Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer acting really strange and internet is so slow (for some sites)


  • This topic is locked This topic is locked
28 replies to this topic

#1 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:04:49 PM

Posted 11 November 2017 - 04:50 PM

Hi guys, I've noticed some really weird activity on my computer. Each time I turn it on, or randomly when I'm using it, all the security programs (Bitdefender and Windows Firewall) are disabled and the Windows Updates settings change.

 

I am also experiencing random hanging, and today, my computer has been an absolute crawl on the internet and it times out (only on some sites though, not all - but it's usually much faster) and I have noticed that some images do not display, just their file name. It worked at normal speed on other devices.

 

When I ran FRST (as an administrator), it could not backup the registry (error 5 access is denied, I think) and failed to update.

 

FRST didn't make a FRST.txt file when it ran, and instead, at the end of the scan, it asked me if I wanted to make a FRST.txt file as it didn't exist. However when I clicked yes, still no file was created.

 

So I just have Addition.txt...

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-11-2017 02
Ran by Lighthouse (11-11-2017 21:45:30)
Running from C:\Users\Lighthouse\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2015-10-30 20:46:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4261637426-1160812987-2799580953-500 - Administrator - Disabled)
Guest (S-1-5-21-4261637426-1160812987-2799580953-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4261637426-1160812987-2799580953-1002 - Limited - Enabled)
Lighthouse (S-1-5-21-4261637426-1160812987-2799580953-1001 - Administrator - Enabled) => C:\Users\Lighthouse
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 27 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.8.29 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 62.0.3202.89 - Google Inc.)
Google Earth Pro (HKLM\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Lightshot-5.3.0.0 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Node.js (HKLM\...\{C9B4AD6A-0FDB-47AA-A549-31792DB60D85}) (Version: 6.11.4 - Node.js Foundation)
Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.2 - Notepad++ Team)
Opera Stable 48.0.2685.52 (HKLM\...\Opera 48.0.2685.52) (Version: 48.0.2685.52 - Opera Software)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507B}) (Version: 4.0.9 - dotPDN LLC)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
Roblox Player for Lighthouse (HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
ROBLOX Studio for Lighthouse (HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
SimCity 3000 Unlimited (HKLM\...\2086050016_is1) (Version: 2.0.0.3 - GOG.com)
SimCity 3000 Unlimited (HKLM\...\SimCity 3000 Unlimited) (Version:  - )
Sublime Text Build 3143 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Tanki Online version 1.0 (HKLM\...\{F3FB53B4-47A2-4C94-B5CC-D430234912E6}_is1) (Version: 1.0 - AlternativaGame Ltd)
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Telerik Fiddler (HKLM\...\Fiddler2) (Version: 4.6.20171.9220 - Telerik)
Unchecky v1.1 (HKLM\...\Unchecky) (Version: 1.1 - Reason Software Company Inc.)
Web Launch Recorder (HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\...\WebLaunchRecorder) (Version: 2.0 - )
WinRAR 5.40 beta 2 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.2 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4261637426-1160812987-2799580953-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4261637426-1160812987-2799580953-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4261637426-1160812987-2799580953-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4261637426-1160812987-2799580953-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4261637426-1160812987-2799580953-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4261637426-1160812987-2799580953-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2016-11-02] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-06-19] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-08-25] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-06-19] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2534F50E-1553-4692-8A07-10BA5B1ECD6E} - System32\Tasks\Opera scheduled Autoupdate 1488127259 => C:\Program Files\Opera\launcher.exe [2017-10-24] (Opera Software)
Task: {3CCED110-E23F-41C0-A9D0-31568DD2A663} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {4915B080-1E8D-496B-877A-46F434CA1820} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-09-21] (Google Inc.)
Task: {4E922CD5-F376-48B2-BAB0-5D5F9C46DC22} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-04-11] (Bitdefender)
Task: {5D3E2F8F-5472-404E-B78E-323C38D2DB85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {894C3C78-5462-429A-A3CA-9DB5259F6B75} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {962E8FD3-B0B3-4AE4-B2C4-12922CFA14D2} - System32\Tasks\{939CD973-645E-4EF4-9EBD-F3DFF5BF8AB5} => C:\Windows\system32\pcalua.exe -a C:\Users\Lighthouse\Downloads\sp54283.exe -d C:\Users\Lighthouse\Downloads
Task: {E7DB696F-3C10-40FD-8E4B-AB492F703053} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-09-21] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-07-29 10:11 - 2016-04-16 20:06 - 000222392 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2017-07-29 10:11 - 2017-02-07 11:26 - 000859344 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpbr.mdl
2017-07-29 10:11 - 2017-02-07 11:26 - 000466568 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpdsp.mdl
2017-07-29 10:11 - 2017-02-07 11:26 - 002660936 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpph.mdl
2017-07-29 10:11 - 2017-02-07 11:26 - 001303008 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttprbl.mdl
2017-10-09 15:01 - 2017-10-04 12:15 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-11-02 10:31 - 2016-11-02 10:31 - 000267952 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2016-12-21 17:12 - 2013-07-21 18:35 - 016306936 _____ () C:\Program Files\Postimage\postimage.exe
2017-11-07 21:27 - 2017-11-05 08:48 - 003075928 _____ () C:\Program Files\Google\Chrome\Application\62.0.3202.89\libglesv2.dll
2017-11-07 21:27 - 2017-11-05 08:48 - 000086872 _____ () C:\Program Files\Google\Chrome\Application\62.0.3202.89\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:04 - 2017-11-11 15:30 - 000002519 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lighthouse\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E36B5EDF-95A7-460C-8ECA-480662F691F0}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{16CC7444-1E6A-4877-8C87-91F7EA28B53C}C:\users\lighthouse\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Block) C:\users\lighthouse\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
FirewallRules: [{9EAA2EA0-29E1-4292-A9BE-60C925B4721C}] => (Allow) LPort=7935
FirewallRules: [{F7085A81-52BB-4BD0-B61B-E7AB0E85F0A6}] => (Allow) C:\Program Files\Fiddler2\Fiddler.exe
FirewallRules: [{BF36686E-565C-4FCD-A35D-533EB5BAF826}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{FEE00655-B444-4B20-A8CD-3296B85D5BAF}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{8AF6DBFA-1D0B-4D6F-B020-A7BBBBF62B95}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5C841BC8-63BB-45C2-8567-0C7FECCF0ADD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0507C47F-D5E0-4C81-937A-D2E152C5DD1A}] => (Allow) C:\Program Files\Opera\48.0.2685.50\opera.exe
FirewallRules: [{0B60BF1C-D514-4D62-840C-395195BDCE61}] => (Allow) C:\Program Files\Opera\48.0.2685.52\opera.exe
FirewallRules: [{142E82B0-54C5-486C-9F1A-332778D29892}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
31-10-2017 08:01:31 Windows Update
07-11-2017 20:33:42 Scheduled Checkpoint
10-11-2017 07:57:50 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: BT-01 (Mono Audio)
Description: Bluetooth Hands-free Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: CSR plc
Service: BthAudioHF
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/11/2017 08:04:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RobloxPlayerLauncher.exe version 1.6.3.31476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1408
 
Start Time: 01d35b27e0fb1ed5
 
Termination Time: 58
 
Application Path: C:\Users\Lighthouse\AppData\Local\Roblox\Versions\version-8b1abbafbf174a21\RobloxPlayerLauncher.exe
 
Report Id: 7225eeb8-c71b-11e7-ad53-0015833d0a57
 
Error: (11/05/2017 10:40:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: f38
 
Start Time: 01d356224b41e057
 
Termination Time: 15
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: a982db70-c215-11e7-9142-0015833d0a57
 
Error: (10/17/2017 06:10:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WORDPAD.EXE version 6.1.7601.23889 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 87c
 
Start Time: 01d3476668b8e155
 
Termination Time: 88
 
Application Path: C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
 
Report Id: 6cd20110-b366-11e7-ad67-0015833d0a57
 
Error: (10/05/2017 06:52:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Tanki Online.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3bc
 
Start Time: 01d33da216685804
 
Termination Time: 1400
 
Application Path: C:\Program Files\Tanki Online\Tanki Online.exe
 
Report Id: bb9b85e6-a999-11e7-a511-0015833d0a57
 
Error: (09/25/2017 05:55:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9d4
 
Start Time: 01d3360c53b49258
 
Termination Time: 608
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 9aa38b56-a21a-11e7-a5ed-0015833d0a57
 
Error: (09/08/2017 04:34:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a60
 
Start Time: 01d328a9b9fb84f5
 
Termination Time: 974
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 90713bfb-94b3-11e7-81d6-0015833d0a57
 
Error: (08/01/2017 03:39:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AGSService.exe, version: 4.2.0.574, time stamp: 0x591d50a6
Faulting module name: ntdll.dll, version: 6.1.7601.23807, time stamp: 0x5915f94f
Exception code: 0xc0000005
Fault offset: 0x00047322
Faulting process id: 0x65c
Faulting application start time: 0x01d30aa9eeca64dc
Faulting application path: C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 9b540c97-76cf-11e7-9018-0015833d0a57
 
Error: (08/01/2017 09:41:44 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/01/2017 09:41:44 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/01/2017 09:41:44 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (11/11/2017 03:31:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
atc
VBoxNetAdp
 
Error: (11/11/2017 11:19:08 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (11/11/2017 11:12:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
atc
VBoxNetAdp
 
Error: (11/10/2017 11:29:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
 
Error: (11/10/2017 02:56:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
atc
VBoxNetAdp
 
Error: (11/10/2017 07:08:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
atc
VBoxNetAdp
 
Error: (11/09/2017 03:45:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
atc
VBoxNetAdp
 
Error: (11/09/2017 07:07:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
atc
VBoxNetAdp
 
Error: (11/08/2017 02:55:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
atc
VBoxNetAdp
 
Error: (11/08/2017 07:12:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
atc
VBoxNetAdp
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU E3300 @ 2.50GHz
Percentage of memory in use: 72%
Total physical RAM: 2013.24 MB
Available physical RAM: 561.71 MB
Total Virtual: 4026.48 MB
Available Virtual: 1879.44 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.95 GB) (Free:75.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 7F51BE86)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 

 


Edited by The_Codesee, 12 November 2017 - 08:07 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 16 November 2017 - 04:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/662606 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 satchfan

satchfan

  • Malware Response Team
  • 2,864 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:49 PM

Posted 16 November 2017 - 06:18 PM

Hello The_Codesee and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please follow these instructions in the order given.

===================================================

Disable Windows Defender

Please disable Windows Defender for now. Apart from the fact that that old version of Windows Defender was useless, it can sometimes prevent some things from being fixed.

  • open Windows Defender
  • click on Tools, General Settings
  • scroll down and uncheck Turn on real-time protection (recommended)
  • after you uncheck this, click on the Save button and close Windows Defender.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

===================================================

Please run FRST again and make sure there is a checkmark next to ‘Addition.txt’ before you hit Scan.

Logs to include with next post:

AdwCleaner log
RKreport.txt
Frst.txt
New Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 The_Codesee

The_Codesee
  • Topic Starter

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:04:49 PM

Posted 17 November 2017 - 02:21 AM

Hi Satchfan, thank you for your help.
 
When I opened Windows Defender, it said that a problem had caused this program's service to stop and so I was not able to access the tools tab to disable it. Would you like me to start the service and then try to disable it again?
 
http://prntscr.com/hbjyxr.png
 
I also had this strange message appear yesterday or the day before:
 
http://prntscr.com/hbjz6l



#5 satchfan

satchfan

  • Malware Response Team
  • 2,864 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:49 PM

Posted 17 November 2017 - 04:42 AM

When I opened Windows Defender, it said that a problem had caused this program's service to stop and so I was not able to access the tools tab to disable it. Would you like me to start the service and then try to disable it again?

You could try that.

 

With regard to the error message, it would seem that either something is trying to run that is incompatible with your version of Windows or it could be a driver issue. Have you installed a new program or printer recently?

 

Could you just try and run the scans anyway and post the results.

 

Thanks

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 The_Codesee

The_Codesee
  • Topic Starter

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:04:49 PM

Posted 19 November 2017 - 06:53 AM

Hi, sorry about the late response.

 

Here's the AdwCleaner log (Unchecky is a false positive):

 

# AdwCleaner 7.0.4.0 - Logfile created on Fri Nov 17 15:25:37 2017
# Updated on 2017/27/10 by Malwarebytes 
# Running on Windows 7 Professional (X86)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run|LightShot
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [1814 B] - [2016/9/7 18:37:37]
C:/AdwCleaner/AdwCleaner[C2].txt - [1478 B] - [2016/9/18 18:47:58]
C:/AdwCleaner/AdwCleaner[C3].txt - [2066 B] - [2017/1/6 14:30:15]
C:/AdwCleaner/AdwCleaner[S0].txt - [1881 B] - [2016/9/7 18:36:32]
C:/AdwCleaner/AdwCleaner[S1].txt - [1608 B] - [2016/9/18 18:45:58]
C:/AdwCleaner/AdwCleaner[S2].txt - [2101 B] - [2017/1/6 14:29:17]
C:/AdwCleaner/AdwCleaner[S3].txt - [1415 B] - [2017/11/17 15:20:50]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt ##########
 
Here's the RogueKiller log (again, Unchecky is a false positive):
 
RogueKiller V12.11.24.0 [Nov 13 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Lighthouse [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 11/17/2017 15:40:53 (Duration : 01:23:55)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUP.OpenCandy] HKEY_LOCAL_MACHINE\Software\Unchecky -> Found
[PUP.OpenCandy] HKEY_USERS\.DEFAULT\Software\Unchecky -> Found
[PUP.OpenCandy] HKEY_USERS\S-1-5-21-4261637426-1160812987-2799580953-1001\Software\Unchecky -> Found
[PUP.OpenCandy] HKEY_USERS\S-1-5-18\Software\Unchecky -> Found
[PUP.OpenCandy] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Unchecky -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-4261637426-1160812987-2799580953-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 4 ¤¤¤
[PUP.OpenCandy][Folder] C:\ProgramData\Unchecky -> Found
[PUP.OpenCandy][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky -> Found
[PUP.OpenCandy][Folder] C:\ProgramData\Unchecky -> Found
[PUP.OpenCandy][Folder] C:\Program Files\Unchecky -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721016CLA382 ATA Device +++++
--- User ---
[MBR] 1df70d4c30d3443d5fae2c0e1407b170
[BSP] f2dda2009086ceb83adcd4ac63d49a07 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Multiple Card  Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
Here is the FRST.txt log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-11-2017
Ran by Lighthouse (administrator) on LIGHTHOUSEPC (17-11-2017 17:45:24)
Running from C:\Users\Lighthouse\Desktop
Loaded Profiles: Lighthouse (Available Profiles: Lighthouse)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Reason Software Company Inc.) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Reason Software Company Inc.) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
() C:\Program Files\Postimage\postimage.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\...\Run: [Postimage] => C:\Program Files\Postimage\postimage.exe [16306936 2013-07-21] ()
HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6564776 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\...\MountPoints2: {0e9d734f-c5b9-11e6-82f4-1cc1de4fdbf9} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\...\MountPoints2: {de755412-ad50-11e5-a500-00158332f303} - F:\Launcher\LAUNCHER.EXE
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{6B677605-AFD8-4B08-96FE-5BCC8A5631BE}: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
Toolbar: HKU\S-1-5-21-4261637426-1160812987-2799580953-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
 
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-4261637426-1160812987-2799580953-1001: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll [No File]
 
Chrome: 
=======
CHR Profile: C:\Users\Lighthouse\AppData\Local\Google\Chrome\User Data\Default [2017-11-17]
CHR Extension: (Slides) - C:\Users\Lighthouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Lighthouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Lighthouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-21]
CHR Extension: (YouTube) - C:\Users\Lighthouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-21]
CHR Extension: (Web Paint) - C:\Users\Lighthouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\emeokgokialpjadjaoeiplmnkjoaegng [2017-09-23]
CHR Extension: (Sheets) - C:\Users\Lighthouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Lighthouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-22]
CHR Extension: (Local SWF Player) - C:\Users\Lighthouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmbckedabpbgjagmkgcejooabcdnone [2017-03-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lighthouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-06]
CHR Extension: (Gmail) - C:\Users\Lighthouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-21]
CHR Extension: (Chrome Media Router) - C:\Users\Lighthouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 HFGService; C:\Windows\System32\HFGService.dll [413696 2009-12-21] (CSR, plc)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [294168 2017-10-03] (Reason Software Company Inc.)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [97200 2017-09-05] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [97200 2017-09-05] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [97200 2017-09-05] (Bitdefender)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [34704 2016-12-19] (Google Inc)
R0 atc; C:\Windows\System32\DRIVERS\atc.sys [794312 2017-10-13] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1436056 2017-09-05] (BitDefender)
R0 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [128320 2017-11-10] (Bitdefender)
R3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [43008 2009-12-21] (CSR, plc)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
R3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [61952 2009-12-21] (CSR, plc)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109184 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [211440 2017-10-03] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\Windows\System32\drivers\gzflt.sys [152784 2017-05-11] (BitDefender LLC)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-11-17] (Malwarebytes)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 trufos; C:\Windows\System32\drivers\trufos.sys [458648 2016-06-22] (BitDefender S.R.L.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2016-12-21] (Apple, Inc.) [File not signed]
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [113904 2016-10-18] (Oracle Corporation)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2011-10-24] (Huawei Technologies Co., Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-17 17:45 - 2017-11-17 17:46 - 000010399 _____ C:\Users\Lighthouse\Desktop\FRST.txt
2017-11-17 17:43 - 2017-11-17 17:43 - 001788928 _____ (Farbar) C:\Users\Lighthouse\Desktop\FRST.exe
2017-11-17 17:42 - 2017-11-17 17:42 - 000004580 _____ C:\Users\Lighthouse\Desktop\rogue.txt
2017-11-17 15:40 - 2017-11-17 17:42 - 000000000 ____D C:\ProgramData\RogueKiller
2017-11-17 15:40 - 2017-11-17 15:40 - 000000965 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-11-17 15:39 - 2017-11-17 15:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-11-17 15:39 - 2017-11-17 15:40 - 000000000 ____D C:\Program Files\RogueKiller
2017-11-17 15:39 - 2017-11-17 15:39 - 000001587 _____ C:\Users\Lighthouse\Desktop\adw.txt
2017-11-17 15:34 - 2017-11-17 15:35 - 036156920 _____ (Adlice Software ) C:\Users\Lighthouse\Desktop\RogueKiller_setup_ref3.exe
2017-11-17 15:28 - 2017-11-17 15:28 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-17 15:15 - 2017-11-17 15:15 - 008261584 _____ (Malwarebytes) C:\Users\Lighthouse\Desktop\adwcleaner_7.0.4.0.exe
2017-11-15 07:33 - 2017-10-18 06:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-15 07:33 - 2017-10-18 01:55 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-15 07:33 - 2017-10-18 01:55 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-15 07:33 - 2017-10-18 01:55 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-15 07:33 - 2017-10-18 01:55 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-15 07:33 - 2017-10-18 01:55 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-15 07:33 - 2017-10-18 01:55 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-15 07:33 - 2017-10-18 01:55 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-15 07:33 - 2017-10-16 22:49 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-15 07:33 - 2017-10-16 22:25 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-15 07:33 - 2017-10-16 21:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2017-11-15 07:33 - 2017-10-14 07:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-15 07:33 - 2017-10-14 07:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-11-15 07:33 - 2017-10-14 07:03 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-11-15 07:33 - 2017-10-14 06:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-15 07:33 - 2017-10-14 06:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-11-15 07:33 - 2017-10-14 06:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-11-15 07:33 - 2017-10-14 06:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-11-15 07:33 - 2017-10-14 06:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-11-15 07:33 - 2017-10-14 06:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-15 07:33 - 2017-10-14 06:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-11-15 07:33 - 2017-10-14 06:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-11-15 07:33 - 2017-10-14 06:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-11-15 07:33 - 2017-10-14 06:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-15 07:33 - 2017-10-14 06:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-11-15 07:33 - 2017-10-14 06:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-11-15 07:33 - 2017-10-14 06:45 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-11-15 07:33 - 2017-10-14 06:41 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-11-15 07:33 - 2017-10-14 06:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-11-15 07:33 - 2017-10-14 06:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-11-15 07:33 - 2017-10-14 06:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-11-15 07:33 - 2017-10-14 06:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-11-15 07:33 - 2017-10-14 06:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-15 07:33 - 2017-10-14 06:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-11-15 07:33 - 2017-10-14 06:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-11-15 07:33 - 2017-10-14 06:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-11-15 07:33 - 2017-10-14 06:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-11-15 07:33 - 2017-10-14 06:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-15 07:33 - 2017-10-14 06:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-15 07:33 - 2017-10-14 06:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-15 07:33 - 2017-10-14 06:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-15 07:33 - 2017-10-14 06:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-15 07:33 - 2017-10-14 06:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-11-15 07:33 - 2017-10-14 06:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-15 07:33 - 2017-10-14 06:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-15 07:33 - 2017-10-14 06:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-15 07:33 - 2017-10-12 00:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-15 07:33 - 2017-10-12 00:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-15 07:33 - 2017-10-12 00:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-15 07:33 - 2017-10-12 00:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-15 07:33 - 2017-10-12 00:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-15 07:33 - 2017-10-12 00:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-15 07:33 - 2017-10-12 00:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-15 07:33 - 2017-10-12 00:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-15 07:33 - 2017-10-12 00:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-15 07:33 - 2017-10-12 00:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-15 07:33 - 2017-10-12 00:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-15 07:33 - 2017-10-12 00:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-15 07:33 - 2017-10-12 00:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-15 07:33 - 2017-10-12 00:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-15 07:33 - 2017-10-12 00:37 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-15 07:33 - 2017-10-12 00:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-15 07:33 - 2017-10-12 00:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-15 07:33 - 2017-10-12 00:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-15 07:33 - 2017-10-12 00:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-15 07:33 - 2017-10-12 00:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-15 07:33 - 2017-10-12 00:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-15 07:33 - 2017-10-12 00:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-15 07:33 - 2017-10-12 00:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-15 07:33 - 2017-10-12 00:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-15 07:33 - 2017-10-12 00:14 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-15 07:33 - 2017-09-07 13:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-15 07:33 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-15 07:31 - 2017-10-18 02:16 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-15 07:31 - 2017-10-18 02:11 - 000488448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-15 07:31 - 2017-10-15 22:04 - 000313184 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-15 07:31 - 2017-10-04 13:04 - 001918464 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-15 07:31 - 2017-10-04 13:04 - 001321472 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-15 07:31 - 2017-10-04 13:04 - 000541696 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-15 07:31 - 2017-10-04 13:04 - 000509440 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-15 07:31 - 2017-10-04 13:04 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-15 07:31 - 2017-10-04 13:04 - 000193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-15 07:31 - 2017-10-04 13:04 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-10 07:51 - 2017-11-10 07:51 - 000128320 _____ (Bitdefender) C:\Windows\system32\Drivers\bddci.sys
2017-10-28 22:26 - 2017-10-28 22:26 - 000001835 _____ C:\Users\Public\Desktop\SimCity 3000 Unlimited.lnk
2017-10-28 22:26 - 2017-10-28 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-10-28 22:23 - 2017-10-28 22:23 - 000000000 ____D C:\GOG Games
2017-10-27 10:52 - 2017-10-27 10:52 - 000002002 _____ C:\Users\Lighthouse\Desktop\Malwarebytes.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-17 17:44 - 2016-09-07 18:47 - 000000000 ____D C:\FRST
2017-11-17 16:59 - 2017-07-28 17:15 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2017-11-17 15:40 - 2015-12-26 15:46 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-11-17 15:37 - 2009-07-14 04:34 - 000024304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-17 15:37 - 2009-07-14 04:34 - 000024304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-17 15:27 - 2009-07-14 04:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-17 15:20 - 2016-09-07 18:35 - 000000000 ____D C:\AdwCleaner
2017-11-15 18:14 - 2009-07-14 02:37 - 000000000 ____D C:\Windows\rescache
2017-11-15 15:12 - 2017-07-28 17:14 - 000000000 ____D C:\Program Files\Bitdefender Agent
2017-11-15 14:58 - 2017-08-01 09:38 - 000317160 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-15 14:55 - 2015-10-31 21:34 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-15 08:05 - 2010-11-20 21:01 - 000769626 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-15 08:05 - 2009-07-14 02:37 - 000000000 ____D C:\Windows\inf
2017-11-15 07:18 - 2017-10-15 11:49 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-11-15 07:18 - 2017-10-15 11:49 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-11-15 07:17 - 2017-07-31 10:27 - 000000000 ____D C:\Windows\system32\Macromed
2017-11-13 21:27 - 2016-09-21 17:58 - 000002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-13 21:27 - 2016-09-21 17:58 - 000002089 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-11 21:37 - 2015-10-30 20:47 - 000000000 ____D C:\Users\Lighthouse
2017-11-11 17:10 - 2016-05-26 19:32 - 000000000 ____D C:\Users\Lighthouse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-11-01 14:52 - 2009-07-14 04:53 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-10-28 22:26 - 2009-07-14 04:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-10-28 22:16 - 2016-09-10 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
2017-10-27 11:56 - 2017-02-26 16:40 - 000000000 ____D C:\Program Files\Opera
2017-10-27 10:45 - 2009-07-14 02:37 - 000000000 ____D C:\Windows\system32\NDF
2017-10-21 13:31 - 2017-10-11 17:45 - 000000738 _____ C:\Users\Lighthouse\Desktop\emails.txt
2017-10-18 06:06 - 2015-10-30 21:36 - 000000000 ____D C:\Program Files\Google
 
==================== Files in the root of some directories =======
 
2017-10-14 18:02 - 2017-10-14 18:14 - 000000053 _____ () C:\Users\Lighthouse\module1.js
2017-10-14 18:13 - 2017-10-14 18:23 - 000000172 _____ () C:\Users\Lighthouse\module2.js
2016-04-28 20:08 - 2016-04-28 20:20 - 000002626 _____ () C:\Users\Lighthouse\AppData\Roaming\droid4xinstaller.log
2016-06-08 06:19 - 2016-09-18 08:03 - 000005120 _____ () C:\Users\Lighthouse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-26 16:23 - 2015-12-26 16:23 - 000000372 _____ () C:\Users\Lighthouse\AppData\Local\LMIR0001.tmp_r.bat
2015-12-30 18:12 - 2015-12-30 18:12 - 000000731 _____ () C:\Users\Lighthouse\AppData\Local\recently-used.xbel
2015-12-10 18:27 - 2015-12-10 18:27 - 000007605 _____ () C:\Users\Lighthouse\AppData\Local\Resmon.ResmonCfg
2016-05-05 16:22 - 2016-05-05 16:22 - 000000017 _____ () C:\Users\Lighthouse\AppData\Local\si
2015-10-30 22:17 - 2015-10-30 22:17 - 000000003 _____ () C:\Users\Lighthouse\AppData\Local\updater.log
2015-10-30 22:17 - 2015-11-06 21:21 - 000000412 _____ () C:\Users\Lighthouse\AppData\Local\UserProducts.xml
2016-07-28 17:00 - 2016-07-28 18:22 - 000000176 _____ () C:\Users\Lighthouse\AppData\Local\uts.ini
 
Some files in TEMP:
====================
2017-11-17 15:40 - 2017-09-13 15:10 - 001310528 _____ (Microsoft Corporation) C:\Users\Lighthouse\AppData\Local\Temp\dllnt_dump.dll
2016-12-15 06:06 - 2016-12-15 06:06 - 002458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Lighthouse\AppData\Local\Temp\libeay32.dll
2016-12-15 06:06 - 2016-12-15 06:06 - 000970912 _____ (Microsoft Corporation) C:\Users\Lighthouse\AppData\Local\Temp\msvcr120.dll
2017-03-22 18:24 - 2017-03-22 18:24 - 007082272 _____ () C:\Users\Lighthouse\AppData\Local\Temp\paint.net.4.0.13.install.exe
2016-12-15 06:06 - 2016-12-15 06:06 - 000772672 _____ () C:\Users\Lighthouse\AppData\Local\Temp\sqlite3.dll
2001-12-19 11:45 - 2001-12-19 11:45 - 000023552 ____N () C:\Users\Lighthouse\AppData\Local\Temp\VCdControlTool.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-09 16:33
 
==================== End of FRST.txt ============================
 
And here is Addition.txt log:
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-11-2017
Ran by Lighthouse (17-11-2017 17:47:32)
Running from C:\Users\Lighthouse\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2015-10-30 20:46:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4261637426-1160812987-2799580953-500 - Administrator - Disabled)
Guest (S-1-5-21-4261637426-1160812987-2799580953-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4261637426-1160812987-2799580953-1002 - Limited - Enabled)
Lighthouse (S-1-5-21-4261637426-1160812987-2799580953-1001 - Administrator - Enabled) => C:\Users\Lighthouse
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 27 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.8.29 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Earth Pro (HKLM\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Lightshot-5.3.0.0 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Node.js (HKLM\...\{C9B4AD6A-0FDB-47AA-A549-31792DB60D85}) (Version: 6.11.4 - Node.js Foundation)
Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.2 - Notepad++ Team)
Opera Stable 48.0.2685.52 (HKLM\...\Opera 48.0.2685.52) (Version: 48.0.2685.52 - Opera Software)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507B}) (Version: 4.0.9 - dotPDN LLC)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
Roblox Player for Lighthouse (HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
ROBLOX Studio for Lighthouse (HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
RogueKiller version 12.11.24.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.24.0 - Adlice Software)
SimCity 3000 Unlimited (HKLM\...\2086050016_is1) (Version: 2.0.0.3 - GOG.com)
SimCity 3000 Unlimited (HKLM\...\SimCity 3000 Unlimited) (Version:  - )
Sublime Text Build 3143 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Tanki Online version 1.0 (HKLM\...\{F3FB53B4-47A2-4C94-B5CC-D430234912E6}_is1) (Version: 1.0 - AlternativaGame Ltd)
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Telerik Fiddler (HKLM\...\Fiddler2) (Version: 4.6.20171.9220 - Telerik)
Unchecky v1.1 (HKLM\...\Unchecky) (Version: 1.1 - Reason Software Company Inc.)
Web Launch Recorder (HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\...\WebLaunchRecorder) (Version: 2.0 - )
WinRAR 5.40 beta 2 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.2 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4261637426-1160812987-2799580953-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4261637426-1160812987-2799580953-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4261637426-1160812987-2799580953-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4261637426-1160812987-2799580953-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4261637426-1160812987-2799580953-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4261637426-1160812987-2799580953-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2016-11-02] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-06-19] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-08-25] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-06-19] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2534F50E-1553-4692-8A07-10BA5B1ECD6E} - System32\Tasks\Opera scheduled Autoupdate 1488127259 => C:\Program Files\Opera\launcher.exe [2017-10-24] (Opera Software)
Task: {3CCED110-E23F-41C0-A9D0-31568DD2A663} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {4915B080-1E8D-496B-877A-46F434CA1820} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-09-21] (Google Inc.)
Task: {4E922CD5-F376-48B2-BAB0-5D5F9C46DC22} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-04-11] (Bitdefender)
Task: {5D3E2F8F-5472-404E-B78E-323C38D2DB85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {894C3C78-5462-429A-A3CA-9DB5259F6B75} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {962E8FD3-B0B3-4AE4-B2C4-12922CFA14D2} - System32\Tasks\{939CD973-645E-4EF4-9EBD-F3DFF5BF8AB5} => C:\Windows\system32\pcalua.exe -a C:\Users\Lighthouse\Downloads\sp54283.exe -d C:\Users\Lighthouse\Downloads
Task: {E7DB696F-3C10-40FD-8E4B-AB492F703053} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-09-21] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-07-29 10:11 - 2016-04-16 20:06 - 000222392 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2017-07-29 10:11 - 2017-02-07 11:26 - 000859344 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpbr.mdl
2017-07-29 10:11 - 2017-02-07 11:26 - 000466568 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpdsp.mdl
2017-07-29 10:11 - 2017-02-07 11:26 - 002660936 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpph.mdl
2017-07-29 10:11 - 2017-02-07 11:26 - 001303008 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttprbl.mdl
2017-10-09 15:01 - 2017-10-04 12:15 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-11-02 10:31 - 2016-11-02 10:31 - 000267952 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2016-12-21 17:12 - 2013-07-21 18:35 - 016306936 _____ () C:\Program Files\Postimage\postimage.exe
2017-11-13 21:27 - 2017-11-10 09:21 - 003075928 _____ () C:\Program Files\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-13 21:27 - 2017-11-10 09:21 - 000086872 _____ () C:\Program Files\Google\Chrome\Application\62.0.3202.94\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:DED17083 [294]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:04 - 2017-11-17 15:27 - 000002519 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lighthouse\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E36B5EDF-95A7-460C-8ECA-480662F691F0}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{16CC7444-1E6A-4877-8C87-91F7EA28B53C}C:\users\lighthouse\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Block) C:\users\lighthouse\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
FirewallRules: [{9EAA2EA0-29E1-4292-A9BE-60C925B4721C}] => (Allow) LPort=7935
FirewallRules: [{F7085A81-52BB-4BD0-B61B-E7AB0E85F0A6}] => (Allow) C:\Program Files\Fiddler2\Fiddler.exe
FirewallRules: [{BF36686E-565C-4FCD-A35D-533EB5BAF826}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{FEE00655-B444-4B20-A8CD-3296B85D5BAF}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{8AF6DBFA-1D0B-4D6F-B020-A7BBBBF62B95}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5C841BC8-63BB-45C2-8567-0C7FECCF0ADD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0507C47F-D5E0-4C81-937A-D2E152C5DD1A}] => (Allow) C:\Program Files\Opera\48.0.2685.50\opera.exe
FirewallRules: [{0B60BF1C-D514-4D62-840C-395195BDCE61}] => (Allow) C:\Program Files\Opera\48.0.2685.52\opera.exe
FirewallRules: [{CBD10FBD-602E-4FB5-A7CE-9F76DC9E9F7C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
07-11-2017 20:33:42 Scheduled Checkpoint
10-11-2017 07:57:50 Windows Update
14-11-2017 08:02:34 Windows Update
15-11-2017 08:02:46 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: BT-01 (Mono Audio)
Description: Bluetooth Hands-free Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: CSR plc
Service: BthAudioHF
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/17/2017 05:45:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 16.11.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 126c
 
Start Time: 01d35fcbb28e52f1
 
Termination Time: 4
 
Application Path: C:\Users\Lighthouse\Desktop\FRST.exe
 
Report Id:
 
Error: (11/11/2017 08:04:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RobloxPlayerLauncher.exe version 1.6.3.31476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1408
 
Start Time: 01d35b27e0fb1ed5
 
Termination Time: 58
 
Application Path: C:\Users\Lighthouse\AppData\Local\Roblox\Versions\version-8b1abbafbf174a21\RobloxPlayerLauncher.exe
 
Report Id: 7225eeb8-c71b-11e7-ad53-0015833d0a57
 
Error: (11/05/2017 10:40:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: f38
 
Start Time: 01d356224b41e057
 
Termination Time: 15
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: a982db70-c215-11e7-9142-0015833d0a57
 
Error: (10/17/2017 06:10:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WORDPAD.EXE version 6.1.7601.23889 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 87c
 
Start Time: 01d3476668b8e155
 
Termination Time: 88
 
Application Path: C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
 
Report Id: 6cd20110-b366-11e7-ad67-0015833d0a57
 
Error: (10/05/2017 06:52:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Tanki Online.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3bc
 
Start Time: 01d33da216685804
 
Termination Time: 1400
 
Application Path: C:\Program Files\Tanki Online\Tanki Online.exe
 
Report Id: bb9b85e6-a999-11e7-a511-0015833d0a57
 
Error: (09/25/2017 05:55:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9d4
 
Start Time: 01d3360c53b49258
 
Termination Time: 608
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 9aa38b56-a21a-11e7-a5ed-0015833d0a57
 
Error: (09/08/2017 04:34:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a60
 
Start Time: 01d328a9b9fb84f5
 
Termination Time: 974
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 90713bfb-94b3-11e7-81d6-0015833d0a57
 
Error: (08/01/2017 03:39:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AGSService.exe, version: 4.2.0.574, time stamp: 0x591d50a6
Faulting module name: ntdll.dll, version: 6.1.7601.23807, time stamp: 0x5915f94f
Exception code: 0xc0000005
Fault offset: 0x00047322
Faulting process id: 0x65c
Faulting application start time: 0x01d30aa9eeca64dc
Faulting application path: C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 9b540c97-76cf-11e7-9018-0015833d0a57
 
Error: (08/01/2017 09:41:44 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/01/2017 09:41:44 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (11/17/2017 03:27:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
atc
VBoxNetAdp
 
Error: (11/17/2017 03:25:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (11/17/2017 03:25:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (11/17/2017 03:25:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/17/2017 03:25:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Unchecky service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/17/2017 03:25:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Genuine Software Integrity Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/17/2017 03:25:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ProductAgentService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/17/2017 03:20:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (11/17/2017 03:20:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (11/17/2017 02:56:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
atc
VBoxNetAdp
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU E3300 @ 2.50GHz
Percentage of memory in use: 65%
Total physical RAM: 2013.24 MB
Available physical RAM: 684.77 MB
Total Virtual: 4026.48 MB
Available Virtual: 2151.44 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.95 GB) (Free:74.19 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 7F51BE86)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 


#7 satchfan

satchfan

  • Malware Response Team
  • 2,864 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:49 PM

Posted 19 November 2017 - 04:07 PM

sorry about the late response.

 

I was begiining to wonder.

 

I've also been busy so will reply tomorrow.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 The_Codesee

The_Codesee
  • Topic Starter

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:04:49 PM

Posted 19 November 2017 - 05:10 PM

Okay no worries :)



#9 satchfan

satchfan

  • Malware Response Team
  • 2,864 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:49 PM

Posted 20 November 2017 - 04:41 AM

There is no sign of malware on your computer but a few things to tidy up.

Run Farbar Recovery Scan Tool

  • right-click FRST/FRST64 and select ‘Run as administrator’
  • highlight the contents of the code box below, then press Ctrl+c):
Start::
CloseProcesses:
HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\...\MountPoints2: {0e9d734f-c5b9-11e6-82f4-1cc1de4fdbf9} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\...\MountPoints2: {de755412-ad50-11e5-a500-00158332f303} - F:\Launcher\LAUNCHER.EXE
Toolbar: HKU\S-1-5-21-4261637426-1160812987-2799580953-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
FF Plugin HKU\S-1-5-21-4261637426-1160812987-2799580953-1001: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lighthouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-06]
CHR Extension: (Chrome Media Router) - C:\Users\Lighthouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
AlternateDataStreams: C:\ProgramData\TEMP:DED17083 [294]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
FirewallRules: [{BF36686E-565C-4FCD-A35D-533EB5BAF826}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{FEE00655-B444-4B20-A8CD-3296B85D5BAF}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{8AF6DBFA-1D0B-4D6F-B020-A7BBBBF62B95}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5C841BC8-63BB-45C2-8567-0C7FECCF0ADD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
Hosts:
EmptyTemp:
End::

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • in the FRST window, press the ‘Fix’ button once and wait
  • please reboot the computer if requested
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Run Security Analysis

Download Security Analysis by Rocket Grannie from here

  • save it to your Desktop
  • close your security software to avoid potential conflicts
  • double-click RGSA.exe
  • click OK on the copyright-disclaimer
  • when finished, a Notepad window will open with the results of the scan
  • the log named SALog.txt can also be found on the Desktop or, in the same folder from where the tool is run if installed elsewhere
  • please copy and paste the contents of that log in the next post.

Note: If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.

Logs to include with next post:

Fixlog.txt
SALog.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 The_Codesee

The_Codesee
  • Topic Starter

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:04:49 PM

Posted 20 November 2017 - 02:35 PM

Hi Satchfan, thanks for your reply. I ran the fix and here is the fixlog. I was skeptical about including EmptyTemp: as I believe this clears my cache on Chrome.
 
Fix result of Farbar Recovery Scan Tool (x86) Version: 19-11-2017
Ran by Lighthouse (20-11-2017 19:23:48) Run:6
Running from C:\Users\Lighthouse\Desktop
Loaded Profiles: Lighthouse (Available Profiles: Lighthouse)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\...\MountPoints2: {0e9d734f-c5b9-11e6-82f4-1cc1de4fdbf9} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\...\MountPoints2: {de755412-ad50-11e5-a500-00158332f303} - F:\Launcher\LAUNCHER.EXE
Toolbar: HKU\S-1-5-21-4261637426-1160812987-2799580953-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
FF Plugin HKU\S-1-5-21-4261637426-1160812987-2799580953-1001: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lighthouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-06]
CHR Extension: (Chrome Media Router) - C:\Users\Lighthouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
AlternateDataStreams: C:\ProgramData\TEMP:DED17083 [294]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
FirewallRules: [{BF36686E-565C-4FCD-A35D-533EB5BAF826}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{FEE00655-B444-4B20-A8CD-3296B85D5BAF}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{8AF6DBFA-1D0B-4D6F-B020-A7BBBBF62B95}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5C841BC8-63BB-45C2-8567-0C7FECCF0ADD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
Hosts:
 
*****************
 
Processes closed successfully.
HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e9d734f-c5b9-11e6-82f4-1cc1de4fdbf9} => key removed successfully.
HKLM\Software\Classes\CLSID\{0e9d734f-c5b9-11e6-82f4-1cc1de4fdbf9} => key not found. 
HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de755412-ad50-11e5-a500-00158332f303} => key removed successfully.
HKLM\Software\Classes\CLSID\{de755412-ad50-11e5-a500-00158332f303} => key not found. 
HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455} => key removed successfully.
HKLM\Software\Classes\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455} => key removed successfully.
HKU\S-1-5-21-4261637426-1160812987-2799580953-1001\Software\MozillaPlugins\www.exent.com/GameTreatWidget => key removed successfully.
C:\Program Files\Free Ride Games\npGameTreatWidget.dll => not found.
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lighthouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-06] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Lighthouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16] => Error: No automatic fix found for this entry.
C:\ProgramData\TEMP => ":DED17083" ADS removed successfully..
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\BsScanner => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BF36686E-565C-4FCD-A35D-533EB5BAF826} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FEE00655-B444-4B20-A8CD-3296B85D5BAF} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8AF6DBFA-1D0B-4D6F-B020-A7BBBBF62B95} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5C841BC8-63BB-45C2-8567-0C7FECCF0ADD} => value removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:24:06 ====
 
Here is the Security Analysis log. Does this differ to Security Check, or is it simply updated more often?
 

Result of Security Analysis by Rocket Grannie (x86) Updated: 18th Novemeber, 2017
Running from:C:\Users\Lighthouse\Desktop (19:31:44 - 11/20/2017)
***---------------------------------------------------------***
Microsoft Windows 7 Professional X86 Service Pack 1
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Bitdefender Antivirus Free Antimalware (Disabled - up to Date)
Bitdefender Antivirus Free Antimalware (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
CCleaner (5.11) ==> is out of Date
Google Chrome (62.0.3202.94)
Malwarebytes (3.2.2.2029)
Opera (49.0.2725.39)
 
***----------------Analysis Complete-------------------------***
 
I also received another message telling me that Windows Defender and Bitdefender had been disabled: http://prntscr.com/hd0bxo.png



#11 satchfan

satchfan

  • Malware Response Team
  • 2,864 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:49 PM

Posted 20 November 2017 - 06:18 PM

Please download SystemLook from one of the links below and save it to your Desktop.

SystemLook (32-bit)
SystemLook (64-bit)

  • double-click SystemLook.exe to run it.
  • copy the content of the following codebox into the main textfield - please make sure you include the colon, (:), at the beginning.:

    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityCenter
    
  • click the Look button to start the scan
  • when finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 The_Codesee

The_Codesee
  • Topic Starter

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:04:49 PM

Posted 21 November 2017 - 02:52 AM

Hi Satchfan, here's the log:

 

SystemLook 04.09.10 by jpshortstuff
Log created at 07:52 on 21/11/2017 by Lighthouse
Administrator - Elevation successful
 
========== reg ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityCenter]
(Unable to open key - key not found)
 
-= EOF =-


#13 The_Codesee

The_Codesee
  • Topic Starter

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:04:49 PM

Posted 21 November 2017 - 02:55 AM

I had a look in my registry and noticed there was an entry titled 'Security Center' instead of 'Security Center', not sure if that was a typo.

 

So I reran SystemLook with that;

 

SystemLook 04.09.10 by jpshortstuff
Log created at 07:55 on 21/11/2017 by Lighthouse
Administrator - Elevation successful
 
========== reg ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"= 0x0000000001 (1)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
 
-= EOF =-


#14 satchfan

satchfan

  • Malware Response Team
  • 2,864 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:49 PM

Posted 21 November 2017 - 04:38 AM

Sorry about the typo.

 

Have you checked the settings in BitDefender's action centre?


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 The_Codesee

The_Codesee
  • Topic Starter

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:04:49 PM

Posted 22 November 2017 - 04:35 PM

Hi Satchfan, the issue seems to be that Bitdefender randomly disables itself. It hasn't happened since I last said, so I'll monitor for a few days and get back to you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users