Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection Url:Mal detection by AVAST


  • This topic is locked This topic is locked
11 replies to this topic

#1 bunuraya

bunuraya

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 03 September 2016 - 10:53 AM

i have problem in my site bunuraya[.]com, if i open it with google and firefox browser, avast show pop up "Infection URL:Mal". Please help me how to fix it.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by xnetbug (administrator) on XNETBUG-PC (03-09-2016 22:23:25)
Running from C:\Users\xnetbug\Desktop
Loaded Profiles: xnetbug (Available Profiles: xnetbug)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
() C:\Program Files (x86)\MouseFix\MouseFix.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2010-09-21] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [UVS11 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [341232 2007-07-23] (InterVideo Digital Technology Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-18] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-207579912-220918372-230931363-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3532816 2012-12-15] (Tonec Inc.)
HKU\S-1-5-21-207579912-220918372-230931363-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-207579912-220918372-230931363-1000\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office16\lync.exe [26886352 2016-02-10] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-08-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-06] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-11-16] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-04-15]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\xnetbug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MouseFix.lnk [2016-06-15]
ShortcutTarget: MouseFix.lnk -> C:\Program Files (x86)\MouseFix\MouseFix.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 202.134.1.10 8.8.8.8
Tcpip\..\Interfaces\{8DB168F5-A9B3-45D3-9CB4-466D2D5E00AF}: [DhcpNameServer] 202.134.1.10 8.8.8.8
ManualProxies:

Internet Explorer:
==================
HKU\S-1-5-21-207579912-220918372-230931363-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://u.msn.com/id-id/?ocid=iehp
HKU\S-1-5-21-207579912-220918372-230931363-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-207579912-220918372-230931363-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-11-09] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-05-06] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2013-11-09] (Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-05] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-06] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-05] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-03-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-03-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-03-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-03-15] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\xnetbug\AppData\Roaming\Mozilla\Firefox\Profiles\r3a71yap.default-1472723162900
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-26] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-26] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-05] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-11] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-02-09] (Microsoft Corporation)
FF Extension: (Firefox Hotfix) - C:\Users\xnetbug\AppData\Roaming\Mozilla\Firefox\Profiles\r3a71yap.default-1472723162900\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-06]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKU\S-1-5-21-207579912-220918372-230931363-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\xnetbug\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\xnetbug\AppData\Roaming\IDM\idmmzcc5 [2016-09-03] [not signed]
FF HKU\S-1-5-21-207579912-220918372-230931363-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\xnetbug\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR Profile: C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-27]
CHR Extension: (Google Docs) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-27]
CHR Extension: (Google Drive) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-27]
CHR Extension: (YouTube) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-27]
CHR Extension: (Chrome Malware Removal) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjpofjliplegaobhfofijfnidomhfgl [2016-04-30]
CHR Extension: (Google Sheets) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-27]
CHR Extension: (Google Docs Offline) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-27]
CHR Extension: (Avast Online Security) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-18]
CHR Extension: (IDM Integration Module) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2016-04-27]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2016-08-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-27]
CHR Extension: (SEO for Chrome) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2016-07-15]
CHR Extension: (Gmail) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-27]
CHR Extension: (Chrome Media Router) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-03]
CHR Profile: C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-27]
CHR Extension: (Google Docs) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-27]
CHR Extension: (Google Drive) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-27]
CHR Extension: (YouTube) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-27]
CHR Extension: (Google Sheets) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-27]
CHR Extension: (Google Docs Offline) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-27]
CHR Extension: (Avast Online Security) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-27]
CHR Extension: (IDM Integration Module) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2016-04-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-27]
CHR Extension: (Gmail) - C:\Users\xnetbug\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-06]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-11-09]
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-11-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-06] (AVAST Software)
S3 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1032680 2014-10-03] (Camshare Inc.)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-11-15] (Nero AG)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-04-25] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-06] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-06] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-31] ()
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-03 22:23 - 2016-09-03 22:23 - 00022038 _____ C:\Users\xnetbug\Desktop\FRST.txt
2016-09-03 22:22 - 2016-09-03 22:23 - 00000000 ____D C:\FRST
2016-09-03 22:21 - 2016-09-03 22:22 - 02397696 _____ (Farbar) C:\Users\xnetbug\Downloads\FRST64(1).exe
2016-09-03 21:57 - 2016-09-03 21:57 - 00000000 ____D C:\Users\xnetbug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2016-09-03 10:14 - 2016-09-03 19:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-09-02 22:44 - 2016-09-02 22:45 - 05200384 _____ (AVAST Software) C:\Users\xnetbug\Downloads\aswmbr.exe
2016-09-02 16:39 - 2016-09-02 16:39 - 00014450 _____ C:\Users\xnetbug\Downloads\eset scan 1.txt
2016-09-02 11:24 - 2016-09-02 11:24 - 00000000 ____D C:\Program Files (x86)\ESET
2016-09-02 11:22 - 2016-09-02 11:22 - 00001061 _____ C:\Users\xnetbug\Documents\hasil scan.txt
2016-09-02 10:48 - 2016-09-01 10:12 - 01610560 _____ (Malwarebytes) C:\Users\xnetbug\Desktop\JRT.exe
2016-09-02 10:48 - 2016-09-01 08:06 - 03826240 _____ C:\Users\xnetbug\Desktop\adwcleaner_6.010.exe
2016-09-02 10:34 - 2016-09-02 10:35 - 02397696 _____ (Farbar) C:\Users\xnetbug\Desktop\FRST64.exe
2016-09-01 19:24 - 2016-09-02 11:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-01 19:23 - 2016-09-01 19:23 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-01 19:23 - 2016-09-01 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-01 19:23 - 2016-09-01 19:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-01 19:23 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-01 19:23 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-01 19:23 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-01 19:16 - 2016-09-01 19:18 - 00212606 _____ C:\TDSSKiller.3.1.0.11_01.09.2016_19.16.20_log.txt
2016-09-01 15:02 - 2016-09-03 19:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-01 15:02 - 2016-09-01 15:02 - 00000902 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-01 15:02 - 2016-09-01 15:02 - 00000890 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-09-01 15:00 - 2016-09-03 21:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-01 15:00 - 2016-09-03 19:39 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-01 15:00 - 2016-09-01 15:30 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-01 15:00 - 2016-09-01 15:30 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-01 15:00 - 2016-09-01 15:24 - 00002120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-01 15:00 - 2016-09-01 15:24 - 00002108 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-01 12:00 - 2016-09-01 12:00 - 00000000 ____D C:\Users\xnetbug\AppData\Local\ESET
2016-09-01 11:58 - 2016-09-01 11:59 - 06761600 _____ (ESET spol. s r.o.) C:\Users\xnetbug\Downloads\esetonlinescanner_enu.exe
2016-09-01 11:57 - 2016-09-01 11:58 - 02870984 _____ (ESET) C:\Users\xnetbug\Downloads\esetsmartinstaller_enu.exe
2016-09-01 10:23 - 2016-09-01 10:26 - 00215164 _____ C:\TDSSKiller.3.1.0.11_01.09.2016_10.23.36_log.txt
2016-09-01 10:21 - 2016-09-02 10:51 - 00001880 _____ C:\Users\xnetbug\Desktop\JRT.txt
2016-09-01 08:07 - 2016-09-02 10:55 - 00000000 ____D C:\AdwCleaner
2016-09-01 01:48 - 2016-09-01 02:14 - 00005306 _____ C:\TDSSKiller.3.1.0.11_01.09.2016_01.48.41_log.txt
2016-09-01 01:45 - 2016-09-01 01:45 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-09-01 01:43 - 2016-09-01 01:46 - 00222324 _____ C:\TDSSKiller.3.1.0.11_01.09.2016_01.43.20_log.txt
2016-09-01 00:37 - 2016-09-01 00:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-31 23:33 - 2016-08-31 23:33 - 00000000 _____ C:\autoexec.bat
2016-08-31 23:20 - 2016-08-31 23:20 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-08-31 08:37 - 2016-08-31 09:49 - 306721939 _____ C:\Users\xnetbug\Downloads\(FULL ALBUM)Gendang Salih Kocak -- La Megombang(Lagu Karo Terbaru).mp4
2016-08-19 07:45 - 2016-08-19 08:36 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2016-08-15 01:07 - 2016-08-15 01:10 - 05333978 _____ C:\Users\xnetbug\Downloads\BIOS_Acer_2.08_A_A.zip
2016-08-13 11:29 - 2016-08-13 11:35 - 00024052 _____ C:\Users\xnetbug\Downloads\DRAF SURABAYA 2015-2016.xlsx
2016-08-13 11:27 - 2016-08-13 11:38 - 00019477 _____ C:\Users\xnetbug\Downloads\PNP REKAP.xlsx
2016-08-10 23:37 - 2016-08-10 23:37 - 00153894 _____ C:\Users\xnetbug\Downloads\template-3585773914958986038.xml
2016-08-10 20:02 - 2016-08-10 20:03 - 00000897 _____ C:\Users\xnetbug\Downloads\dapurkomputerlabel.js
2016-08-10 15:29 - 2016-08-10 15:29 - 00153794 _____ C:\Users\xnetbug\Downloads\template-7561810263533546935.xml
2016-08-10 10:11 - 2016-08-10 10:11 - 00662424 _____ C:\Users\xnetbug\Downloads\bootstrap.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-03 22:18 - 2013-11-02 10:33 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F420C2A7-B86E-4FAF-B2F7-EABEA3836FE3}
2016-09-03 21:31 - 2015-12-22 19:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-03 19:47 - 2009-07-14 11:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-03 19:47 - 2009-07-14 11:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-03 19:40 - 2013-10-19 13:36 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-09-03 19:39 - 2016-05-07 10:25 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForxnetbug.job
2016-09-03 19:39 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-03 13:30 - 2013-12-14 15:06 - 00000000 ____D C:\Users\xnetbug\AppData\Roaming\DMCache
2016-09-03 11:45 - 2016-06-25 11:53 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForxnetbug
2016-09-02 22:17 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-02 10:38 - 2016-04-16 21:45 - 00000000 ____D C:\Program Files\KMSpico
2016-09-02 09:27 - 2016-06-19 09:53 - 00000000 ___SD C:\Users\xnetbug\AppData\LocalLow\Temp
2016-09-01 19:49 - 2016-04-16 21:08 - 00000000 ____D C:\Windows\PCHEALTH
2016-09-01 15:00 - 2013-10-19 13:36 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-01 14:52 - 2014-08-22 08:44 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-01 14:51 - 2015-05-20 19:43 - 00000000 ____D C:\Program Files\Softland
2016-09-01 14:51 - 2015-05-20 19:43 - 00000000 ____D C:\Program Files (x86)\Softland
2016-09-01 14:49 - 2016-05-10 10:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmazingMIDI
2016-09-01 14:49 - 2016-05-10 10:53 - 00000000 ____D C:\Program Files (x86)\AmazingMIDI
2016-09-01 14:46 - 2009-07-14 10:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-01 14:11 - 2016-04-27 14:53 - 00000794 __RSH C:\ProgramData\ntuser.pol
2016-08-29 09:19 - 2014-10-31 07:51 - 00000132 _____ C:\Users\xnetbug\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-08-24 19:54 - 2015-07-09 11:53 - 00000000 ____D C:\Users\xnetbug\AppData\Roaming\Mp3tag
2016-08-14 22:39 - 2009-07-14 12:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-14 22:39 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\inf
2016-08-12 18:44 - 2009-07-14 12:08 - 00032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-05 19:44 - 2013-10-19 13:36 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-08-04 22:06 - 2013-12-14 15:06 - 00000000 ____D C:\Users\xnetbug\Downloads\Compressed

==================== Files in the root of some directories =======

2014-10-31 07:51 - 2016-08-29 09:19 - 0000132 _____ () C:\Users\xnetbug\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-08-29 22:19 - 2015-08-29 23:12 - 0001456 _____ () C:\Users\xnetbug\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-07-26 21:50 - 2016-05-15 16:18 - 0009728 _____ () C:\Users\xnetbug\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\xnetbug\AppData\Local\Temp\bassmod.dll
C:\Users\xnetbug\AppData\Local\Temp\dhp1ativ.dll
C:\Users\xnetbug\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\xnetbug\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih[1].exe
C:\Users\xnetbug\AppData\Local\Temp\libeay32.dll
C:\Users\xnetbug\AppData\Local\Temp\msvcr120.dll
C:\Users\xnetbug\AppData\Local\Temp\ose00000.exe
C:\Users\xnetbug\AppData\Local\Temp\shutdown1466780467.exe
C:\Users\xnetbug\AppData\Local\Temp\sqlite3.dll
C:\Users\xnetbug\AppData\Local\Temp\_isCBA7.exe
C:\Users\xnetbug\AppData\Local\Temp\{7E7422A5-F7AB-42E9-B45A-61F2AF8ECBDB}-33.0.1750.117_32.0.1700.107_chrome_updater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-26 11:08

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 07 September 2016 - 08:23 PM

Greetings bunuraya and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

It appears you are in Indonesia. Is that correct?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-207579912-220918372-230931363-1000\...\Run: [AdobeBridge] => [X]
ShortcutTarget: MouseFix.lnk -> C:\Program Files (x86)\MouseFix\MouseFix.exe ()
SearchScopes: HKU\S-1-5-21-207579912-220918372-230931363-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-06]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-09-02 10:38 - 2016-04-16 21:45 - 00000000 ____D C:\Program Files\KMSpico
C:\Users\xnetbug\AppData\Local\Temp\bassmod.dll
C:\Users\xnetbug\AppData\Local\Temp\dhp1ativ.dll
C:\Users\xnetbug\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\xnetbug\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih[1].exe
C:\Users\xnetbug\AppData\Local\Temp\libeay32.dll
C:\Users\xnetbug\AppData\Local\Temp\msvcr120.dll
C:\Users\xnetbug\AppData\Local\Temp\ose00000.exe
C:\Users\xnetbug\AppData\Local\Temp\shutdown1466780467.exe
C:\Users\xnetbug\AppData\Local\Temp\sqlite3.dll
C:\Users\xnetbug\AppData\Local\Temp\_isCBA7.exe
C:\Users\xnetbug\AppData\Local\Temp\{7E7422A5-F7AB-42E9-B45A-61F2AF8ECBDB}-33.0.1750.117_32.0.1700.107_chrome_updater.exe
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
FirewallRules: [{075DF093-868D-49AE-9360-F75E27C77CA7}] => (Allow) C:\Users\xnetbug\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F5299854-A1FD-4DA1-A32B-CF4628982B06}] => (Allow) C:\Users\xnetbug\AppData\Roaming\uTorrent\uTorrent.exe
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 bunuraya

bunuraya
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 07 September 2016 - 09:18 PM

Hi Gary, nice to meet you, My name is Bunuraya. Thank for your respon my post.

i am from indonesia, i am sorry i if slowly to respon your intruction, i must translate your intruction to indonesian.

 

==============================================

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by xnetbug (08-09-2016 08:44:50) Run:1
Running from C:\Users\xnetbug\Desktop
Loaded Profiles: xnetbug (Available Profiles: xnetbug)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-207579912-220918372-230931363-1000\...\Run: [AdobeBridge] => [X]
ShortcutTarget: MouseFix.lnk -> C:\Program Files (x86)\MouseFix\MouseFix.exe ()
SearchScopes: HKU\S-1-5-21-207579912-220918372-230931363-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-06]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-09-02 10:38 - 2016-04-16 21:45 - 00000000 ____D C:\Program Files\KMSpico
C:\Users\xnetbug\AppData\Local\Temp\bassmod.dll
C:\Users\xnetbug\AppData\Local\Temp\dhp1ativ.dll
C:\Users\xnetbug\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\xnetbug\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih[1].exe
C:\Users\xnetbug\AppData\Local\Temp\libeay32.dll
C:\Users\xnetbug\AppData\Local\Temp\msvcr120.dll
C:\Users\xnetbug\AppData\Local\Temp\ose00000.exe
C:\Users\xnetbug\AppData\Local\Temp\shutdown1466780467.exe
C:\Users\xnetbug\AppData\Local\Temp\sqlite3.dll
C:\Users\xnetbug\AppData\Local\Temp\_isCBA7.exe
C:\Users\xnetbug\AppData\Local\Temp\{7E7422A5-F7AB-42E9-B45A-61F2AF8ECBDB}-33.0.1750.117_32.0.1700.107_chrome_updater.exe
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
FirewallRules: [{075DF093-868D-49AE-9360-F75E27C77CA7}] => (Allow) C:\Users\xnetbug\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F5299854-A1FD-4DA1-A32B-CF4628982B06}] => (Allow) C:\Users\xnetbug\AppData\Roaming\uTorrent\uTorrent.exe
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-207579912-220918372-230931363-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
C:\Program Files (x86)\MouseFix\MouseFix.exe => moved successfully
HKU\S-1-5-21-207579912-220918372-230931363-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully

"C:\Program Files\AVAST Software\Avast\SafePrice\FF" folder move:

Could not move "C:\Program Files\AVAST Software\Avast\SafePrice\FF" => Scheduled to move on reboot.

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
C:\Program Files\KMSpico => moved successfully
C:\Users\xnetbug\AppData\Local\Temp\bassmod.dll => moved successfully
C:\Users\xnetbug\AppData\Local\Temp\dhp1ativ.dll => moved successfully
C:\Users\xnetbug\AppData\Local\Temp\fp_pl_pfs_installer.exe => moved successfully
C:\Users\xnetbug\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih[1].exe => moved successfully
C:\Users\xnetbug\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\xnetbug\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\xnetbug\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\xnetbug\AppData\Local\Temp\shutdown1466780467.exe => moved successfully
C:\Users\xnetbug\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\xnetbug\AppData\Local\Temp\_isCBA7.exe => moved successfully
C:\Users\xnetbug\AppData\Local\Temp\{7E7422A5-F7AB-42E9-B45A-61F2AF8ECBDB}-33.0.1750.117_32.0.1700.107_chrome_updater.exe => moved successfully
"HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{075DF093-868D-49AE-9360-F75E27C77CA7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F5299854-A1FD-4DA1-A32B-CF4628982B06} => value removed successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 08-09-2016 08:48:15)

"C:\Program Files\AVAST Software\Avast\SafePrice\FF" => Could not move

==== End of Fixlog 08:48:15 ====

 

 

==========================================================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by xnetbug (03-09-2016 22:24:24)
Running from C:\Users\xnetbug\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-10-19 05:13:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-207579912-220918372-230931363-500 - Administrator - Disabled)
Guest (S-1-5-21-207579912-220918372-230931363-501 - Limited - Disabled)
xnetbug (S-1-5-21-207579912-220918372-230931363-1000 - Administrator - Enabled) => C:\Users\xnetbug

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACDSee Pro 6 (HKLM\...\{CAF674E0-808C-4CF4-8868-A755EBABA228}) (Version: 6.3.221 - ACD Systems International Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Audition CS6 (HKLM-x32\...\{30FD541D-3C9D-41C4-B240-A994EE4E0231}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Camfrog Video Chat 6.8 (HKLM-x32\...\Camfrog) (Version: 6.8.398 - Camshare, Inc.)
CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden
Chord Pickout 2.0 (HKLM-x32\...\Chord Pickout) (Version: 2.0 - ChordPickout.com)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
Dream MP3 to MIDI Converter 3.0.3.2 (HKLM-x32\...\{66712EEE-ECBC-4CA4-A474-dream-mp3-to-midi-converter}_is1) (Version:  - DreamVideSoft,Inc.)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson User's Guide L210 Series (HKLM-x32\...\L210 Series Useg) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.34.7 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.32.37 - HP)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
InterVideo DeviceService (HKLM-x32\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
K-Lite Mega Codec Pack 4.5.3 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 4.5.3 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-207579912-220918372-230931363-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 48.0.2 (x64 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
Mp3tag v2.77 (HKLM-x32\...\Mp3tag) (Version: v2.77 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM-x32\...\{D323F1F1-E9F4-4B61-BE3B-4147276D1033}) (Version: 8.10.387 - Nero AG)
novaPDF Professional Desktop 7.7 printer (HKLM\...\novaPDF Professional Desktop 7 printer_is1) (Version: 7.7.399 - Softland)
Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.60.0 - Samsung Electronics Co., Ltd.)
Sothink SWF Easy (HKLM-x32\...\{C8F4800F-52F4-4115-BE64-FF1C23604E86}_is1) (Version: 6.6 - SourceTec Software Co., LTD)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Ulead VideoStudio 11 (HKLM-x32\...\InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}) (Version: 11.0.0.0000 - InterVideo Digital Technology Corporation)
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Update for Skype for Business 2016 (KB3114846) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{286F464B-2FDF-4107-83A5-DEB08D2AD268}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3114846) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{286F464B-2FDF-4107-83A5-DEB08D2AD268}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3114846) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{286F464B-2FDF-4107-83A5-DEB08D2AD268}) (Version:  - Microsoft)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VideoStudio (x32 Version: 11.0.0.0000 - InterVideo Digital Technology Corporation) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.0.1.1219 - Xilisoft)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Zamzom Wireless (HKLM-x32\...\{CED3B64B-9381-4AB8-A213-6C084C952E43}) (Version: 1.0.0 - Zamzom)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-207579912-220918372-230931363-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\xnetbug\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D606096-78E5-4C03-A112-09F878F69187} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-18] (Adobe Systems Incorporated)
Task: {21860F3B-2C07-4158-9511-A2890802CBF5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {30040264-C6AF-49E2-8E4E-0BAF91083B60} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {396A548C-F2DE-4BBB-AAA4-1866619C33B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-01] (Google Inc.)
Task: {484D5319-469A-4422-95CC-5B0A486177AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-01] (Google Inc.)
Task: {4DDA5145-6D29-4A44-A829-13C8125B8155} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {4FD68E2D-3484-470A-AC3C-C0CF20E14139} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {4FFBE6A2-D3E1-495B-97D8-762966B2D89A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {5045264A-0140-49AD-8079-C45559CE18DB} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {5E7F76AE-0A41-4007-B353-523C0C283EE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-08-08] (HP Inc.)
Task: {610FD910-5F6F-4DF2-BB06-9BC7D28645BB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {66E2A63E-3822-44B7-ABBB-F0560B83305C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-08-08] (HP Inc.)
Task: {7A3EB806-4E04-4903-A1BD-2EDF5C238865} - System32\Tasks\SafeZone scheduled Autoupdate 1458089013 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {9EA5BEEF-0529-4CB9-9705-C16A203AAD3C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-06] (AVAST Software)
Task: {ACE8F1BC-F251-4BBD-9DB0-B42B575D17C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {C01848C8-A0B6-4EFE-B938-EB9CD48F97A5} - System32\Tasks\HPCeeScheduleForxnetbug => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {C3B55770-AF0A-42A1-BA30-14F7D56A8935} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-26] (Adobe Systems Incorporated)
Task: {CDA68DFB-F6F0-414B-A8AB-EC7513F432E6} - System32\Tasks\{3403965A-4901-4CAC-8A54-8A30A2C90613} => pcalua.exe -a "E:\PNP SBY\master\DRIVER WIN 7 64 BIT\NETWORK\Intel PROWireless Drivers for Microsoft Windows 7.exe" -d "E:\PNP SBY\master\DRIVER WIN 7 64 BIT\NETWORK"
Task: {D5CBCFF4-ACBA-4021-8986-2A25B61BF916} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForxnetbug.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-15 06:23 - 2016-03-15 06:23 - 08901800 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2010-07-29 19:39 - 2010-07-29 19:39 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2016-06-15 11:06 - 2004-01-29 13:24 - 00040960 _____ () C:\Program Files (x86)\MouseFix\MouseFix.exe
2016-05-06 19:43 - 2016-05-06 19:43 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-06 19:43 - 2016-05-06 19:43 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-03 06:52 - 2016-09-03 06:52 - 03080312 _____ () C:\Program Files\AVAST Software\Avast\defs\16090205\algo.dll
2016-05-06 19:43 - 2016-05-06 19:43 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-06 19:43 - 2016-05-06 19:43 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-03-15 06:23 - 2016-03-15 06:23 - 08901800 _____ () C:\Program Files (x86)\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-03-15 11:39 - 2016-03-15 11:39 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-06-15 11:06 - 2004-01-29 13:21 - 00045056 _____ () C:\Program Files (x86)\MouseFix\MouseFixDll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\08341857.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\08341857.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2009-06-11 04:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-207579912-220918372-230931363-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\xnetbug\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 202.134.1.10 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 358fabd144438afd82afb7b363f9f25a => 2
MSCONFIG\startupreg: ACPW06EN => "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06EN
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Camfrog => "C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: uTorrent => "C:\Users\xnetbug\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{181F3C8D-AFE8-4BBE-81C0-3EB77F67BAD3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{04D53E7F-E88D-4204-8C92-53CB137DFDF5}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{1133DDA6-E912-43AC-8A5E-E276BCCA147D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{5FB72C00-4BF5-4C6D-B04F-03068F6ED865}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{7EC85819-B7CE-4C23-8BCF-27876CE0B948}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{223E831D-1C77-4561-94ED-72B8324DA435}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{075DF093-868D-49AE-9360-F75E27C77CA7}] => (Allow) C:\Users\xnetbug\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F5299854-A1FD-4DA1-A32B-CF4628982B06}] => (Allow) C:\Users\xnetbug\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6E07D1FA-5067-4A39-AC35-2659A7CEE0D7}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D3B8E4E8-FA7F-4D1C-9F71-AA58A0B73712}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{82EF1967-500B-47B4-9650-1F7DDBF17974}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
FirewallRules: [UDP Query User{868F673C-4419-42F1-9310-2B756B6A866B}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
FirewallRules: [TCP Query User{7D48D878-C0CF-46DF-8926-B5DE1A1BB46D}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
FirewallRules: [UDP Query User{10854787-2414-440D-9B39-60BB7145289C}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
FirewallRules: [TCP Query User{CAF7EF5E-9CAC-419B-A860-3F017CA3E1A0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{44844562-F4FE-4AC4-A7FE-B27B726C68AA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{5E1A6672-215F-4D64-B519-31FA8E1F8DC1}C:\program files (x86)\star conflict\launcher.exe] => (Allow) C:\program files (x86)\star conflict\launcher.exe
FirewallRules: [UDP Query User{CFE0416C-7D4D-4BC2-85C7-F494CB1EAED0}C:\program files (x86)\star conflict\launcher.exe] => (Allow) C:\program files (x86)\star conflict\launcher.exe
FirewallRules: [{96FB576C-1FB6-4DAA-9523-064990DAA108}] => (Block) C:\program files (x86)\star conflict\launcher.exe
FirewallRules: [{64DB528F-8F2E-4B8E-9947-DEB7DEF21801}] => (Block) C:\program files (x86)\star conflict\launcher.exe
FirewallRules: [{F43A5E61-AFC7-40AE-AB23-ED2C6945B8BD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B82EA01F-AD72-4756-8FC2-29EFEA50E790}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{838659E9-0A11-485B-8EC2-FDBB85D6C580}] => (Allow) C:\Users\xnetbug\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{8F8206EB-54C4-4113-9290-BED99AC7D92B}C:\users\xnetbug\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\xnetbug\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{075BFC92-2F67-4E15-9581-0FC5A3409452}C:\users\xnetbug\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\xnetbug\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{7BD65CC3-9999-4E9D-A12D-CC4D6248D4B7}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{C5EA1DA8-D9BE-4378-9C8E-5ADE472B5639}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{F503ED9F-33A7-4928-AC81-E3980401A0F2}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{F2870FCC-2FCD-473C-8002-8FA83D7E60F0}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{74047E4F-DCA6-452A-8863-9F6DE3FD9D4E}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{DEFABCF9-F911-44FF-85C4-4D5FB6BDDEE4}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{5D10398C-67A3-41D4-B728-610F1F7C30E7}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{6759C278-8EBA-429A-8010-C2A3A62EE188}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{0834C3ED-7308-4AC0-8836-635A9A38549C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5F6E2192-2C92-49CB-83FC-0CF3D08C5DEB}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{11842C4B-3C0E-4748-88B4-2222C6C8407C}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{D11005FD-7056-45A1-9C04-1C71D411340B}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{A38B2C0D-9804-4AA2-A0E3-AB0BE16ED754}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

01-09-2016 14:49:19 novaPDF 8
01-09-2016 19:18:28 JRT Pre-Junkware Removal
02-09-2016 10:48:29 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2016 09:16:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/02/2016 03:11:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/02/2016 11:24:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\xnetbug\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/02/2016 11:24:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\xnetbug\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/02/2016 11:24:07 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\xnetbug\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/02/2016 11:23:45 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\xnetbug\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/01/2016 12:00:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\xnetbug\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/31/2016 09:45:01 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (08/31/2016 09:45:01 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (08/29/2016 04:41:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ActivationClient.exe, version: 8.5.940.0, time stamp: 0x56d8484e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xe0434352
Fault offset: 0x000000000000a49d
Faulting process id: 0x1698
Faulting application start time: 0x01d201d9736b0747
Faulting application path: C:\Program Files\Softland\novaPDF 8\Driver\ActivationClient.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: b9b14bcd-6dcc-11e6-b515-70f395a9c97b


System errors:
=============
Error: (09/02/2016 02:44:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (09/02/2016 02:44:13 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\xnetbug\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/02/2016 02:44:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (09/02/2016 02:44:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\xnetbug\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/02/2016 02:44:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (09/02/2016 02:44:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\xnetbug\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/02/2016 02:44:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (09/02/2016 02:44:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\xnetbug\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/02/2016 02:44:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (09/02/2016 02:44:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\xnetbug\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 51%
Total physical RAM: 3893.86 MB
Available physical RAM: 1893.32 MB
Total Virtual: 7785.91 MB
Available Virtual: 5526.59 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:146.39 GB) (Free:80 GB) NTFS
Drive d: (Data) (Fixed) (Total:146.48 GB) (Free:73.41 GB) NTFS
Drive e: (Master) (Fixed) (Total:172.79 GB) (Free:70.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0E9E8835)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=172.8 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

 

OS Name    Microsoft Windows 7 Ultimate
Version    6.1.7601 Service Pack 1 Build 7601
Other OS Description     Not Available
OS Manufacturer    Microsoft Corporation
System Name    XNETBUG-PC
System Manufacturer    Hewlett-Packard
System Model    HP G42 Notebook PC
System Type    x64-based PC
Processor    Intel® Core™ i5 CPU       M 460  @ 2.53GHz, 2534 Mhz, 2 Core(s), 4 Logical Processor(s)
BIOS Version/Date    Hewlett-Packard F.23, 8/5/2010
SMBIOS Version    2.6
Windows Directory    C:\Windows
System Directory    C:\Windows\system32
Boot Device    \Device\HarddiskVolume1
Locale    United States
Hardware Abstraction Layer    Version = "6.1.7601.17514"
User Name    xnetbug-PC\xnetbug
Time Zone    SE Asia Standard Time
Installed Physical Memory (RAM)    4.00 GB
Total Physical Memory    3.80 GB
Available Physical Memory    2.26 GB
Total Virtual Memory    7.60 GB
Available Virtual Memory    5.85 GB
Page File Space    3.80 GB
Page File    C:\pagefile.sys
 

 

 

Regards

 

Bunuraya

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 07 September 2016 - 09:58 PM

Thanks for your quick reply.

I think this is a false positive but let's do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click icon then click Install
  • A Window should open highlighting Start Emergency Kit Scanner
  • Double click that icon and allow the program to load
  • Click Yes to run an online update
  • Once the update is completed select Settings under Scan
  • Uncheck Join the Emsisoft Anti-Malware Network
  • Click Scan at the top
  • Click Yes to detect Potentially Unwanted Programs
  • Click Malware Scan
  • Once completed click View Report
  • Save the file to your Desktop using the default file name
  • Click Quarantine selected (all should be selected by default)
  • Copy and paste the report in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon then click Run
  • Press any key to launch the program
  • Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • When completed a Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report
  • Security check report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 bunuraya

bunuraya
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 07 September 2016 - 10:09 PM

Thanks for your intrunction. but i must offline now. mey be i will online at 05:00 pm +7 GMT.

I hope you understand my situation.
I will try to run your instructions as soon as possible. and post the results here. Thank you for the help.

 

Regards

 

Bunuraya

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 07 September 2016 - 10:34 PM

Of course, see you then.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 bunuraya

bunuraya
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 08 September 2016 - 11:06 AM

hi gary, this is the scan results.

 

===================================================

Emsisoft Emergency Kit - Version 11.9
Last update: 9/8/2016 10:31:26 PM
User account: xnetbug-PC\xnetbug
Computer name: XNETBUG-PC
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    9/8/2016 10:44:44 PM

Scanned    79802
Found    0

Scan end:    9/8/2016 10:52:47 PM
Scan time:    0:08:03
===================================================

 

===================================================

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 51  
 Java version 32-bit out of Date!
 Adobe Flash Player 22.0.0.209  
 Adobe Reader XI  
 Google Chrome (53.0.2785.101)
 Google Chrome (53.0.2785.89)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
===================================================
 

Regards

 

Bunuraya



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 08 September 2016 - 12:24 PM

That looks outstanding. Are there any remaining issues aside from the Avast warning?

Edited by Oh My!, 08 September 2016 - 01:56 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 bunuraya

bunuraya
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 08 September 2016 - 08:03 PM

problems that I know only the notification of avast. but three days later did not appear again. but I want to make sure if my computer is not a malware infection.

 

Regards

 

Bunuraya



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 08 September 2016 - 08:18 PM

Your computer is clean. If Avast flags the site again you can click the link to report it as a false positive and exclude the site from detection.

I think we are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 bunuraya

bunuraya
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 08 September 2016 - 08:55 PM

thanks for your time and assistance given to me. Nice to meet you. Have a nice day.

 

Regards

 

Bunuraya



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 09 September 2016 - 08:40 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users