Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
18 replies to this topic

#1 mhelmustlive

mhelmustlive

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 19 December 2014 - 10:18 AM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:59:08 PM, on 12/19/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)

FIREFOX: 34.0.5 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Users\Cabug-os\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hold Page\bin\HoldPage.BOASHelper.exe
C:\Program Files (x86)\Hold Page\bin\HoldPage.BRT.Helper.exe
C:\Program Files (x86)\Hold Page\bin\HoldPage.BrowserAdapter.exe
C:\Program Files (x86)\Hold Page\bin\HoldPage.expext.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hold Page\bin\HoldPage.BOASPRT.exe
C:\Program Files (x86)\Hold Page\bin\HoldPage.BOAS.exe
C:\Users\Cabug-os\Downloads\FileSick.com-Trend Micro HijackThis 2.05 Final\FileSick.com-Trend Micro HijackThis 2.05 Final\FileSick.com-Trend Micro HijackThis 2.05 Final.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Program Files (x86)\Hold Page\bin\Pac9064.js
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Hold Page 1.0.0.5 - {6c14185e-4de6-4a79-985b-19f23fd1e638} - C:\Program Files (x86)\Hold Page\HoldPageBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Cabug-os\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Start.exe] C:\ProgramData\Microsoft\Windows\Start Menu\DCSCMIN\mEMksbnvQxBF\IMDCSC.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Cabug-os\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cabug-os\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Hold Page - Unknown owner - C:\Program Files (x86)\Hold Page\updateHoldPage.exe
O23 - Service: Util Hold Page - Unknown owner - C:\Program Files (x86)\Hold Page\bin\utilHoldPage.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10626 bytes
 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 PM

Posted 24 December 2014 - 10:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/560369 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 PM

Posted 29 December 2014 - 10:25 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 mhelmustlive

mhelmustlive
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 05 January 2015 - 11:58 PM

 Sorry for the late reply, I'm still experiencing pop ups pages, and Ads pages when opening a website using IE, firefox and Google chrome. Is it a Spyware. I have an Avast Antivirus. But it cant fix the problem.

This is the DDS LOG:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.55.2
Run by Cabug-os at 9:44:53 on 2015-01-05
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4058.2570 [GMT 8:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\WUDFHost.exe
C:\Users\Cabug-os\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Windows\explorer.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxps://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
mSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
mSearch Page = hxxps://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: {6c14185e-4de6-4a79-985b-19f23fd1e638} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AdobeBridge]
uRunOnce: [Uninstall C:\Users\Cabug-os\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Cabug-os\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:95
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 110.93.65.11 110.93.66.11
TCP: Interfaces\{11BF086A-32DC-44A7-9BCF-4261A620BBBC} : DHCPNameServer = 110.93.65.11 110.93.66.11
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll
SSODL: WebCheck -
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
x64-Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll
x64-Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll
x64-SSODL: WebCheck -
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cabug-os\AppData\Roaming\Mozilla\Firefox\Profiles\jalkw40d.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search/?trackid=sp-006
FF - prefs.js: browser.search.selectedEngine - Google (avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?trackid=sp-006
FF - prefs.js: keyword.URL - hxxps://www.google.com/search/?trackid=sp-006
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Cabug-os\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-12-29 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-12-29 267632]
R1 {078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64;{078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64;C:\Windows\System32\drivers\{078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64.sys [2014-12-9 48784]
R1 {2bf1e193-df72-4e3c-9f15-d1dc6e2f810f}Gw64;{2bf1e193-df72-4e3c-9f15-d1dc6e2f810f}Gw64;C:\Windows\System32\drivers\{2bf1e193-df72-4e3c-9f15-d1dc6e2f810f}Gw64.sys [2014-12-6 48784]
R1 {507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64;{507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64;C:\Windows\System32\drivers\{507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64.sys [2014-12-4 48776]
R1 {8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64;{8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64;C:\Windows\System32\drivers\{8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64.sys [2014-12-15 48784]
R1 {a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64;{a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64;C:\Windows\System32\drivers\{a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64.sys [2014-12-13 48784]
R1 {c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64;{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64;C:\Windows\System32\drivers\{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64.sys [2014-12-28 48784]
R1 {df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64;{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64;C:\Windows\System32\drivers\{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64.sys [2014-11-30 48776]
R1 {f0087990-17d0-4537-ad91-6a7a9c5c1b37}Gw64;{f0087990-17d0-4537-ad91-6a7a9c5c1b37}Gw64;C:\Windows\System32\drivers\{f0087990-17d0-4537-ad91-6a7a9c5c1b37}Gw64.sys [2014-11-28 48776]
R1 {f2f2c4d5-f6ac-4c21-8cea-257783669e49}Gw64;{f2f2c4d5-f6ac-4c21-8cea-257783669e49}Gw64;C:\Windows\System32\drivers\{f2f2c4d5-f6ac-4c21-8cea-257783669e49}Gw64.sys [2014-11-29 48776]
R1 {fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64;{fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64;C:\Windows\System32\drivers\{fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64.sys [2014-12-19 48784]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-12-29 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-12-29 436624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-7 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-12-29 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-12-29 83280]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-29 50344]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2012-8-24 158944]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-9-10 5052224]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-12-29 271752]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-12-29 4012248]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-12-29 116728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-5-30 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-6 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-13 20992]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-12-25 726160]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-13 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 vvftav303;vvftav303;C:\Windows\System32\drivers\vvftav303.sys [2014-1-31 308096]
S3 ZSMC0303;A4 TECH PC Camera H;C:\Windows\System32\drivers\usbVM303.sys [2014-1-31 1494656]
.
=============== Created Last 30 ================
.
2014-12-29 06:20:38 -------- d-----w- C:\Users\Cabug-os\AppData\Roaming\AVAST Software
2014-12-29 04:54:48 -------- d-----w- C:\Windows\SysWow64\vbox
2014-12-29 04:54:48 -------- d-----w- C:\Windows\System32\vbox
2014-12-29 04:34:50 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-12-29 04:34:49 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-12-29 04:34:49 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-12-29 04:34:49 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-12-29 04:34:48 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-12-29 04:34:48 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-12-29 04:34:45 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-12-29 04:34:35 43152 ----a-w- C:\Windows\avastSS.scr
2014-12-29 03:27:41 -------- d-----w- C:\Program Files\AVAST Software
2014-12-28 02:31:14 48784 ----a-w- C:\Windows\System32\drivers\{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64.sys
2014-12-26 05:07:07 -------- d-----w- C:\Users\Cabug-os\AppData\Local\Macromedia
2014-12-21 04:36:10 -------- d-----w- C:\Program Files (x86)\AnvSoft
2014-12-19 14:29:32 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-12-19 07:02:10 48784 ----a-w- C:\Windows\System32\drivers\{fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64.sys
2014-12-18 06:14:20 -------- d-----w- C:\Users\Cabug-os\AppData\Roaming\dclogs
2014-12-15 14:04:11 48784 ----a-w- C:\Windows\System32\drivers\{8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64.sys
2014-12-13 09:19:03 48784 ----a-w- C:\Windows\System32\drivers\{a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64.sys
2014-12-11 05:32:24 -------- d-----w- C:\Users\Cabug-os\AppData\Roaming\BRT
2014-12-09 12:06:18 48784 ----a-w- C:\Windows\System32\drivers\{078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64.sys
2014-12-07 02:54:10 -------- d-----w- C:\Windows\SysWow64\14120601_stream
2014-12-06 08:00:26 48784 ----a-w- C:\Windows\System32\drivers\{2bf1e193-df72-4e3c-9f15-d1dc6e2f810f}Gw64.sys
.
==================== Find3M ====================
.
2015-01-04 02:38:56 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-04 02:38:56 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-02 21:53:14 48776 ----a-w- C:\Windows\System32\drivers\{507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64.sys
2014-11-29 15:48:46 48776 ----a-w- C:\Windows\System32\drivers\{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64.sys
2014-11-28 00:48:06 48776 ----a-w- C:\Windows\System32\drivers\{f2f2c4d5-f6ac-4c21-8cea-257783669e49}Gw64.sys
2014-11-27 11:51:40 48776 ----a-w- C:\Windows\System32\drivers\{f0087990-17d0-4537-ad91-6a7a9c5c1b37}Gw64.sys
.
============= FINISH: 9:45:05.24 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 12/25/2013 12:13:44 PM
System Uptime: 1/5/2015 9:21:32 AM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | F2A55-M LK2 PLUS
Processor: AMD A4-5300 APU with Radeon™ HD Graphics | FM2 | 3400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 131 GiB total, 13.343 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 3.576 GiB free.
E: is FIXED (NTFS) - 0 GiB total, 0 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_85051043&REV_09\01000000684CE00000
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_85051043&REV_09\01000000684CE00000
Service: RTL8167
.
==== System Restore Points ===================
.
RP101: 12/12/2014 2:02:36 PM - Scheduled Checkpoint
RP102: 12/18/2014 2:15:25 PM - 18
RP103: 12/19/2014 10:29:00 PM - avast! antivirus system restore point
RP104: 12/28/2014 11:01:06 AM - Scheduled Checkpoint
RP105: 12/29/2014 11:27:18 AM - avast! antivirus system restore point
.
==== Installed Programs ======================
.
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Any Video Converter Professional 5.6.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avast Free Antivirus
BitTorrent
Bonjour
Coupon Printer for Windows
Google Chrome
Google Update Helper
HP Deskjet Ink Adv 2060 K110 Basic Device Software
HP Deskjet Ink Adv 2060 K110 Help
HP Deskjet Ink Adv 2060 K110 Product Improvement Study
HP Photo Creations
HP Update
iTunes
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Mozilla Firefox 34.0.5 (x86 en-US)
Mozilla Maintenance Service
Photodex Presenter
ProShow Producer
QuickTime
Steam
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
12/31/2014 6:56:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
12/31/2014 6:56:42 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/31/2014 1:09:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
12/31/2014 1:09:35 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/30/2014 8:34:36 AM, Error: Service Control Manager [7034] - The Util Hold Page service terminated unexpectedly. It has done this 1 time(s).
12/30/2014 8:34:36 AM, Error: Service Control Manager [7034] - The Update Hold Page service terminated unexpectedly. It has done this 1 time(s).
12/30/2014 8:20:21 AM, Error: volmgr [46] - Crash dump initialization failed!
12/29/2014 6:36:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Util Hold Page service to connect.
12/29/2014 6:36:56 PM, Error: Service Control Manager [7000] - The Util Hold Page service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/29/2014 6:36:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Update Hold Page service to connect.
12/29/2014 6:36:19 PM, Error: Service Control Manager [7000] - The Update Hold Page service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/29/2014 12:10:59 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Cabug-os-PC\Cabug-os SID (S-1-5-21-428620182-2791128249-1741837046-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/5/2015 9:22:29 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
1/5/2015 9:21:39 AM, Error: Ntfs [137] - The default transaction resource manager on volume E: encountered a non-retryable error and could not start. The data contains the error code.
1/4/2015 9:47:11 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================


I don't have my original Windows CD/DVD right now.

Hope for your response and help. I appreciate all your works and being informative. Thank you.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 06 January 2015 - 10:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#6 mhelmustlive

mhelmustlive
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 07 January 2015 - 11:15 PM

Thank you HelpBot and nasdaq.. after I downloaded AdwCleaner , then run it and restart my computer, all the Ads and pop ups pages were gone. I can now smoothly browse websites without any  problem and mess. Thank you again Bleeping Computer! Your a big help.  :lmao:  :thumbup2:  :thumbup2:  :thumbsup2:  :hello:  :notanangel:  :lol: 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 08 January 2015 - 10:52 AM

Are you sure you do not want to check further.

Post the requested logs if you want to continue.

#8 mhelmustlive

mhelmustlive
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 09 January 2015 - 12:25 AM

Hi Nasdaq, here's the log of ADWCleaner

# AdwCleaner v4.106 - Report created 09/01/2015 at 13:10:32
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Cabug-os - CABUG-OS-PC
# Running from : C:\Users\Cabug-os\Downloads\Programs\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
-\\ Comodo Dragon v
 
[C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [8428 octets] - [05/01/2015 10:18:28]
AdwCleaner[R1].txt - [319 octets] - [09/01/2015 12:59:14]
AdwCleaner[R2].txt - [1307 octets] - [09/01/2015 13:04:28]
AdwCleaner[S0].txt - [8762 octets] - [05/01/2015 10:38:42]
AdwCleaner[S1].txt - [1532 octets] - [09/01/2015 13:10:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1592 octets] ##########
 
 
 
Here's for FRST.txt
 
# AdwCleaner v4.106 - Report created 09/01/2015 at 13:10:32
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Cabug-os - CABUG-OS-PC
# Running from : C:\Users\Cabug-os\Downloads\Programs\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
-\\ Comodo Dragon v
 
[C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [8428 octets] - [05/01/2015 10:18:28]
AdwCleaner[R1].txt - [319 octets] - [09/01/2015 12:59:14]
AdwCleaner[R2].txt - [1307 octets] - [09/01/2015 13:04:28]
AdwCleaner[S0].txt - [8762 octets] - [05/01/2015 10:38:42]
AdwCleaner[S1].txt - [1532 octets] - [09/01/2015 13:10:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1592 octets] ##########
 
 
And here's for Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Cabug-os at 2015-01-09 13:20:18
Running from C:\Users\Cabug-os\Desktop\New folder
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Any Video Converter Professional 5.6.4 (HKLM-x32\...\Any Video Converter Professional_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
BitTorrent (HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
ProShow Producer (HKLM-x32\...\ProShow Producer) (Version:  - Photodex Corporation)
QuickTime (HKLM-x32\...\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}) (Version: 7.62.14.0 - Apple Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
12-12-2014 14:02:36 Scheduled Checkpoint
18-12-2014 14:15:25 18
19-12-2014 22:29:00 avast! antivirus system restore point
28-12-2014 11:01:06 Scheduled Checkpoint
29-12-2014 11:27:18 avast! antivirus system restore point
06-01-2015 15:35:46 Installed iTunes
07-01-2015 11:08:48 Removed HP Deskjet Ink Adv 2060 K110 Basic Device Software
07-01-2015 11:10:00 Removed HP Deskjet Ink Adv 2060 K110 Help
07-01-2015 11:10:43 Removed HP Deskjet Ink Adv 2060 K110 Product Improvement Study
07-01-2015 11:11:33 Removed HP Update.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2014-06-08 14:43 - 00000797 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {09FA885A-1CD3-4291-BD3D-693467DFA41B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {40D1E25C-7A6E-44DB-B741-8F4006D0161A} - System32\Tasks\avastBCLRestartS-1-5-21-428620182-2791128249-1741837046-1000 => Chrome.exe 
Task: {41932F6A-3436-4FE8-B1E2-C05EA904C086} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-04] (Adobe Systems Incorporated)
Task: {43145A87-9E58-4242-93CD-DE74A633AD8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.)
Task: {470136C1-B236-40EE-8F1F-84EAE7CDAB21} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-428620182-2791128249-1741837046-1000Core => C:\Users\Cabug-os\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-09] (Facebook Inc.)
Task: {4F795F0B-8E95-4D35-A620-878D3E6510E5} - System32\Tasks\{F4F878DA-DD10-4467-86B8-3FD3FF6B3C08} => C:\Program Files\2K Sports\NBA 2K14\nba2k14.exe [2013-10-01] (2K Sports)
Task: {56B40234-8D9A-4589-BEE9-0DFD069202D6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-428620182-2791128249-1741837046-1000UA => C:\Users\Cabug-os\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-09] (Facebook Inc.)
Task: {5E1E24A7-9623-4CE3-A43C-8A1B2857A077} - System32\Tasks\{2E0A9CB1-3D31-42BF-8BFE-BD2E696ADA96} => C:\Program Files\2K Sports\NBA 2K14\nba2k14.exe [2013-10-01] (2K Sports)
Task: {7D3EFD21-D834-4805-A65E-8B7E2D34BC72} - System32\Tasks\{40CF4BAA-B3F8-4EBB-9DF7-72515475D867} => C:\Program Files (x86)\Hitman Absolution\HMA.exe
Task: {8278E7DB-3E20-4E10-8699-55BED0908601} - System32\Tasks\{27F45B2B-F6D1-4493-B359-068AE61F545F} => C:\Program Files\2K Sports\NBA 2K14\nba2k14.exe [2013-10-01] (2K Sports)
Task: {A7475561-F4A2-4541-8CBA-841D78EB6731} - System32\Tasks\AdobeAAMUpdater-1.0-Cabug-os-PC-Cabug-os => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\SysWOW64\BthUdTask.exe [2009-07-14] (Microsoft Corporation)
Task: {E935C110-5E25-4918-B28D-095DF1B8FA64} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HpWebReg.exe
Task: {F31A9BCC-D0A6-4974-B2A6-0162AA3CED86} - System32\Tasks\{6FA6AB3D-AA53-47A4-AD99-059D5D59EBD3} => C:\Program Files\2K Sports\NBA 2K14\nba2k14.exe [2013-10-01] (2K Sports)
Task: {F6F8DE12-BE3F-453C-B180-25F9F6769030} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-29] (AVAST Software)
Task: {FC0CBDF6-064D-4955-B166-88A58E4F008E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-428620182-2791128249-1741837046-1000Core.job => C:\Users\Cabug-os\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-428620182-2791128249-1741837046-1000UA.job => C:\Users\Cabug-os\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-25 16:17 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-05-15 16:51 - 2014-05-15 16:51 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-26 17:50 - 2014-11-26 17:50 - 00186760 _____ () C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-01-09 12:48 - 2015-01-09 12:48 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010801\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-29 12:34 - 2014-12-29 12:34 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2006-10-26 21:30 - 2006-10-26 21:30 - 00065312 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2006-10-27 15:35 - 2006-10-27 15:35 - 00436512 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2006-10-26 13:56 - 2006-10-26 13:56 - 00757008 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Cabug-os\Downloads\Dev-Cpp 5.6.1 TDM-GCC x64 4.8.1 Setup.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BitTorrent => "C:\Users\Cabug-os\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Domino => C:\Windows\Domino.exe
MSCONFIG\startupreg: DownloadAccelerator => "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
MSCONFIG\startupreg: Facebook Update => "C:\Users\Cabug-os\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: IMMON => "C:\Program Files (x86)\IM Magician\Vicamon.exe"
MSCONFIG\startupreg: IMMONSUPPORT => "C:\Program Files (x86)\IM Magician\vmonproc.exe" /cls=IMMAGICIAN_CAMERA_MONITOR_I /exe=Vicamon.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: USB Security => C:\Program Files (x86)\USB Disk Security\USBGuard.exe
MSCONFIG\startupreg: VMSnap3 => C:\Windows\VMSnap3.exe
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-428620182-2791128249-1741837046-500 - Administrator - Disabled)
Cabug-os (S-1-5-21-428620182-2791128249-1741837046-1000 - Administrator - Enabled) => C:\Users\Cabug-os
Guest (S-1-5-21-428620182-2791128249-1741837046-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/08/2015 09:13:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6646
 
Error: (01/08/2015 09:13:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6646
 
Error: (01/08/2015 09:13:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/08/2015 06:19:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11107
 
Error: (01/08/2015 06:19:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11107
 
Error: (01/08/2015 06:19:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/08/2015 06:19:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10109
 
Error: (01/08/2015 06:19:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10109
 
Error: (01/08/2015 06:19:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/08/2015 06:19:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9111
 
 
System errors:
=============
Error: (01/09/2015 01:12:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/09/2015 01:11:35 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume E: encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (01/09/2015 01:02:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (01/09/2015 01:02:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (01/09/2015 01:02:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (01/09/2015 01:01:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/09/2015 01:00:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:58:59 PM on ‎1/‎9/‎2015 was unexpected.
 
Error: (01/09/2015 01:00:22 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume E: encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (01/09/2015 00:47:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/09/2015 00:47:00 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume E: encountered a non-retryable error and could not start.  The data contains the error code.
 
 
Microsoft Office Sessions:
=========================
Error: (09/26/2014 10:18:16 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4236 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-17 18:28:06.794
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\agilevpn.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-17 18:28:06.731
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\agilevpn.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-28 14:37:48.599
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\srvnet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-05 13:53:57.349
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-05 13:53:56.257
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-05 13:53:46.210
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\dfsc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-05 13:53:46.195
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\dfsc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-09 17:11:01.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00226_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-09 15:22:15.897
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00226_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-09 14:04:03.355
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\avc3_000_001\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-5300 APU with Radeon™ HD Graphics 
Percentage of memory in use: 31%
Total physical RAM: 4057.66 MB
Available physical RAM: 2759.32 MB
Total Pagefile: 8113.49 MB
Available Pagefile: 6654.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:130.83 GB) (Free:9.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:18.21 GB) (Free:3.67 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: DD17ADFE)
Partition 1: (Not Active) - (Size=18.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=3 MB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=130.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
Pls. Give me some feedback about the logs. Thank you
 


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 09 January 2015 - 09:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

uSearch Page = hxxps://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
mSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
mSearch Page = hxxps://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: {6c14185e-4de6-4a79-985b-19f23fd1e638} -
x64-SSODL: WebCheck -
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search/?trackid=sp-006
FF - prefs.js: browser.search.selectedEngine - Google (avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?trackid=sp-006
FF - prefs.js: keyword.URL - hxxps://www.google.com/search/?trackid=sp-006
R1 {078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64;{078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64;C:\Windows\System32\drivers\{078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64.sys [2014-12-9 48784]
R1 {2bf1e193-df72-4e3c-9f15-d1dc6e2f810f}Gw64;{2bf1e193-df72-4e3c-9f15-d1dc6e2f810f}Gw64;C:\Windows\System32\drivers\{2bf1e193-df72-4e3c-9f15-d1dc6e2f810f}Gw64.sys [2014-12-6 48784]
R1 {507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64;{507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64;C:\Windows\System32\drivers\{507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64.sys [2014-12-4 48776]
R1 {8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64;{8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64;C:\Windows\System32\drivers\{8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64.sys [2014-12-15 48784]
R1 {a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64;{a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64;C:\Windows\System32\drivers\{a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64.sys [2014-12-13 48784]
R1 {c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64;{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64;C:\Windows\System32\drivers\{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64.sys [2014-12-28 48784]
R1 {df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64;{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64;C:\Windows\System32\drivers\{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64.sys [2014-11-30 48776]
R1 {f0087990-17d0-4537-ad91-6a7a9c5c1b37}Gw64;{f0087990-17d0-4537-ad91-6a7a9c5c1b37}Gw64;C:\Windows\System32\drivers\{f0087990-17d0-4537-ad91-6a7a9c5c1b37}Gw64.sys [2014-11-28 48776]
R1 {f2f2c4d5-f6ac-4c21-8cea-257783669e49}Gw64;{f2f2c4d5-f6ac-4c21-8cea-257783669e49}Gw64;C:\Windows\System32\drivers\{f2f2c4d5-f6ac-4c21-8cea-257783669e49}Gw64.sys [2014-11-29 48776]
R1 {fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64;{fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64;C:\Windows\System32\drivers\{fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64.sys [2014-12-19 48784]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Cabug-os\Downloads\Dev-Cpp 5.6.1 TDM-GCC x64 4.8.1 Setup.exe:BDU

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Reset the browsers that have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

How is the computer running now?

#10 mhelmustlive

mhelmustlive
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 12 January 2015 - 09:04 PM

Hi Nasdaq,

Thank you again. Here's the fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Cabug-os at 2015-01-13 09:54:11 Run:1
Running from C:\Users\Cabug-os\Downloads\Programs
Loaded Profile: Cabug-os (Available profiles: Cabug-os)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
uSearch Page = hxxps://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
mSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
mSearch Page = hxxps://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: {6c14185e-4de6-4a79-985b-19f23fd1e638} -
x64-SSODL: WebCheck -
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search/?trackid=sp-006
FF - prefs.js: browser.search.selectedEngine - Google (avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?trackid=sp-006
FF - prefs.js: keyword.URL - hxxps://www.google.com/search/?trackid=sp-006
R1 {078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64;{078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64;C:\Windows\System32\drivers\{078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64.sys [2014-12-9 48784]
R1 {2bf1e193-df72-4e3c-9f15-d1dc6e2f810f}Gw64;{2bf1e193-df72-4e3c-9f15-d1dc6e2f810f}Gw64;C:\Windows\System32\drivers\{2bf1e193-df72-4e3c-9f15-d1dc6e2f810f}Gw64.sys [2014-12-6 48784]
R1 {507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64;{507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64;C:\Windows\System32\drivers\{507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64.sys [2014-12-4 48776]
R1 {8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64;{8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64;C:\Windows\System32\drivers\{8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64.sys [2014-12-15 48784]
R1 {a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64;{a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64;C:\Windows\System32\drivers\{a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64.sys [2014-12-13 48784]
R1 {c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64;{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64;C:\Windows\System32\drivers\{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64.sys [2014-12-28 48784]
R1 {df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64;{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64;C:\Windows\System32\drivers\{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64.sys [2014-11-30 48776]
R1 {f0087990-17d0-4537-ad91-6a7a9c5c1b37}Gw64;{f0087990-17d0-4537-ad91-6a7a9c5c1b37}Gw64;C:\Windows\System32\drivers\{f0087990-17d0-4537-ad91-6a7a9c5c1b37}Gw64.sys [2014-11-28 48776]
R1 {f2f2c4d5-f6ac-4c21-8cea-257783669e49}Gw64;{f2f2c4d5-f6ac-4c21-8cea-257783669e49}Gw64;C:\Windows\System32\drivers\{f2f2c4d5-f6ac-4c21-8cea-257783669e49}Gw64.sys [2014-11-29 48776]
R1 {fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64;{fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64;C:\Windows\System32\drivers\{fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64.sys [2014-12-19 48784]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Cabug-os\Downloads\Dev-Cpp 5.6.1 TDM-GCC x64 4.8.1 Setup.exe:BDU
 
End
*****************
 
Processes closed successfully.
uSearch Page = hxxps://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} => Error: No automatic fix found for this entry.
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl => Error: No automatic fix found for this entry.
mSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl => Error: No automatic fix found for this entry.
mSearch Page = hxxps://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: {6c14185e-4de6-4a79-985b-19f23fd1e638} - => Key not found. 
HKCR\CLSID\BHO: {6c14185e-4de6-4a79-985b-19f23fd1e638} - => Key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\x64-SSODL: WebCheck - => Value not found.
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search/?trackid=sp-006 => Error: No automatic fix found for this entry.
FF - prefs.js: browser.search.selectedEngine - Google (avast) => Error: No automatic fix found for this entry.
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?trackid=sp-006 => Error: No automatic fix found for this entry.
FF - prefs.js: keyword.URL - hxxps://www.google.com/search/?trackid=sp-006 => Error: No automatic fix found for this entry.
{078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64 => Service not found.
{2bf1e193-df72-4e3c-9f15-d1dc6e2f810f}Gw64 => Service not found.
{507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64 => Service not found.
{8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64 => Service not found.
{a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64 => Service not found.
{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64 => Service not found.
{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64 => Service not found.
{f0087990-17d0-4537-ad91-6a7a9c5c1b37}Gw64 => Service not found.
{f2f2c4d5-f6ac-4c21-8cea-257783669e49}Gw64 => Service not found.
{fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64 => Service not found.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
C:\Users\Cabug-os\Downloads\Dev-Cpp 5.6.1 TDM-GCC x64 4.8.1 Setup.exe => ":BDU" ADS removed successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 09:54:19 ====


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 13 January 2015 - 10:01 AM

That fix did not go soo well.

Please run the Farbar tool normally and post a fresh FRST log for my review.

Let me know what issues you are still having with this computer.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 19 January 2015 - 08:31 AM

Are you still with me?

#13 mhelmustlive

mhelmustlive
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 20 January 2015 - 11:15 PM

Hi Nasdaq, sorry for the late reply. Here's the fresh FRST log.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Cabug-os (administrator) on CABUG-OS-PC on 21-01-2015 12:02:59
Running from C:\Users\Cabug-os\Downloads\Programs
Loaded Profiles: Cabug-os (Available profiles: Cabug-os)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(BitTorrent Inc.) C:\Users\Cabug-os\AppData\Roaming\BitTorrent\BitTorrent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-05-26] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3519936 2014-10-09] (Tonec Inc.)
HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\Run: [BitTorrent] => C:\Users\Cabug-os\AppData\Roaming\BitTorrent\BitTorrent.exe [1388888 2014-11-26] (BitTorrent Inc.)
HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1348944 2012-11-19] (Valve Corporation)
HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\Run: [Start.exe] => C:\ProgramData\Microsoft\Windows\Start Menu\DCSCMIN\mEMksbnvQxBF\IMDCSC.exe
HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\RunOnce: [Uninstall C:\Users\Cabug-os\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cabug-os\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe [650928 2015-01-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\MountPoints2: G - G:\Launch.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-428620182-2791128249-1741837046-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-428620182-2791128249-1741837046-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ph/?ocid=iehp
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 110.93.65.11 110.93.66.11
 
FireFox:
========
FF ProfilePath: C:\Users\Cabug-os\AppData\Roaming\Mozilla\Firefox\Profiles\yqsb99z5.default-1421114979182
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-428620182-2791128249-1741837046-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Cabug-os\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-29]
FF HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Cabug-os\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Cabug-os\AppData\Roaming\IDM\idmmzcc5 [2014-10-09]
FF HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Cabug-os\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR Profile: C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-07]
CHR Extension: (Google Docs) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-07]
CHR Extension: (Google Drive) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-07]
CHR Extension: (YouTube) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-07]
CHR Extension: (Google Search) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-07]
CHR Extension: (Google Sheets) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-07]
CHR Extension: (Avast Online Security) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-07]
CHR Extension: (Google Wallet) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-07]
CHR Extension: (Gmail) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-29]
CHR HKLM-x32\...\Chrome\Extension: [kbhplonhjleiopohgmppianogioknked] - C:\Program Files\Common Files\SpeedBit\SBUpdate\NewTabLaunch.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-29] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-29] (Avast Software)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-15] ()
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2014-11-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-29] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-29] (Avast Software)
S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [308096 2007-06-23] (Vimicro Corporation)
S3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1494656 2007-03-25] (Vimicro Corporation)
S3 SBUpdd; \??\C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-21 12:01 - 2015-01-21 12:01 - 00000000 _____ () C:\Users\Cabug-os\Desktop\fixlist.txt
2015-01-19 20:37 - 2015-01-19 20:45 - 00000000 ____D () C:\Users\Cabug-os\Desktop\A Walk to Remember-2002
2015-01-19 20:37 - 2015-01-19 20:37 - 00000000 ____D () C:\Users\Cabug-os\Desktop\500 Days Of Summer - 2009
2015-01-19 20:01 - 2015-01-19 20:01 - 00000000 ____D () C:\Users\Cabug-os\Desktop\HG
2015-01-13 09:52 - 2015-01-13 09:52 - 00000000 ____D () C:\Users\Cabug-os\Documents\Programs2
2015-01-09 13:19 - 2015-01-21 12:03 - 00000000 ____D () C:\FRST
2015-01-08 19:58 - 2015-01-08 19:58 - 00000318 _____ () C:\Users\Cabug-os\Downloads\Invitation-18-FINAL (1).pages
2015-01-08 19:57 - 2015-01-08 19:57 - 00000318 _____ () C:\Users\Cabug-os\Downloads\Invitation-18-FINAL.zip
2015-01-08 09:43 - 2015-01-08 09:56 - 00000000 ____D () C:\Users\Cabug-os\TreeHouse1
2015-01-07 11:23 - 2015-01-19 18:15 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-07 11:23 - 2015-01-07 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-07 11:07 - 2015-01-21 11:12 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 11:07 - 2015-01-21 11:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 11:07 - 2015-01-07 11:07 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-07 11:07 - 2015-01-07 11:07 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-07 10:55 - 2015-01-07 10:56 - 06000640 _____ () C:\Program Files (x86)\GUTB0C9.tmp
2015-01-07 10:55 - 2015-01-07 10:55 - 00000000 ____D () C:\Program Files (x86)\GUMB0C8.tmp
2015-01-06 15:39 - 2015-01-06 15:39 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-06 15:39 - 2015-01-06 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-06 15:39 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-06 15:38 - 2015-01-06 15:39 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-06 15:38 - 2015-01-06 15:39 - 00000000 ____D () C:\Program Files\iTunes
2015-01-06 15:38 - 2015-01-06 15:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-06 15:38 - 2015-01-06 15:38 - 00000000 ____D () C:\Program Files\iPod
2015-01-06 15:32 - 2015-01-06 15:32 - 00000197 _____ () C:\Windows\system32\2015-01-06-07-32-03.077-AvastVBoxSVC.exe-2760.log
2015-01-06 14:11 - 2015-01-06 14:56 - 122418480 _____ (Apple Inc.) C:\Users\Cabug-os\Downloads\iTunes64Setup.exe
2015-01-06 14:03 - 2015-01-06 14:03 - 00000197 _____ () C:\Windows\system32\2015-01-06-06-03-28.042-AvastVBoxSVC.exe-2912.log
2015-01-06 12:51 - 2015-01-06 12:51 - 00000197 _____ () C:\Windows\system32\2015-01-06-04-51-20.051-AvastVBoxSVC.exe-2956.log
2015-01-05 10:44 - 2015-01-05 10:44 - 00000197 _____ () C:\Windows\system32\2015-01-05-02-44-19.042-AvastVBoxSVC.exe-5068.log
2015-01-05 10:18 - 2015-01-09 13:10 - 00000000 ____D () C:\AdwCleaner
2015-01-05 09:23 - 2015-01-05 09:23 - 00000197 _____ () C:\Windows\system32\2015-01-05-01-23-04.052-AvastVBoxSVC.exe-1716.log
2015-01-04 21:33 - 2015-01-04 21:33 - 00000197 _____ () C:\Windows\system32\2015-01-04-13-33-28.026-AvastVBoxSVC.exe-2980.log
2015-01-04 10:38 - 2015-01-21 11:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-04 10:38 - 2015-01-04 10:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-04 10:20 - 2015-01-04 10:20 - 00000197 _____ () C:\Windows\system32\2015-01-04-02-20-24.089-AvastVBoxSVC.exe-1396.log
2015-01-03 18:36 - 2015-01-03 18:36 - 00000197 _____ () C:\Windows\system32\2015-01-03-10-36-06.004-AvastVBoxSVC.exe-3080.log
2015-01-03 09:27 - 2015-01-03 09:27 - 00000197 _____ () C:\Windows\system32\2015-01-03-01-27-37.042-AvastVBoxSVC.exe-2492.log
2015-01-02 19:44 - 2015-01-02 19:45 - 00000197 _____ () C:\Windows\system32\2015-01-02-11-44-54.030-AvastVBoxSVC.exe-3212.log
2015-01-01 19:12 - 2015-01-01 19:13 - 00000197 _____ () C:\Windows\system32\2015-01-01-11-12-53.040-AvastVBoxSVC.exe-352.log
2014-12-31 19:02 - 2015-01-03 09:34 - 00000000 ____D () C:\Users\Cabug-os\Downloads\IELTS Advantage - Reading + Writing Skills - by Jeremy Taylor , Jon Wright,by Richard Brown , Lewis Richards - Mantesh
2014-12-31 18:57 - 2014-12-31 18:57 - 00000197 _____ () C:\Windows\system32\2014-12-31-10-57-46.094-AvastVBoxSVC.exe-3084.log
2014-12-31 13:10 - 2014-12-31 13:11 - 00000197 _____ () C:\Windows\system32\2014-12-31-05-10-59.035-AvastVBoxSVC.exe-468.log
2014-12-30 17:30 - 2014-12-30 17:30 - 00015272 _____ () C:\Users\Cabug-os\Documents\Book1.xlsx
2014-12-30 08:34 - 2015-01-05 09:27 - 00003288 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-428620182-2791128249-1741837046-1000
2014-12-30 08:22 - 2014-12-30 08:22 - 00000197 _____ () C:\Windows\system32\2014-12-30-00-22-26.048-AvastVBoxSVC.exe-3312.log
2014-12-29 19:16 - 2014-12-29 19:16 - 00000197 _____ () C:\Windows\system32\2014-12-29-11-16-07.016-AvastVBoxSVC.exe-3920.log
2014-12-29 18:39 - 2014-12-29 18:40 - 00000197 _____ () C:\Windows\system32\2014-12-29-10-39-55.024-AvastVBoxSVC.exe-3516.log
2014-12-29 14:20 - 2014-12-29 14:20 - 00000000 ____D () C:\Users\Cabug-os\AppData\Roaming\AVAST Software
2014-12-29 13:04 - 2014-12-29 13:04 - 00000247 _____ () C:\Windows\system32\2014-12-29-05-04-03.012-aswFe.exe-2400.log
2014-12-29 12:59 - 2014-12-29 13:03 - 00000247 _____ () C:\Windows\system32\2014-12-29-04-59-13.054-aswFe.exe-1460.log
2014-12-29 12:59 - 2014-12-29 12:59 - 00000197 _____ () C:\Windows\system32\2014-12-29-04-59-06.045-AvastVBoxSVC.exe-892.log
2014-12-29 12:54 - 2014-12-29 12:54 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-29 12:54 - 2014-12-29 12:54 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-29 12:53 - 2015-01-19 17:46 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-29 12:53 - 2014-12-29 12:53 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-29 12:53 - 2014-12-29 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-29 12:34 - 2014-12-29 18:42 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-29 12:34 - 2014-12-29 12:34 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-29 12:34 - 2014-12-29 12:34 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-29 12:34 - 2014-12-29 12:34 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-29 12:34 - 2014-12-29 12:34 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-29 12:34 - 2014-12-29 12:34 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-29 12:34 - 2014-12-29 12:34 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-29 12:34 - 2014-12-29 12:34 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-29 12:34 - 2014-12-29 12:34 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-29 12:34 - 2014-12-29 12:34 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-29 12:25 - 2014-12-04 11:52 - 00001783 _____ () C:\Users\Cabug-os\Desktop\Play CS-GO.lnk
2014-12-29 11:27 - 2014-12-29 11:27 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-29 11:14 - 2014-12-29 11:14 - 00000000 ____D () C:\Users\Cabug-os\Desktop\developer android
2014-12-29 11:05 - 2015-01-20 13:26 - 00000000 ____D () C:\Users\Cabug-os\Desktop\archive
2014-12-28 12:07 - 2014-12-28 12:07 - 00000000 ____D () C:\Users\Cabug-os\Downloads\Avast! Pro Antivirus 2015 - 10.0.2206
2014-12-26 13:07 - 2014-12-26 13:07 - 00000000 ____D () C:\Users\Cabug-os\AppData\Local\Macromedia
2014-12-26 13:02 - 2014-12-26 13:02 - 00000000 ____D () C:\ProgramData\McAfee
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-21 12:00 - 2013-12-30 13:14 - 00000000 ____D () C:\Users\Cabug-os\AppData\Roaming\BitTorrent
2015-01-21 11:16 - 2014-02-06 19:14 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-428620182-2791128249-1741837046-1000UA.job
2015-01-21 11:16 - 2014-02-06 19:14 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-428620182-2791128249-1741837046-1000Core.job
2015-01-21 11:03 - 2013-12-30 15:54 - 00000000 ____D () C:\Users\Cabug-os\AppData\Local\Adobe
2015-01-21 10:58 - 2009-07-14 12:45 - 00013424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 10:58 - 2009-07-14 12:45 - 00013424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 10:56 - 2013-12-25 12:13 - 01260279 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 10:54 - 2014-02-03 15:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-21 10:52 - 2014-11-29 12:57 - 00014132 _____ () C:\Windows\setupact.log
2015-01-21 10:52 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 17:18 - 2009-07-14 13:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 20:26 - 2014-01-01 14:05 - 00000000 ____D () C:\Users\Cabug-os\AppData\Roaming\vlc
2015-01-19 12:42 - 2014-10-09 14:10 - 00000000 ____D () C:\Users\Cabug-os\AppData\Roaming\DMCache
2015-01-12 21:03 - 2009-07-14 13:08 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 13:11 - 2014-11-29 12:56 - 00832108 _____ () C:\Windows\PFRO.log
2015-01-08 20:36 - 2014-10-12 13:56 - 00000000 ____D () C:\Users\Cabug-os\AppData\Roaming\Apple Computer
2015-01-08 19:35 - 2014-11-27 23:31 - 00000000 ____D () C:\Users\Cabug-os\Downloads\Video
2015-01-08 09:43 - 2013-12-25 12:19 - 00000000 ____D () C:\Users\Cabug-os
2015-01-07 11:55 - 2014-12-18 14:48 - 00000743 _____ () C:\Users\Cabug-os\Documents\mofos2.txt
2015-01-07 11:23 - 2013-12-25 12:22 - 00000000 ____D () C:\Users\Cabug-os\AppData\Local\Google
2015-01-07 11:23 - 2013-12-25 12:22 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-07 11:15 - 2014-10-09 14:10 - 00000000 ____D () C:\Users\Cabug-os\Downloads\Compressed
2015-01-07 11:15 - 2014-01-17 13:07 - 00000000 ____D () C:\Users\Cabug-os\Downloads\AVIRA SYSTEM SPEEDUP [ v 1.2.1.8300][ INCL REG] - [MAHIY]
2015-01-07 11:11 - 2014-02-07 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-07 11:09 - 2014-11-19 09:58 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-07 11:09 - 2014-10-26 16:09 - 00000000 ____D () C:\Users\Cabug-os\AppData\Local\HP
2015-01-07 11:09 - 2014-02-07 18:22 - 00000000 ____D () C:\Program Files (x86)\HP
2015-01-07 11:07 - 2014-12-05 14:49 - 00000000 ____D () C:\Users\Cabug-os\AppData\Local\Deployment
2015-01-06 15:38 - 2014-10-12 13:55 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-06 15:38 - 2014-10-12 13:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-06 15:34 - 2014-10-12 13:53 - 00000000 ____D () C:\ProgramData\Apple
2015-01-05 11:17 - 2014-12-18 14:47 - 00020337 _____ () C:\Users\Cabug-os\Documents\norp.text
2015-01-04 10:38 - 2013-12-26 01:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-04 10:38 - 2013-12-26 01:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-30 08:44 - 2014-12-08 14:44 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-30 08:34 - 2013-12-30 13:21 - 00000000 ____D () C:\Program Files (x86)\DAP
2014-12-30 08:24 - 2009-07-14 10:34 - 00000580 _____ () C:\Windows\win.ini
2014-12-29 11:27 - 2014-04-30 12:36 - 00000000 ____D () C:\ProgramData\AVAST Software
 
==================== Files in the root of some directories =======
2015-01-07 10:55 - 2015-01-07 10:56 - 6000640 _____ () C:\Program Files (x86)\GUTB0C9.tmp
2014-09-22 20:58 - 2014-11-21 14:10 - 0000132 _____ () C:\Users\Cabug-os\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-09-26 12:51 - 2014-10-18 17:18 - 0000034 _____ () C:\Users\Cabug-os\AppData\Roaming\AdobeWLCMCache.dat
2013-12-25 16:19 - 2013-12-25 16:19 - 0000000 ___SH () C:\Users\Cabug-os\AppData\Local\LumaEmu
2014-04-30 13:20 - 2014-04-30 13:20 - 0007598 _____ () C:\Users\Cabug-os\AppData\Local\Resmon.ResmonCfg
2014-01-19 16:22 - 2014-01-19 16:22 - 0004476 _____ () C:\ProgramData\1390119714.1292.bin
2014-01-19 16:22 - 2014-01-19 16:22 - 0005671 _____ () C:\ProgramData\1390119714.2380.bin
2014-01-19 16:22 - 2014-01-19 16:22 - 0070501 _____ () C:\ProgramData\1390119714.2972.bin
2014-01-19 16:22 - 2014-01-19 16:22 - 0000558 _____ () C:\ProgramData\1390119714.3352.bin
2014-01-19 16:21 - 2014-01-19 16:22 - 0096795 _____ () C:\ProgramData\1390119714.3452.bin
2014-01-19 16:22 - 2014-01-19 16:22 - 0003042 _____ () C:\ProgramData\1390119714.3704.bin
2014-01-19 16:22 - 2014-01-19 16:22 - 0000558 _____ () C:\ProgramData\1390119714.3860.bin
2014-01-19 16:22 - 2014-01-19 16:23 - 0005667 _____ () C:\ProgramData\1390119714.3900.bin
2014-01-19 16:22 - 2014-01-19 16:22 - 0012480 _____ () C:\ProgramData\1390119714.904.bin
2014-01-19 16:25 - 2014-01-19 16:25 - 0049833 _____ () C:\ProgramData\1390119942.bdinstall.bin
2014-01-19 16:31 - 2014-01-19 16:31 - 0365391 _____ () C:\ProgramData\1390120098.bdinstall.bin
2014-01-22 13:36 - 2014-01-22 13:36 - 0365144 _____ () C:\ProgramData\1390368612.bdinstall.bin
2014-02-09 09:52 - 2014-02-09 09:52 - 0362455 _____ () C:\ProgramData\1391910536.bdinstall.bin
2014-02-07 18:21 - 2014-02-07 18:27 - 0000818 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\Cabug-os\AppData\Local\Temp\CloudBackup2621.exe
C:\Users\Cabug-os\AppData\Local\Temp\ICReinstall_MP3CutterJoinerFree.exe
C:\Users\Cabug-os\AppData\Local\Temp\Quarantine.exe
C:\Users\Cabug-os\AppData\Local\Temp\sqlite3.dll
C:\Users\Cabug-os\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-19 18:28
 
==================== End Of Log ============================
 
Thank you. Give me updates and next steps, if there's still a problem.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 21 January 2015 - 08:44 AM


This entry is suspicious.

HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\Run: [Start.exe] => C:\ProgramData\Microsoft\Windows\Start Menu\DCSCMIN\mEMksbnvQxBF\IMDCSC.exe



Please analyze the file at VirusTotal
Submit the file in bold C:\ProgramData\Microsoft\Windows\Start Menu\DCSCMIN\mEMksbnvQxBF\IMDCSC.exe
here:
https://www.virustotal.com/

If reported to be malware include these two entries in the code box below.

HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\Run: [Start.exe] => C:\ProgramData\Microsoft\Windows\Start Menu\DCSCMIN\mEMksbnvQxBF\IMDCSC.exe
C:\ProgramData\Microsoft\Windows\Start Menu\DCSCMIN


===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\Run: [AdobeBridge] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-428620182-2791128249-1741837046-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
CHR Extension: (Google Wallet) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-07]
CHR HKLM-x32\...\Chrome\Extension: [kbhplonhjleiopohgmppianogioknked] - C:\Program Files\Common Files\SpeedBit\SBUpdate\NewTabLaunch.crx [Not Found]
S3 SBUpdd; \??\C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#15 mhelmustlive

mhelmustlive
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 21 January 2015 - 09:26 PM

Hi, Nasdaq.. I already did the instructions above and it looks like the file DCSCMIN\mEMksbnvQxBF\IMDCSC.exe   has gone.   

Heres the latest Fixlog

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by Cabug-os (administrator) on CABUG-OS-PC on 22-01-2015 10:20:18
Running from C:\Users\Cabug-os\Downloads\Programs
Loaded Profiles: Cabug-os (Available profiles: Cabug-os)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(BitTorrent Inc.) C:\Users\Cabug-os\AppData\Roaming\BitTorrent\BitTorrent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-05-26] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3519936 2014-10-09] (Tonec Inc.)
HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\Run: [BitTorrent] => C:\Users\Cabug-os\AppData\Roaming\BitTorrent\BitTorrent.exe [1388888 2014-11-26] (BitTorrent Inc.)
HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1348944 2012-11-19] (Valve Corporation)
HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\RunOnce: [Uninstall C:\Users\Cabug-os\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cabug-os\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\MountPoints2: G - G:\Launch.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-428620182-2791128249-1741837046-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ph/?ocid=iehp
SearchScopes: HKU\S-1-5-21-428620182-2791128249-1741837046-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 110.93.65.11 110.93.66.11
 
FireFox:
========
FF ProfilePath: C:\Users\Cabug-os\AppData\Roaming\Mozilla\Firefox\Profiles\zdrynhda.default-1421813504315
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-428620182-2791128249-1741837046-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Cabug-os\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-29]
FF HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Cabug-os\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Cabug-os\AppData\Roaming\IDM\idmmzcc5 [2014-10-09]
FF HKU\S-1-5-21-428620182-2791128249-1741837046-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Cabug-os\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR Profile: C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-07]
CHR Extension: (Google Docs) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-07]
CHR Extension: (Google Drive) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-07]
CHR Extension: (YouTube) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-07]
CHR Extension: (Google Search) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-07]
CHR Extension: (Google Sheets) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-07]
CHR Extension: (Avast Online Security) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-07]
CHR Extension: (Gmail) - C:\Users\Cabug-os\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-29]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-29] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-29] (Avast Software)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-15] ()
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2014-11-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-29] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-29] (Avast Software)
S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [308096 2007-06-23] (Vimicro Corporation)
S3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1494656 2007-03-25] (Vimicro Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-21 14:21 - 2015-01-21 14:22 - 00000000 ____D () C:\Users\Cabug-os\Documents\Adobe notepad
2015-01-21 12:11 - 2015-01-21 12:11 - 00000000 ____D () C:\Users\Cabug-os\Desktop\Old Firefox Data
2015-01-19 20:37 - 2015-01-19 20:45 - 00000000 ____D () C:\Users\Cabug-os\Desktop\A Walk to Remember-2002
2015-01-19 20:37 - 2015-01-19 20:37 - 00000000 ____D () C:\Users\Cabug-os\Desktop\500 Days Of Summer - 2009
2015-01-19 20:01 - 2015-01-19 20:01 - 00000000 ____D () C:\Users\Cabug-os\Desktop\HG
2015-01-13 09:52 - 2015-01-13 09:52 - 00000000 ____D () C:\Users\Cabug-os\Documents\Programs2
2015-01-09 13:19 - 2015-01-22 10:20 - 00000000 ____D () C:\FRST
2015-01-08 19:58 - 2015-01-08 19:58 - 00000318 _____ () C:\Users\Cabug-os\Downloads\Invitation-18-FINAL (1).pages
2015-01-08 19:57 - 2015-01-08 19:57 - 00000318 _____ () C:\Users\Cabug-os\Downloads\Invitation-18-FINAL.zip
2015-01-08 09:43 - 2015-01-08 09:56 - 00000000 ____D () C:\Users\Cabug-os\TreeHouse1
2015-01-07 11:23 - 2015-01-19 18:15 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-07 11:23 - 2015-01-07 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-07 11:07 - 2015-01-22 10:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 11:07 - 2015-01-22 10:13 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 11:07 - 2015-01-07 11:07 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-07 11:07 - 2015-01-07 11:07 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-07 10:55 - 2015-01-07 10:56 - 06000640 _____ () C:\Program Files (x86)\GUTB0C9.tmp
2015-01-07 10:55 - 2015-01-07 10:55 - 00000000 ____D () C:\Program Files (x86)\GUMB0C8.tmp
2015-01-06 15:39 - 2015-01-06 15:39 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-06 15:39 - 2015-01-06 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-06 15:39 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-06 15:38 - 2015-01-06 15:39 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-06 15:38 - 2015-01-06 15:39 - 00000000 ____D () C:\Program Files\iTunes
2015-01-06 15:38 - 2015-01-06 15:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-06 15:38 - 2015-01-06 15:38 - 00000000 ____D () C:\Program Files\iPod
2015-01-06 15:32 - 2015-01-06 15:32 - 00000197 _____ () C:\Windows\system32\2015-01-06-07-32-03.077-AvastVBoxSVC.exe-2760.log
2015-01-06 14:11 - 2015-01-06 14:56 - 122418480 _____ (Apple Inc.) C:\Users\Cabug-os\Downloads\iTunes64Setup.exe
2015-01-06 14:03 - 2015-01-06 14:03 - 00000197 _____ () C:\Windows\system32\2015-01-06-06-03-28.042-AvastVBoxSVC.exe-2912.log
2015-01-06 12:51 - 2015-01-06 12:51 - 00000197 _____ () C:\Windows\system32\2015-01-06-04-51-20.051-AvastVBoxSVC.exe-2956.log
2015-01-05 10:44 - 2015-01-05 10:44 - 00000197 _____ () C:\Windows\system32\2015-01-05-02-44-19.042-AvastVBoxSVC.exe-5068.log
2015-01-05 10:18 - 2015-01-09 13:10 - 00000000 ____D () C:\AdwCleaner
2015-01-05 09:23 - 2015-01-05 09:23 - 00000197 _____ () C:\Windows\system32\2015-01-05-01-23-04.052-AvastVBoxSVC.exe-1716.log
2015-01-04 21:33 - 2015-01-04 21:33 - 00000197 _____ () C:\Windows\system32\2015-01-04-13-33-28.026-AvastVBoxSVC.exe-2980.log
2015-01-04 10:38 - 2015-01-22 10:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-04 10:38 - 2015-01-04 10:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-04 10:20 - 2015-01-04 10:20 - 00000197 _____ () C:\Windows\system32\2015-01-04-02-20-24.089-AvastVBoxSVC.exe-1396.log
2015-01-03 18:36 - 2015-01-03 18:36 - 00000197 _____ () C:\Windows\system32\2015-01-03-10-36-06.004-AvastVBoxSVC.exe-3080.log
2015-01-03 09:27 - 2015-01-03 09:27 - 00000197 _____ () C:\Windows\system32\2015-01-03-01-27-37.042-AvastVBoxSVC.exe-2492.log
2015-01-02 19:44 - 2015-01-02 19:45 - 00000197 _____ () C:\Windows\system32\2015-01-02-11-44-54.030-AvastVBoxSVC.exe-3212.log
2015-01-01 19:12 - 2015-01-01 19:13 - 00000197 _____ () C:\Windows\system32\2015-01-01-11-12-53.040-AvastVBoxSVC.exe-352.log
2014-12-31 19:02 - 2015-01-03 09:34 - 00000000 ____D () C:\Users\Cabug-os\Downloads\IELTS Advantage - Reading + Writing Skills - by Jeremy Taylor , Jon Wright,by Richard Brown , Lewis Richards - Mantesh
2014-12-31 18:57 - 2014-12-31 18:57 - 00000197 _____ () C:\Windows\system32\2014-12-31-10-57-46.094-AvastVBoxSVC.exe-3084.log
2014-12-31 13:10 - 2014-12-31 13:11 - 00000197 _____ () C:\Windows\system32\2014-12-31-05-10-59.035-AvastVBoxSVC.exe-468.log
2014-12-30 17:30 - 2014-12-30 17:30 - 00015272 _____ () C:\Users\Cabug-os\Documents\Book1.xlsx
2014-12-30 08:34 - 2015-01-05 09:27 - 00003288 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-428620182-2791128249-1741837046-1000
2014-12-30 08:22 - 2014-12-30 08:22 - 00000197 _____ () C:\Windows\system32\2014-12-30-00-22-26.048-AvastVBoxSVC.exe-3312.log
2014-12-29 19:16 - 2014-12-29 19:16 - 00000197 _____ () C:\Windows\system32\2014-12-29-11-16-07.016-AvastVBoxSVC.exe-3920.log
2014-12-29 18:39 - 2014-12-29 18:40 - 00000197 _____ () C:\Windows\system32\2014-12-29-10-39-55.024-AvastVBoxSVC.exe-3516.log
2014-12-29 14:20 - 2014-12-29 14:20 - 00000000 ____D () C:\Users\Cabug-os\AppData\Roaming\AVAST Software
2014-12-29 13:04 - 2014-12-29 13:04 - 00000247 _____ () C:\Windows\system32\2014-12-29-05-04-03.012-aswFe.exe-2400.log
2014-12-29 12:59 - 2014-12-29 13:03 - 00000247 _____ () C:\Windows\system32\2014-12-29-04-59-13.054-aswFe.exe-1460.log
2014-12-29 12:59 - 2014-12-29 12:59 - 00000197 _____ () C:\Windows\system32\2014-12-29-04-59-06.045-AvastVBoxSVC.exe-892.log
2014-12-29 12:54 - 2014-12-29 12:54 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-29 12:54 - 2014-12-29 12:54 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-29 12:53 - 2015-01-19 17:46 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-29 12:53 - 2014-12-29 12:53 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-29 12:53 - 2014-12-29 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-29 12:34 - 2014-12-29 18:42 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-29 12:34 - 2014-12-29 12:34 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-29 12:34 - 2014-12-29 12:34 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-29 12:34 - 2014-12-29 12:34 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-29 12:34 - 2014-12-29 12:34 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-29 12:34 - 2014-12-29 12:34 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-29 12:34 - 2014-12-29 12:34 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-29 12:34 - 2014-12-29 12:34 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-29 12:34 - 2014-12-29 12:34 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-29 12:34 - 2014-12-29 12:34 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-29 12:25 - 2014-12-04 11:52 - 00001783 _____ () C:\Users\Cabug-os\Desktop\Play CS-GO.lnk
2014-12-29 11:27 - 2014-12-29 11:27 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-29 11:14 - 2014-12-29 11:14 - 00000000 ____D () C:\Users\Cabug-os\Desktop\developer android
2014-12-29 11:05 - 2015-01-20 13:26 - 00000000 ____D () C:\Users\Cabug-os\Desktop\archive
2014-12-28 12:07 - 2014-12-28 12:07 - 00000000 ____D () C:\Users\Cabug-os\Downloads\Avast! Pro Antivirus 2015 - 10.0.2206
2014-12-26 13:07 - 2014-12-26 13:07 - 00000000 ____D () C:\Users\Cabug-os\AppData\Local\Macromedia
2014-12-26 13:02 - 2014-12-26 13:02 - 00000000 ____D () C:\ProgramData\McAfee
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-22 10:17 - 2014-02-03 15:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-22 10:17 - 2013-12-30 13:14 - 00000000 ____D () C:\Users\Cabug-os\AppData\Roaming\BitTorrent
2015-01-22 10:16 - 2014-11-30 00:19 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-22 10:16 - 2014-11-29 12:57 - 00014356 _____ () C:\Windows\setupact.log
2015-01-22 10:16 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 10:15 - 2013-12-25 12:13 - 01323719 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 10:15 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-22 09:45 - 2013-12-30 15:54 - 00000000 ____D () C:\Users\Cabug-os\AppData\Local\Adobe
2015-01-22 09:40 - 2009-07-14 12:45 - 00013424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-22 09:40 - 2009-07-14 12:45 - 00013424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 14:16 - 2014-02-06 19:14 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-428620182-2791128249-1741837046-1000UA.job
2015-01-21 12:08 - 2009-07-14 13:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 11:16 - 2014-02-06 19:14 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-428620182-2791128249-1741837046-1000Core.job
2015-01-19 20:26 - 2014-01-01 14:05 - 00000000 ____D () C:\Users\Cabug-os\AppData\Roaming\vlc
2015-01-19 12:42 - 2014-10-09 14:10 - 00000000 ____D () C:\Users\Cabug-os\AppData\Roaming\DMCache
2015-01-12 21:03 - 2009-07-14 13:08 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 13:11 - 2014-11-29 12:56 - 00832108 _____ () C:\Windows\PFRO.log
2015-01-08 20:36 - 2014-10-12 13:56 - 00000000 ____D () C:\Users\Cabug-os\AppData\Roaming\Apple Computer
2015-01-08 19:35 - 2014-11-27 23:31 - 00000000 ____D () C:\Users\Cabug-os\Downloads\Video
2015-01-08 09:43 - 2013-12-25 12:19 - 00000000 ____D () C:\Users\Cabug-os
2015-01-07 11:55 - 2014-12-18 14:48 - 00000743 _____ () C:\Users\Cabug-os\Documents\mofos2.txt
2015-01-07 11:23 - 2013-12-25 12:22 - 00000000 ____D () C:\Users\Cabug-os\AppData\Local\Google
2015-01-07 11:23 - 2013-12-25 12:22 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-07 11:15 - 2014-10-09 14:10 - 00000000 ____D () C:\Users\Cabug-os\Downloads\Compressed
2015-01-07 11:15 - 2014-01-17 13:07 - 00000000 ____D () C:\Users\Cabug-os\Downloads\AVIRA SYSTEM SPEEDUP [ v 1.2.1.8300][ INCL REG] - [MAHIY]
2015-01-07 11:11 - 2014-02-07 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-07 11:09 - 2014-11-19 09:58 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-07 11:09 - 2014-10-26 16:09 - 00000000 ____D () C:\Users\Cabug-os\AppData\Local\HP
2015-01-07 11:09 - 2014-02-07 18:22 - 00000000 ____D () C:\Program Files (x86)\HP
2015-01-07 11:07 - 2014-12-05 14:49 - 00000000 ____D () C:\Users\Cabug-os\AppData\Local\Deployment
2015-01-06 15:38 - 2014-10-12 13:55 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-06 15:38 - 2014-10-12 13:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-06 15:34 - 2014-10-12 13:53 - 00000000 ____D () C:\ProgramData\Apple
2015-01-05 11:17 - 2014-12-18 14:47 - 00020337 _____ () C:\Users\Cabug-os\Documents\norp.text
2015-01-04 10:38 - 2013-12-26 01:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-04 10:38 - 2013-12-26 01:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-30 08:44 - 2014-12-08 14:44 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-30 08:34 - 2013-12-30 13:21 - 00000000 ____D () C:\Program Files (x86)\DAP
2014-12-30 08:24 - 2009-07-14 10:34 - 00000580 _____ () C:\Windows\win.ini
2014-12-29 11:27 - 2014-04-30 12:36 - 00000000 ____D () C:\ProgramData\AVAST Software
 
==================== Files in the root of some directories =======
2015-01-07 10:55 - 2015-01-07 10:56 - 6000640 _____ () C:\Program Files (x86)\GUTB0C9.tmp
2014-09-22 20:58 - 2014-11-21 14:10 - 0000132 _____ () C:\Users\Cabug-os\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-09-26 12:51 - 2014-10-18 17:18 - 0000034 _____ () C:\Users\Cabug-os\AppData\Roaming\AdobeWLCMCache.dat
2013-12-25 16:19 - 2013-12-25 16:19 - 0000000 ___SH () C:\Users\Cabug-os\AppData\Local\LumaEmu
2014-04-30 13:20 - 2014-04-30 13:20 - 0007598 _____ () C:\Users\Cabug-os\AppData\Local\Resmon.ResmonCfg
2014-01-19 16:22 - 2014-01-19 16:22 - 0004476 _____ () C:\ProgramData\1390119714.1292.bin
2014-01-19 16:22 - 2014-01-19 16:22 - 0005671 _____ () C:\ProgramData\1390119714.2380.bin
2014-01-19 16:22 - 2014-01-19 16:22 - 0070501 _____ () C:\ProgramData\1390119714.2972.bin
2014-01-19 16:22 - 2014-01-19 16:22 - 0000558 _____ () C:\ProgramData\1390119714.3352.bin
2014-01-19 16:21 - 2014-01-19 16:22 - 0096795 _____ () C:\ProgramData\1390119714.3452.bin
2014-01-19 16:22 - 2014-01-19 16:22 - 0003042 _____ () C:\ProgramData\1390119714.3704.bin
2014-01-19 16:22 - 2014-01-19 16:22 - 0000558 _____ () C:\ProgramData\1390119714.3860.bin
2014-01-19 16:22 - 2014-01-19 16:23 - 0005667 _____ () C:\ProgramData\1390119714.3900.bin
2014-01-19 16:22 - 2014-01-19 16:22 - 0012480 _____ () C:\ProgramData\1390119714.904.bin
2014-01-19 16:25 - 2014-01-19 16:25 - 0049833 _____ () C:\ProgramData\1390119942.bdinstall.bin
2014-01-19 16:31 - 2014-01-19 16:31 - 0365391 _____ () C:\ProgramData\1390120098.bdinstall.bin
2014-01-22 13:36 - 2014-01-22 13:36 - 0365144 _____ () C:\ProgramData\1390368612.bdinstall.bin
2014-02-09 09:52 - 2014-02-09 09:52 - 0362455 _____ () C:\ProgramData\1391910536.bdinstall.bin
2014-02-07 18:21 - 2014-02-07 18:27 - 0000818 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\Cabug-os\AppData\Local\Temp\CloudBackup2621.exe
C:\Users\Cabug-os\AppData\Local\Temp\ICReinstall_MP3CutterJoinerFree.exe
C:\Users\Cabug-os\AppData\Local\Temp\Quarantine.exe
C:\Users\Cabug-os\AppData\Local\Temp\sqlite3.dll
C:\Users\Cabug-os\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-19 18:28
 
==================== End Of Log ============================
 
Thank you.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users