA-6B11-43F8-9FAD-043B5E9E0C05}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{51777969-A62C-4137-B392-7F4A5F5AD6F2}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{5338260E-3A62-4BBA-BD7A-29D54C90E1B8}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{CAE2416D-860B-4CD8-B157-953CD90CBAFA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DFC6EED6-DBF5-475E-AE77-FDFC3BC78A9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{54105390-D237-462E-B5D1-B4BC4855BD5D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6C7A4028-AE16-4C25-8429-E4A6CE094B4E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{80F5A06A-00F8-4223-8A0F-E07AE79D9B71}] => (Allow) C:\Program Files (x86)\Avira\Scout\Application\scout.exe
FirewallRules: [{10BE99FE-918A-44A4-8948-A9C0C2F18352}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{89CB98E9-0346-4EDD-A595-178F520CB3F8}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
 
==================== Restore Points =========================
 
27-09-2017 03:19:51 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/28/2017 03:48:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 26.9.2017.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1184
 
Start Time: 01d33892637e4cf3
 
Termination Time: 2
 
Application Path: C:\Users\Chay Siboura\Desktop\FRST64.exe
 
Report Id: e8498314-a485-11e7-a628-002454eb65bc
 
Error: (09/28/2017 03:37:39 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.
 
Error: (09/28/2017 03:16:02 PM) (Source: Avira Antivirus) (EventID: 4118) (User: NT AUTHORITY)
Description: EXCEPTION calling function IThread(AsyncRegistryThread)::run() for the file
unknown
[ACCESS_VIOLATION Exception!! EIP = 0x7213737f]
Please inform Avira and submit the appropriate file!
 
Error: (09/28/2017 03:09:58 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.
 
Error: (09/28/2017 03:04:03 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (09/28/2017 03:03:03 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (09/28/2017 01:37:40 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.
 
Error: (09/28/2017 12:37:39 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.
 
Error: (09/28/2017 11:37:43 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.
 
Error: (09/28/2017 11:28:10 AM) (Source: Avira Antivirus) (EventID: 4118) (User: NT AUTHORITY)
Description: EXCEPTION calling function IThread(AsyncRegistryThread)::run() for the file
unknown
[ACCESS_VIOLATION Exception!! EIP = 0x7362737f]
Please inform Avira and submit the appropriate file!
 
 
System errors:
=============
Error: (09/28/2017 03:03:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
yptnqxf
 
Error: (09/28/2017 03:03:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wireless PAN DHCP Server service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/28/2017 03:03:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: 
After starting, the service hung in a start-pending state.
 
Error: (09/28/2017 03:03:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: 
After starting, the service hung in a start-pending state.
 
Error: (09/28/2017 03:03:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Avira Real-Time Protection service hung on starting.
 
Error: (09/28/2017 03:00:16 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.
 
Error: (09/28/2017 03:00:16 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
 
Error: (09/28/2017 03:00:16 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
 
Error: (09/28/2017 11:13:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
yptnqxf
 
Error: (09/28/2017 11:13:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wireless PAN DHCP Server service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 67%
Total physical RAM: 3892.55 MB
Available physical RAM: 1251.98 MB
Total Virtual: 7783.29 MB
Available Virtual: 4356.42 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100 GB) (Free:23.8 GB) NTFS
Drive d: () (Fixed) (Total:350.66 GB) (Free:346.75 GB) NTFS
Drive e: (DVD_VIDEO) (CDROM) (Total:4.24 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1E7F3CF6)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=350.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,939 posts

Hi and welcome.

 

Sorry for the delay. The reports submitted show no sign of malware. Lets knock down some orphaned entries and empty the temp folders.

  • Highlight the entire content of the quote box below.

Start::  
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S0 yptnqxf; System32\drivers\tanc.sys [X]
Task: {9BE848CD-CDCF-4903-88BF-1B242A3D085A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} =>  -> No File
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} =>  -> No File
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} =>  -> No File
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} =>  -> No File
ContextMenuHandlers1: [SafeBoxContext] -> {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} =>  -> No File
ContextMenuHandlers5: [SafeBoxContext] -> {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} =>  -> No File
ContextMenuHandlers6: [SafeBoxContext] -> {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} =>  -> No File
Task: {9BE848CD-CDCF-4903-88BF-1B242A3D085A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [280]
AlternateDataStreams: C:\ProgramData\Temp:F0D7EE30 [138]
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

  • 0

#3
cypher.image

cypher.image

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Hi and Thank You,

 

No worries on the delay, I appreciate your assistance.  Here are the logs requested...

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-10-2017
Ran by Chay Siboura (09-10-2017 00:36:40) Run:1
Running from C:\Users\Chay Siboura\Desktop
Loaded Profiles: Chay Siboura (Available Profiles: Chay Siboura)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S0 yptnqxf; System32\drivers\tanc.sys [X]
Task: {9BE848CD-CDCF-4903-88BF-1B242A3D085A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} =>  -> No File
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} =>  -> No File
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} =>  -> No File
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} =>  -> No File
ContextMenuHandlers1: [SafeBoxContext] -> {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} =>  -> No File
ContextMenuHandlers5: [SafeBoxContext] -> {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} =>  -> No File
ContextMenuHandlers6: [SafeBoxContext] -> {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} =>  -> No File
Task: {9BE848CD-CDCF-4903-88BF-1B242A3D085A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [280]
AlternateDataStreams: C:\ProgramData\Temp:F0D7EE30 [138]
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
HKLM\System\CurrentControlSet\Services\EagleX64 => key removed successfully
EagleX64 => service removed successfully
HKLM\System\CurrentControlSet\Services\yptnqxf => key removed successfully
yptnqxf => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BE848CD-CDCF-4903-88BF-1B242A3D085A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\__SafeBox1 => key removed successfully
HKLM\Software\Classes\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\__SafeBox2 => key removed successfully
HKLM\Software\Classes\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\__SafeBox3 => key removed successfully
HKLM\Software\Classes\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\__SafeBox4 => key removed successfully
HKLM\Software\Classes\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67} => key not found. 
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SafeBoxContext => key removed successfully
HKLM\Software\Classes\CLSID\{0244E652-07EF-43C2-8AAD-ABA3CF40DF16} => key not found. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\SafeBoxContext => key removed successfully
HKLM\Software\Classes\CLSID\{0244E652-07EF-43C2-8AAD-ABA3CF40DF16} => key not found. 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SafeBoxContext => key removed successfully
HKLM\Software\Classes\CLSID\{0244E652-07EF-43C2-8AAD-ABA3CF40DF16} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BE848CD-CDCF-4903-88BF-1B242A3D085A} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key not found. 
C:\ProgramData\Temp => ":0B4227B4" ADS removed successfully.
C:\ProgramData\Temp => ":F0D7EE30" ADS removed successfully.
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.
 
========= RemoveProxy: =========
 
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-459188570-3383872282-3772164316-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-459188570-3383872282-3772164316-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28107329 B
Java, Flash, Steam htmlcache => 550 B
Windows/system/drivers => 477807192 B
Edge => 0 B
Chrome => 553250399 B
Firefox => 92655843 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 49718 B
systemprofile32 => 66222 B
LocalService => 132244 B
NetworkService => 66228 B
Chay Siboura => 11915833 B
 
RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 09-10-2017 00:42:23)
 
"C:\Windows\System32\Drivers\etc\hosts" => Could not move
Could not restore Hosts.
 
==== End of Fixlog 00:42:24 ====
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64 
Ran by Chay Siboura (Administrator) on Mon 10/09/2017 at  0:58:16.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 9 
 
Successfully deleted: C:\windows\system32\Tasks\AviraSystemSpeedupUpdate (Task)
Successfully deleted: C:\Users\Chay Siboura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DFJ8J3V (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Chay Siboura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV89RBME (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Chay Siboura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7UY05ST (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Chay Siboura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VREZHT1F (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DFJ8J3V (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV89RBME (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7UY05ST (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VREZHT1F (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/09/2017 at  1:01:58.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 26 05:11:38 2017
# Updated on 2017/29/08 by Malwarebytes 
# Running on Windows 7 Home Premium (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\Windows\System32\C2MP
Deleted: C:\Windows\SysWOW64\C2MP
Deleted: C:\ProgramData\Partner
Deleted: C:\ProgramData\Application Data\Partner
Deleted: C:\Users\All Users\Partner
 
 
***** [ Files ] *****
 
Deleted: C:\Users\Chay Siboura\AppData\Roaming\Mozilla\Firefox\Profiles\uzqbvdme.default\invalidprefs.js
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@pandonetworks.com\PandoWebPlugin
Deleted: [Key] - HKU\.DEFAULT\Software\Auslogics
Deleted: [Key] - HKU\S-1-5-21-459188570-3383872282-3772164316-1005\Software\Auslogics
Deleted: [Key] - HKU\S-1-5-18\Software\Auslogics
Deleted: [Key] - HKCU\Software\Auslogics
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
Plugin deleted: Easy Maps Access - 
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [1946 B] - [2017/9/26 5:7:47]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,939 posts

One more scan:

 

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.

  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

 


  • 0

#5
cypher.image

cypher.image

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Malwarebytes Anti-Rootkit BETA 1.10.1.1002
www.malwarebytes.org
 
Database version:
  main:    v2017.10.09.07
  rootkit: v2017.09.13.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18792
Chay Siboura :: MAEPAW-PC [administrator]
 
10/10/2017 12:41:31 AM
mbar-log-2017-10-10 (00-41-31).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 343274
Time elapsed: 56 minute(s), 32 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.1.1002
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18792
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4081635328, free: 2578087936
 
No address found
Downloaded database version: v2017.10.09.07
Downloaded database version: v2017.09.13.01
=======================================
Initializing...
Driver version: 4.2.0.132
------------ Kernel report ------------
     10/10/2017 00:41:23
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\trufos.sys
\SystemRoot\system32\DRIVERS\FLTMGR.SYS
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\avc3.sys
\SystemRoot\system32\DRIVERS\gzflt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avdevprot.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
\??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\windows\system32\Drivers\SABI.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\bdvedisk.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\rdpdispm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5s64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\avchv.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\WDKMD.sys
\SystemRoot\system32\DRIVERS\bpenum.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\bpusb.sys
\SystemRoot\system32\DRIVERS\bpmp.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\6721A106.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\urlmon.dll
\Windows\System32\advapi32.dll
\Windows\System32\gdi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\setupapi.dll
\Windows\System32\user32.dll
\Windows\System32\lpk.dll
\Windows\System32\msvcrt.dll
\Windows\System32\sechost.dll
\Windows\System32\msctf.dll
\Windows\System32\difxapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\shlwapi.dll
\Windows\System32\usp10.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\psapi.dll
\Windows\System32\imm32.dll
\Windows\System32\normaliz.dll
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\ws2_32.dll
\Windows\System32\wininet.dll
\Windows\System32\oleaut32.dll
\Windows\System32\kernel32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.10.09.07
  rootkit: v2017.09.13.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80046ec060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80046ecb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80046ec060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004430050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1E7F3CF6
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 31457280
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31459328  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 31664128  Numsec = 209715200
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 241379328  Numsec = 735389696
    Partition is not bootable
    Partition file system is NTFS
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-31459328-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-31664128-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-3-241379328-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,939 posts

All seems clear. How is the computer doing?


  • 0

#7
cypher.image

cypher.image

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

I am still experiencing the same issue with avira detecting suspicious patterns.  One example of the multiple files in quarantine is HTML/Infected.Webpage.Gen2  C:/windows/Temp/tmp000018bd/tmp000017e8.  I close the notification and Luke filewalker starts scanning.  It reaches the limit of 4 scans at once and slows the machine down. 

 

Upon startup windows wants to finish installing a previous update and wants me to restart.  If i do this it says it needs to close programs that are running, specifically windows update.  So it is like it is stuck in this state of not updating.  

 

I noticed that the fix you gave me for Frst was unable to clear the hosts file.  I believe it was my fault because avira blocked access to hosts file when I ran the fix. I apologize  Should I run the fix again with avira off? 

 

Thank You for your time.


  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,939 posts

No. You are running two antivirus programs, and avira seems to be watching Bitdefender.

 

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running.  The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as: Online Scans and scanners that run on your machine but are not actively scanning your machine.

 

Completely remove one of these and the issue will disappear.

 

 

  • Highlight the entire content of the quote box below.

Start::  
Folder: C:\Windows\Temp
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

 


  • 0

#9
cypher.image

cypher.image

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Oh okay.  I feel silly for that, I guess I was confused about what bitdefender actually was.  I have removed Avira and continued with the fix.  Here is the log.  I'm sorry I feel slightly dumb, but relieved to fix the problem.    :laughing:   The computer is much better now.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Chay Siboura (11-10-2017 20:08:21) Run:2
Running from C:\Users\Chay Siboura\Desktop
Loaded Profiles: Chay Siboura (Available Profiles: Chay Siboura)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
Folder: C:\Windows\Temp
 
*****************
 
 
========================= Folder: C:\Windows\Temp ========================
 
2017-10-11 00:20 - 2017-10-11 09:26 - 000042530 ____A [6AA9BD95B10F9EE2B512E653574C89A3] () C:\Windows\Temp\Avira_20171011002055.log
2017-10-11 00:21 - 2017-10-11 00:22 - 001506008 ____A [8D4D26E4884FD77835D9A56BA0729F66] () C:\Windows\Temp\Avira_20171011002055_001_Id.Avira.OE.Setup.Msi.log
2017-10-11 09:25 - 2017-10-11 09:25 - 000000081 ____A [583DEC88501C45DEE38E9C4B4D0F6C76] () C:\Windows\Temp\mavcperf-setup.log
2017-10-11 14:37 - 2017-10-11 14:37 - 000000202 ____A [C042EB078ACCF16FA36C9201923E5625] () C:\Windows\Temp\MSI13dff.LOG
2017-10-11 04:02 - 2017-10-11 04:02 - 000000200 ____A [724DE7599F084CECF740A36C654E6B3A] () C:\Windows\Temp\MSI1f1b3.LOG
2017-10-10 02:01 - 2017-10-10 02:01 - 000000200 ____A [BA177EBF5B9D22D4CEA53F9AD1895217] () C:\Windows\Temp\MSI27068.LOG
2017-10-11 10:34 - 2017-10-11 10:34 - 000000202 ____A [B3993322D912B7109E0506BE8833AFD7] () C:\Windows\Temp\MSI2ce09.LOG
2017-10-11 03:11 - 2017-10-11 03:11 - 000000200 ____A [1811C7DFC96F51ED91FB2F11602A7481] () C:\Windows\Temp\MSI2db94.LOG
2017-10-11 09:25 - 2017-10-11 09:25 - 000000200 ____A [80175540EAF2739E1920AEA18BD2C125] () C:\Windows\Temp\MSI35494.LOG
2017-10-11 12:37 - 2017-10-11 12:37 - 000000202 ____A [D4A819492C348254E7E8A82EF4E37AE8] () C:\Windows\Temp\MSI360a9.LOG
2017-10-10 02:37 - 2017-10-10 02:37 - 000000200 ____A [D1731E1614187B1165B01A4D479D0D42] () C:\Windows\Temp\MSI3d2d3.LOG
2017-10-10 22:50 - 2017-10-10 22:50 - 000000202 ____A [B391EA13A86E4D0FC0F796E33FBC9E72] () C:\Windows\Temp\MSI4a794.LOG
2017-10-11 19:38 - 2017-10-11 19:38 - 000000202 ____A [9B00C6530716C35EB36F61AC8BC0AD1F] () C:\Windows\Temp\MSI4f0de.LOG
2017-10-11 00:53 - 2017-10-11 00:53 - 000000200 ____A [9CE2F54B0B86FB8911A6B31B741A4D42] () C:\Windows\Temp\MSI50629.LOG
2017-10-11 02:38 - 2017-10-11 02:38 - 000000200 ____A [AECF841859FBF3BDB8912B17F7E0ABD1] () C:\Windows\Temp\MSI521d6.LOG
2017-10-10 12:51 - 2017-10-10 12:51 - 000000202 ____A [5C617213C0EFD77E285B73049954E98A] () C:\Windows\Temp\MSI54ef9.LOG
2017-10-11 12:34 - 2017-10-11 12:34 - 000000202 ____A [751523E7013F721000BCFD6BFA2635A5] () C:\Windows\Temp\MSI5515.LOG
2017-10-11 15:34 - 2017-10-11 15:34 - 000000202 ____A [B8EFBCC87343723801FAC9F77E1DDEED] () C:\Windows\Temp\MSI573fd.LOG
2017-10-11 10:37 - 2017-10-11 10:37 - 000000202 ____A [827CE7A510508CB38FBDE233FDF8FCD4] () C:\Windows\Temp\MSI5a822.LOG
2017-10-11 00:37 - 2017-10-11 00:37 - 000000200 ____A [E0BD8869D697138B6CB476B8929AA9C8] () C:\Windows\Temp\MSI66f95.LOG
2017-10-10 22:53 - 2017-10-10 22:53 - 000000202 ____A [D872A42F42FA1D225372BEB3DE91D53B] () C:\Windows\Temp\MSI6a7f1.LOG
2017-10-11 19:23 - 2017-10-11 19:23 - 000000202 ____A [E1D6CB8584049DB3D89B449C8BE4B833] () C:\Windows\Temp\MSI6aff8.LOG
2017-10-11 13:34 - 2017-10-11 13:34 - 000000202 ____A [43CB3531EF60A614B78A026D4F6D0793] () C:\Windows\Temp\MSI78865.LOG
2017-10-11 15:37 - 2017-10-11 15:37 - 000000202 ____A [6AD4CBAA7CD333674A53C190902F1BD4] () C:\Windows\Temp\MSI82c44.LOG
2017-10-11 11:34 - 2017-10-11 11:34 - 000000202 ____A [F7D1954549A10489EF39DE6EA0F50769] () C:\Windows\Temp\MSI9ca43.LOG
2017-10-11 13:37 - 2017-10-11 13:37 - 000000202 ____A [ED79F9296AF940EAB1F47999CBD9C7DB] () C:\Windows\Temp\MSIa4f9a.LOG
2017-10-11 09:33 - 2017-10-11 09:33 - 000000200 ____A [A34481CB39CBACD342305AEE81EFC778] () C:\Windows\Temp\MSIa7e82.LOG
2017-10-10 22:57 - 2017-10-10 22:57 - 000000202 ____A [0AEBECECD9D3832D2F688B20D4BCF914] () C:\Windows\Temp\MSIa976e.LOG
2017-10-10 12:57 - 2017-10-10 12:57 - 000000202 ____A [32ACC72D7E65D298D6B7BA20B605744D] () C:\Windows\Temp\MSIb366b.LOG
2017-10-11 03:37 - 2017-10-11 03:37 - 000000200 ____A [2E25FF683ACE6F558B047AFB906EA730] () C:\Windows\Temp\MSIb4935.LOG
2017-10-11 09:34 - 2017-10-11 09:34 - 000000200 ____A [B3FFBAF21626AC486C215FE321AF93EF] () C:\Windows\Temp\MSIb9e03.LOG
2017-10-11 19:29 - 2017-10-11 19:29 - 000000202 ____A [AC7E1C69220130E72F1896FD79C941CC] () C:\Windows\Temp\MSIc19c2.LOG
2017-10-11 16:34 - 2017-10-11 16:34 - 000000202 ____A [14E9406DC0669537E45D5EA43FFC796C] () C:\Windows\Temp\MSIc5e3d.LOG
2017-10-11 11:37 - 2017-10-11 11:37 - 000000202 ____A [600A28E67A43AB218700CCAA01B62948] () C:\Windows\Temp\MSIc7263.LOG
2017-10-11 01:54 - 2017-10-11 01:54 - 000000200 ____A [8A07B1B81B38C60085248EC5517924F9] () C:\Windows\Temp\MSIcd0aa.LOG
2017-10-11 01:37 - 2017-10-11 01:37 - 000000200 ____A [8B584E22486600B0FF28FF1B62CEFBB1] () C:\Windows\Temp\MSId62f9.LOG
2017-10-10 23:53 - 2017-10-10 23:53 - 000000202 ____A [2CB5C62543CF9CD633BDFEDB39DB7A10] () C:\Windows\Temp\MSId9695.LOG
2017-10-11 14:34 - 2017-10-11 14:34 - 000000202 ____A [F35CA9DED064377B1C3C8434FE92A79D] () C:\Windows\Temp\MSIe45fa.LOG
2017-10-11 19:14 - 2017-10-11 19:14 - 000000202 ____A [0DC53040AFA759EA76B83711D8C4717D] () C:\Windows\Temp\MSIe79db.LOG
2017-10-11 09:37 - 2017-10-11 09:37 - 000000200 ____A [FCFA6D1A84A7BAA6521E9DC1A9F11F8E] () C:\Windows\Temp\MSIe96d2.LOG
2017-10-10 23:38 - 2017-10-10 23:38 - 000000202 ____A [94DE79F9F98F1A1326AB4835C3C5DC11] () C:\Windows\Temp\MSIefe.LOG
2017-10-11 16:37 - 2017-10-11 16:37 - 000000202 ____A [1B88849CEB1A8FC8EFD03BD1E99A0EF9] () C:\Windows\Temp\MSIf1ad8.LOG
2017-10-11 09:24 - 2017-10-11 20:02 - 000000406 ____A [072785F5E7467FC325C89F3BC911EDBC] () C:\Windows\Temp\PanDhcpDnsInstall.txt
2017-10-11 19:58 - 2017-10-11 19:58 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\Temp\AVSETUP_59deaf0d
2017-10-11 19:58 - 2017-10-11 19:58 - 000000117 ____A [F0B2421972FC0B6777D14709B9EBAE4A] () C:\Windows\Temp\AVSETUP_59deaf0d\setup.log
2017-10-11 19:43 - 2017-10-11 19:43 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\Temp\Crashpad
2017-10-11 19:43 - 2017-10-11 19:43 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\Temp\Crashpad\metadata
2017-10-11 19:43 - 2017-10-11 19:43 - 000000040 ____A [43C212608533408918268ACFC79CD9E0] () C:\Windows\Temp\Crashpad\settings.dat
2017-10-11 19:43 - 2017-10-11 19:43 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\Temp\Crashpad\reports
2017-10-11 10:52 - 2017-10-11 19:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\Temp\tmp000007aa
2017-10-11 00:05 - 2017-10-11 10:00 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\Temp\tmp000018bd
2017-10-11 19:39 - 2017-10-11 19:59 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\Temp\tmp00001b8a
2017-10-11 19:45 - 2017-10-11 19:45 - 000138821 ____A [A2471A44025A7B86B8FDCE5C950B06C9] () C:\Windows\Temp\tmp00001b8a\tmp00000371.VIR
2017-10-11 19:45 - 2017-10-11 19:45 - 000138821 ____A [A2471A44025A7B86B8FDCE5C950B06C9] () C:\Windows\Temp\tmp00001b8a\tmp00000393.VIR
2017-10-11 19:45 - 2017-10-11 19:45 - 000138821 ____A [A2471A44025A7B86B8FDCE5C950B06C9] () C:\Windows\Temp\tmp00001b8a\tmp000003af.VIR
2017-10-11 19:45 - 2017-10-11 19:45 - 000138821 ____A [A2471A44025A7B86B8FDCE5C950B06C9] () C:\Windows\Temp\tmp00001b8a\tmp000003cb.VIR
2017-10-11 19:47 - 2017-10-11 19:47 - 000138821 ____A [A2471A44025A7B86B8FDCE5C950B06C9] () C:\Windows\Temp\tmp00001b8a\tmp000003f2.VIR
2017-10-11 19:47 - 2017-10-11 19:47 - 000138821 ____A [A2471A44025A7B86B8FDCE5C950B06C9] () C:\Windows\Temp\tmp00001b8a\tmp00000414.VIR
2017-10-11 19:47 - 2017-10-11 19:47 - 000138821 ____A [A2471A44025A7B86B8FDCE5C950B06C9] () C:\Windows\Temp\tmp00001b8a\tmp0000043e.VIR
2017-10-11 19:47 - 2017-10-11 19:47 - 000138821 ____A [A2471A44025A7B86B8FDCE5C950B06C9] () C:\Windows\Temp\tmp00001b8a\tmp0000044c.VIR
2017-10-11 03:11 - 2017-10-11 10:09 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\Temp\tmp00002726
2017-10-11 04:01 - 2017-10-11 04:01 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\Temp\tmp00002726\tmp00000919
2017-10-11 20:00 - 2017-10-11 20:08 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\Temp\tmp00002b6f
2017-10-11 20:00 - 2017-10-11 20:00 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\Temp\tmp00002b6f\tmp00000000
2017-10-11 09:22 - 2017-10-11 19:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\Temp\tmp000042b8
2017-10-11 15:42 - 2017-10-11 19:46 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\Temp\tmp000065b9
2017-10-11 19:34 - 2017-10-11 19:34 - 000138821 ____A [A2471A44025A7B86B8FDCE5C950B06C9] () C:\Windows\Temp\tmp000065b9\tmp00001585.VIR
2017-10-11 19:34 - 2017-10-11 19:34 - 000138821 ____A [A2471A44025A7B86B8FDCE5C950B06C9] () C:\Windows\Temp\tmp000065b9\tmp0000159d.VIR
2017-10-11 19:34 - 2017-10-11 19:34 - 000138821 ____A [A2471A44025A7B86B8FDCE5C950B06C9] () C:\Windows\Temp\tmp000065b9\tmp000015ab.VIR
2017-10-11 19:36 - 2017-10-11 19:36 - 000138821 ____A [A2471A44025A7B86B8FDCE5C950B06C9] () C:\Windows\Temp\tmp000065b9\tmp000015f6.VIR
2017-10-11 19:36 - 2017-10-11 19:36 - 000138821 ____A [A2471A44025A7B86B8FDCE5C950B06C9] () C:\Windows\Temp\tmp000065b9\tmp0000160a.VIR
2017-10-11 19:36 - 2017-10-11 19:36 - 000138821 ____A [A2471A44025A7B86B8FDCE5C950B06C9] () C:\Windows\Temp\tmp000065b9\tmp00001618.VIR
2017-10-11 19:36 - 2017-10-11 19:36 - 000138821 ____A [A2471A44025A7B86B8FDCE5C950B06C9] () C:\Windows\Temp\tmp000065b9\tmp00001626.VIR
2017-10-11 19:36 - 2017-10-11 19:36 - 000138821 ____A [A2471A44025A7B86B8FDCE5C950B06C9] () C:\Windows\Temp\tmp000065b9\tmp00001634.VIR
2017-10-11 19:36 - 2017-10-11 19:36 - 000138821 ____A [A2471A44025A7B86B8FDCE5C950B06C9] () C:\Windows\Temp\tmp000065b9\tmp00001642.VIR
2017-10-11 19:36 - 2017-10-11 19:36 - 000138821 ____A [A2471A44025A7B86B8FDCE5C950B06C9] () C:\Windows\Temp\tmp000065b9\tmp00001650.VIR
 
====== End of Folder: ======
 
 
==== End of Fixlog 20:08:26 ====

  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,939 posts

Nothing wrong there, congratulations.

 

Use this application to remove the tools we used:

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

Always keep your antivirus active and updated.

 

Best regards. :)


  • 0

#11
cypher.image

cypher.image

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Wonderful! Thank You very much for your time and gracious assistance.  I appreciate your help in resolving my issue.

 

# DelFix v1.013 - Logfile created 12/10/2017 at 15:43:31
# Updated 17/04/2016 by Xplode
# Username : Chay Siboura - MAEPAW-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Chay Siboura\Desktop\FRST-OlderVersion
Deleted : C:\Users\Chay Siboura\Desktop\mbar
Deleted : C:\TDSSKiller.3.1.0.12_11.04.2017_20.28.56_log.txt
Deleted : C:\Users\Chay Siboura\Desktop\Addition.txt
Deleted : C:\Users\Chay Siboura\Desktop\adwcleaner_7.0.3.1.exe
Deleted : C:\Users\Chay Siboura\Desktop\Fixlog.txt
Deleted : C:\Users\Chay Siboura\Desktop\FRST.txt
Deleted : C:\Users\Chay Siboura\Desktop\FRST64.exe
Deleted : C:\Users\Chay Siboura\Desktop\JRT.exe
Deleted : C:\Users\Chay Siboura\Desktop\JRT.txt
Deleted : C:\Users\Chay Siboura\Downloads\adwcleaner_7.0.2.1.exe
Deleted : C:\Users\Chay Siboura\Downloads\JRT.exe
Deleted : C:\Users\Chay Siboura\Downloads\tdsskiller.exe
Deleted : C:\Users\Chay Siboura\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
 
~ Creating registry backup ... OK
 
########## - EOF - ##########

  • 0

#12
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,939 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP