Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

REGSVR32 ERROR ON START UP MODULE FAILED TO LOAD AND INTERNAL HDD CAN&


  • Please log in to reply

#1
Paopawdecarabao

Paopawdecarabao

    Member

  • Member
  • PipPip
  • 28 posts

Hello Everyone,

 

I got this RegSvr32 every startup. It was a malware before that scans and affected my internal hdd partition. I can't open any files nor view pictures.

 

I've scanned it with avast, malwarebytes and adwcleaner but problem is still there especially for my hdd.

 

I've attached the frst and aswmbr logs as I've searched the forums for the problem.

 

Hopefully you can resolve this especially for my hdd.

 

Can virtual lab recover my files? I don't know if my hdd got corrupted because of the virus.

 

Best Regards

Attached Files


Edited by Paopawdecarabao, 02 February 2015 - 01:19 AM.

  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,960 posts
Hi,

Can you follow these instructions and let me know how we are doing then?
  • Please download Malwarebytes Anti-Rootkit BETA to your desktop.
  • If you are using Internet Explorer and receive a prompt that the security settings block the download, follow the instructions to reset Internet Explorer posted below first.
  • Double-click mbar-version-number.exe and follow the prompts to install the program.
  • Use the "Update" button to get the latest definitions.
  • Before you run the Malwarebytes Anti-Rootkit BETA scan you may be prompted to exit Malwarebytes Anti-Malware.
    exitMBAM.png
    Please do so using the icon in your taskbar and click "Previous" to go back to the "Scan" option.
  • Wait for the scan to finish and use the "Cleanup" button if Malwarebytes Anti-Rootkit BETA found any malware.
    Foundit2.png
You may want to reset the advanced settings and zones in Internet Explorer.
  • Open Internet Explorer
  • Click on Tools > Internet Options and open the "Advanced" tab
  • Click on the "Reset" button, the "Apply" and "OK"
  • On the Security tab click the button "Reset all zones to default level".
Then go to the Control Panel > Installed software and remove Chrome. We will reinstall it later on. Please don't do this yet.

Then reboot and re-run FRST and post back with the new log
  • 0

#3
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Hi,

Can you follow these instructions and let me know how we are doing then?

  • Please download Malwarebytes Anti-Rootkit BETA to your desktop.
  • If you are using Internet Explorer and receive a prompt that the security settings block the download, follow the instructions to reset Internet Explorer posted below first.
  • Double-click mbar-version-number.exe and follow the prompts to install the program.
  • Use the "Update" button to get the latest definitions.
  • Before you run the Malwarebytes Anti-Rootkit BETA scan you may be prompted to exit Malwarebytes Anti-Malware.
    exitMBAM.png
    Please do so using the icon in your taskbar and click "Previous" to go back to the "Scan" option.
  • Wait for the scan to finish and use the "Cleanup" button if Malwarebytes Anti-Rootkit BETA found any malware.
    Foundit2.png
You may want to reset the advanced settings and zones in Internet Explorer.
  • Open Internet Explorer
  • Click on Tools > Internet Options and open the "Advanced" tab
  • Click on the "Reset" button, the "Apply" and "OK"
  • On the Security tab click the button "Reset all zones to default level".
Then go to the Control Panel > Installed software and remove Chrome. We will reinstall it later on. Please don't do this yet.

Then reboot and re-run FRST and post back with the new log

 

Thank you for the reply. I'll do your instructions when I get home and post new frst log.


  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,960 posts
OK. If you really need Chrome beforehand, follow these instructions.

Start Task Manager
To start Task Manager, take any of the following actions:
Press CTRL+ALT+DELETE, and then click Task Manager.
or
Press CTRL+SHIFT+ESC.

End the process for **all** Google and / or Chrome items.


Reset your browser settings
1.In the top-right corner of the browser window, click the Chrome menu
2.Select Settings.
3.At the bottom, click Show advanced settings.
4.Under the section "Reset settings,” click Reset settings.
5.In the dialog that appears, click Reset.


**If that didn't do the trick**

Start Task Manager
To start Task Manager, take any of the following actions:
Press CTRL+ALT+DELETE, and then click Task Manager.
or
Press CTRL+SHIFT+ESC.

End the process for **all** Google and / or Chrome items.


If you have Bookmarks that you want to save, you want to do that first.

Export / Import Bookmarks.
https://support.goog...wer/96816?hl=en


We need to uninstall Chrome completely and remove the user folder, then re-install it if you want to keep Chrome
  • 0

#5
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

OK. If you really need Chrome beforehand, follow these instructions.

Start Task Manager
To start Task Manager, take any of the following actions:
Press CTRL+ALT+DELETE, and then click Task Manager.
or
Press CTRL+SHIFT+ESC.

End the process for **all** Google and / or Chrome items.


Reset your browser settings
1.In the top-right corner of the browser window, click the Chrome menu
2.Select Settings.
3.At the bottom, click Show advanced settings.
4.Under the section "Reset settings,” click Reset settings.
5.In the dialog that appears, click Reset.


**If that didn't do the trick**

Start Task Manager
To start Task Manager, take any of the following actions:
Press CTRL+ALT+DELETE, and then click Task Manager.
or
Press CTRL+SHIFT+ESC.

End the process for **all** Google and / or Chrome items.


If you have Bookmarks that you want to save, you want to do that first.

Export / Import Bookmarks.
https://support.goog...wer/96816?hl=en


We need to uninstall Chrome completely and remove the user folder, then re-install it if you want to keep Chrome

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Paopaw (administrator) on PAOPAWDECARABAO on 02-02-2015 19:33:27
Running from C:\Users\Paopaw\Downloads
Loaded Profiles: Paopaw (Available profiles: Paopaw & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\System32\PnkBstrA.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
() C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Akamai Technologies, Inc.) C:\Users\Paopaw\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Paopaw\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\Paopaw\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-01] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1719308311-501218547-3283189548-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-1719308311-501218547-3283189548-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-1719308311-501218547-3283189548-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-20] (Google Inc.)
HKU\S-1-5-21-1719308311-501218547-3283189548-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Paopaw\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1719308311-501218547-3283189548-1000\...\Run: [Spotify Web Helper] => C:\Users\Paopaw\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-25] (Spotify Ltd)
HKU\S-1-5-21-1719308311-501218547-3283189548-1000\...\Run: [WINUP] => regsvr32 "C:\Users\Paopaw\AppData\Local\Temp\reg.dll <===== ATTENTION
HKU\S-1-5-21-1719308311-501218547-3283189548-1000\...\RunOnce: [Adobe Speed Launcher] => 1422934358
HKU\S-1-5-21-1719308311-501218547-3283189548-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1719308311-501218547-3283189548-1000\...\MountPoints2: D - D:\ASRSetup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1719308311-501218547-3283189548-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} -  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1719308311-501218547-3283189548-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1719308311-501218547-3283189548-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1719308311-501218547-3283189548-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-1719308311-501218547-3283189548-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-10-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-10-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-01]
FF HKU\S-1-5-21-1719308311-501218547-3283189548-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-01] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-01] (Avast Software)
S4 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [528096 2014-06-08] (Futuremark)
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [27184 2014-10-25] (Silicondust USA Inc)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
S4 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S4 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [67752 2012-10-25] (Robert McNeel & Associates)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 Origin Client Service; P:\Origin\OriginClientService.exe [1903472 2014-12-26] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-19] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-20] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-01] ()
R3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [386560 2013-10-15] (C-Media Inc.)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [5353888 2012-12-14] (Intel Corporation) [File not signed]
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [101376 2011-11-21] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [217088 2011-11-21] (Renesas Electronics Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-18] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-01] (Avast Software)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-12-01] ()
R3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
S3 GPU-Z; \??\C:\Users\Paopaw\AppData\Local\Temp\GPU-Z.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 19:32 - 2015-02-02 19:32 - 00003042 _____ () C:\Windows\System32\Tasks\asrRd
2015-02-02 18:52 - 2015-02-02 19:29 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-02 18:51 - 2015-02-02 19:29 - 00000000 ____D () C:\Users\Paopaw\Desktop\mbar
2015-02-02 18:48 - 2015-02-02 18:48 - 00053716 _____ () C:\Users\Paopaw\Desktop\bookmarks_2_2_15.html
2015-02-02 18:44 - 2015-02-02 18:44 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Paopaw\Desktop\mbar-1.08.3.1004.exe
2015-02-01 23:12 - 2015-02-01 23:12 - 00049925 _____ () C:\Users\Paopaw\Desktop\Addition.txt
2015-02-01 23:12 - 2015-02-01 23:12 - 00035244 _____ () C:\Users\Paopaw\Desktop\FRST.txt
2015-02-01 23:11 - 2015-02-01 23:11 - 00002472 _____ () C:\Users\Paopaw\Desktop\aswMBR.txt
2015-02-01 23:11 - 2015-02-01 23:11 - 00000512 _____ () C:\Users\Paopaw\Desktop\MBR.dat
2015-02-01 23:07 - 2015-02-01 23:07 - 05200384 _____ (AVAST Software) C:\Users\Paopaw\Downloads\aswmbr.exe
2015-02-01 23:07 - 2015-02-01 23:07 - 00049925 _____ () C:\Users\Paopaw\Downloads\Addition.txt
2015-02-01 23:06 - 2015-02-02 19:33 - 00020880 _____ () C:\Users\Paopaw\Downloads\FRST.txt
2015-02-01 23:06 - 2015-02-02 19:33 - 00000000 ____D () C:\FRST
2015-02-01 20:22 - 2015-02-01 20:22 - 02131456 _____ (Farbar) C:\Users\Paopaw\Downloads\FRST64.exe
2015-02-01 19:53 - 2015-02-01 19:53 - 00001379 _____ () C:\Users\Paopaw\Desktop\VirtualLab Client.lnk
2015-02-01 19:53 - 2015-02-01 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BinaryBiz
2015-02-01 19:53 - 2015-02-01 19:53 - 00000000 ____D () C:\Program Files (x86)\BinaryBiz
2015-02-01 19:52 - 2015-02-01 19:53 - 08905325 _____ (BinaryBiz ) C:\Users\Paopaw\Downloads\VirtualLab.exe
2015-02-01 15:10 - 2015-02-01 15:10 - 00000000 ____D () C:\Users\Paopaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-01 15:10 - 2015-02-01 15:10 - 00000000 ____D () C:\Users\Paopaw\AppData\Roaming\Dropbox
2015-02-01 15:00 - 2015-02-01 15:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-01 15:00 - 2015-02-01 15:00 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-01 15:00 - 2015-02-01 15:00 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-02-01 15:00 - 2015-02-01 15:00 - 00000000 ____D () C:\Windows\system32\vbox
2015-02-01 15:00 - 2015-02-01 15:00 - 00000000 ____D () C:\Users\Paopaw\AppData\Roaming\AVAST Software
2015-02-01 15:00 - 2015-02-01 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-01 14:59 - 2015-02-01 15:00 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-01 14:59 - 2015-02-01 15:00 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-02-01 14:59 - 2015-02-01 14:59 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-02-01 14:59 - 2015-02-01 14:59 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-01 14:59 - 2015-02-01 14:59 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-01 14:59 - 2015-02-01 14:59 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-02-01 14:59 - 2015-02-01 14:59 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-01 14:59 - 2015-02-01 14:59 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-01 14:59 - 2015-02-01 14:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-01 14:59 - 2015-02-01 14:59 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-01 14:59 - 2015-02-01 14:59 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-01 14:58 - 2015-02-01 14:58 - 05006864 _____ (AVAST Software) C:\Users\Paopaw\Downloads\avast_free_antivirus_setup_online (1).exe
2015-02-01 14:13 - 2015-02-02 18:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 14:12 - 2015-02-02 18:52 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-01 14:12 - 2015-02-01 14:12 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-01 14:12 - 2015-02-01 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-01 14:12 - 2015-02-01 14:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-01 14:12 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-01 14:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-01 14:10 - 2015-02-01 14:10 - 02194432 _____ () C:\Users\Paopaw\Downloads\adwcleaner_4.109.exe
2015-02-01 14:09 - 2015-02-01 14:09 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Paopaw\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-01 14:03 - 2015-02-02 19:32 - 00000448 _____ () C:\Windows\setupact.log
2015-02-01 14:03 - 2015-02-02 18:38 - 00003804 _____ () C:\Windows\PFRO.log
2015-02-01 14:03 - 2015-02-01 14:03 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-01 13:53 - 2015-02-01 13:54 - 00032088 _____ () C:\Users\Paopaw\Desktop\cc_20150201_135349.reg
2015-02-01 13:32 - 2015-02-01 13:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-01 13:32 - 2015-02-01 13:32 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-01 13:32 - 2015-02-01 13:32 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-01 13:32 - 2015-02-01 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-01 13:32 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-28 20:57 - 2015-01-28 20:57 - 36210245 _____ () C:\Users\Paopaw\Downloads\MSIAfterburnerSetup410.zip
2015-01-15 00:00 - 2015-01-15 00:00 - 00001456 _____ () C:\Users\Paopaw\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-01-14 23:11 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 20:43 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 20:43 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 20:43 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 20:43 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 20:43 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 20:43 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 20:43 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 20:43 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 20:43 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 20:43 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 20:43 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 20:43 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 19:32 - 2012-10-20 11:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 19:32 - 2012-10-03 22:39 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-02-02 19:32 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 19:29 - 2014-09-23 18:25 - 00003038 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-02-02 19:29 - 2014-08-03 19:15 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-02-02 19:29 - 2012-10-03 00:55 - 01833836 _____ () C:\Windows\WindowsUpdate.log
2015-02-02 19:22 - 2013-08-18 15:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-02 19:17 - 2012-10-20 11:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 18:51 - 2012-10-20 11:57 - 00000000 ____D () C:\Users\Paopaw\AppData\Local\Google
2015-02-02 18:51 - 2012-10-20 11:57 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-02 18:45 - 2009-07-13 20:45 - 00025888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-02 18:45 - 2009-07-13 20:45 - 00025888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-02 18:43 - 2014-08-14 19:29 - 00002976 _____ () C:\Windows\System32\Tasks\AsrXTU
2015-02-02 18:42 - 2009-07-13 21:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 02:00 - 2014-08-17 04:17 - 00000000 ____D () C:\Users\Paopaw\AppData\Local\Adobe
2015-02-01 15:30 - 2012-10-30 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-01 15:30 - 2012-10-30 22:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-01 14:59 - 2013-12-01 16:10 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-01 14:59 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-02-01 14:57 - 2014-08-12 00:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-01 14:24 - 2014-05-16 23:24 - 00000000 ____D () C:\Users\Paopaw\AppData\Roaming\Spotify
2015-02-01 14:13 - 2014-08-14 18:20 - 00000000 ____D () C:\AdwCleaner
2015-02-01 14:03 - 2013-09-10 20:47 - 00000000 ____D () C:\Users\Paopaw\AppData\Local\CRE
2015-02-01 14:03 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-01 13:54 - 2013-08-18 15:47 - 00000000 ____D () C:\Users\Paopaw\AppData\Local\CrashDumps
2015-02-01 13:53 - 2014-10-13 20:24 - 00000000 ____D () C:\Users\Paopaw\AppData\Roaming\uTorrent
2015-02-01 13:53 - 2013-11-29 21:44 - 00000000 ____D () C:\Windows\Minidump
2015-02-01 13:48 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Vss
2015-02-01 13:37 - 2012-10-03 00:55 - 00000000 ____D () C:\Users\Paopaw
2015-02-01 12:52 - 2012-10-03 22:39 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-01-31 15:57 - 2014-05-16 23:24 - 00000000 ____D () C:\Users\Paopaw\AppData\Local\Spotify
2015-01-31 15:55 - 2013-08-18 15:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 15:55 - 2012-10-20 11:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 15:55 - 2012-10-20 11:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 00:00 - 2012-10-03 22:44 - 00000000 ____D () C:\Users\Paopaw\AppData\Roaming\Adobe
2015-01-14 00:44 - 2013-12-03 19:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 00:41 - 2013-12-03 19:28 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-01-15 00:00 - 2015-01-15 00:00 - 0001456 _____ () C:\Users\Paopaw\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-08-08 22:21 - 2014-11-19 00:43 - 1065984 _____ () C:\Users\Paopaw\AppData\Local\file__0.localstorage
2012-10-03 22:48 - 2014-08-24 11:37 - 0007602 _____ () C:\Users\Paopaw\AppData\Local\resmon.resmoncfg
2012-10-03 22:43 - 2012-10-03 22:43 - 0000003 _____ () C:\Users\Paopaw\AppData\Local\user_data.ini
2014-07-30 22:42 - 2014-07-30 22:45 - 0000825 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\install_reader11_en_chra_awa_aih.exe
C:\Users\Paopaw\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxzacpy.dll
C:\Users\Paopaw\AppData\Local\Temp\Quarantine.exe
C:\Users\Paopaw\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-31 17:21

==================== End Of Log ============================


  • 0

#6
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

No malware was detected during the scan. DOes this affect my hdd?


  • 0

#7
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,960 posts

No malware was detected during the scan. DOes this affect my hdd?


It could have if something had been found.

To cure the error you get about RegSvr322:

Download attached fixlist.txt file and save it to the folder C:\Users\Paopaw\Downloads.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Then for the bad news. Here is what I think has happened.
You were infected by ransomware and Avast only caught it after (some) damage had been done. Avast most likely quaraintined the offending file reg.dll. Or it was removed when the Temp folder was cleared out.
Either way, you do not see the demands for ransom beacuse they were removed. Your files however have been encrypted.
To figure out if there is a way to decrypt them we will need to know which varaiant you were hit by. I will need a copy of the file to do so.
Can you check if the file reg.dll is indeed in the Avast Virus Chest? Instructions can be found here:
https://blog.avast.c...st-virus-chest/

Please make sure you apply the fix first and do NOT restore the file to its original location.

Let me know if you can find it and I will post instructions how to get it to me.

Attached Files


  • 0

#8
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Paopaw at 2015-02-03 06:56:32 Run:1
Running from C:\Users\Paopaw\Downloads
Loaded Profiles: Paopaw (Available profiles: Paopaw & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1719308311-501218547-3283189548-1000\...\Run: [WINUP] => regsvr32 "C:\Users\Paopaw\AppData\Local\Temp\reg.dll

*****************

HKU\S-1-5-21-1719308311-501218547-3283189548-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WINUP => value deleted successfully.

==== End of Fixlog 06:56:32 ====


  • 0

#9
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,960 posts
Thanks, that should sort the error out.
Were you able to find the file?
  • 0

#10
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

2nqwd39.jpg

 

Didn't see any reg.dll

 

I'm not sure if malwarebytes have found the culprit but I unstalled it then reinstall it again.

 

Is there anyotherway?


  • 0

Advertisements


#11
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

<?xml version="1.0" encoding="UTF-8" ?>
<logs>
   <record severity="debug" LoggingEventType="1" datetime="2015-02-01T13:54:35.600357-08:00" source="Manual" type="Update" username="SYSTEM" systemname="PAOPAWDECARABAO" fromVersion="2014.8.16.1" last_modified_tag="55918e0f-dfe6-4746-b907-c5fe913327f7" name="Rootkit Database" toVersion="2015.1.14.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-02-01T13:54:54.365430-08:00" source="Manual" type="Update" username="SYSTEM" systemname="PAOPAWDECARABAO" fromVersion="2014.8.18.1" last_modified_tag="1e5f1ed9-1586-42db-a78e-a63746b15658" name="Malware Database" toVersion="2015.2.1.6"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-02-01T13:54:56.466550-08:00" source="Manual" type="Update" username="SYSTEM" systemname="PAOPAWDECARABAO" fromVersion="2.0.2.1012" last_modified_tag="2c74f176-056e-4ffb-84c2-bae53eb0f2e1" name="program" toVersion="2.0.4.1028"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-02-01T13:55:30.952523-08:00" source="Manual" type="Update" username="SYSTEM" systemname="PAOPAWDECARABAO" fromVersion="2013.10.16.1" last_modified_tag="df626336-f803-498b-a54d-e38170721780" name="Remediation Database" toVersion="2014.12.6.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-02-01T13:55:30.959523-08:00" source="Manual" type="Update" username="SYSTEM" systemname="PAOPAWDECARABAO" fromVersion="2014.11.18.1" last_modified_tag="5caec63e-8659-4835-9973-010bda6f313f" name="Rootkit Database" toVersion="2015.1.14.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-02-01T13:55:35.670792-08:00" source="Manual" type="Update" username="SYSTEM" systemname="PAOPAWDECARABAO" fromVersion="2014.11.20.6" last_modified_tag="fac7a5f2-2c81-4d13-ba66-4442ccefc9a5" name="Malware Database" toVersion="2015.2.1.6"></record>
   <record severity="debug" scantype="threat" LoggingEventType="6" starttime="2015-02-01T13:55:35-08:00" datetime="2015-02-01T14:03:10.364799-08:00" source="Manual" type="Scan" username="SYSTEM" systemname="PAOPAWDECARABAO" last_modified_tag="143317e4-4bb0-402e-97ce-0e3bb6f950be" duration="311" malwaredetections="3" nonmalwaredetections="7" scanresult="completed"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-02-01T14:11:13.560218-08:00" source="Manual" type="Update" username="SYSTEM" systemname="PAOPAWDECARABAO" fromVersion="2013.10.16.1" last_modified_tag="6edcc9d3-6832-4734-860e-fadc98767117" name="Remediation Database" toVersion="2014.12.6.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-02-01T14:11:13.571218-08:00" source="Manual" type="Update" username="SYSTEM" systemname="PAOPAWDECARABAO" fromVersion="2014.11.18.1" last_modified_tag="167fc763-9d7a-408c-bd5d-98144d0bb852" name="Rootkit Database" toVersion="2015.1.14.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-02-01T14:11:14.604277-08:00" source="Manual" type="Update" username="SYSTEM" systemname="PAOPAWDECARABAO" fromVersion="2014.11.20.6" last_modified_tag="426d4f0e-8b5a-4280-b804-2a9594b34035" name="Malware Database" toVersion="2015.2.1.6"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-02-01T14:13:14.198118-08:00" source="Manual" type="Update" username="SYSTEM" systemname="PAOPAWDECARABAO" fromVersion="2013.10.16.1" last_modified_tag="a1f284c4-1b14-40d5-a8a4-c91bfade7e58" name="Remediation Database" toVersion="2014.12.6.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-02-01T14:13:14.214119-08:00" source="Manual" type="Update" username="SYSTEM" systemname="PAOPAWDECARABAO" fromVersion="2014.11.18.1" last_modified_tag="9a6cd364-42ac-409e-836f-7faae19c9634" name="Rootkit Database" toVersion="2015.1.14.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-02-01T14:13:15.170173-08:00" source="Manual" type="Update" username="SYSTEM" systemname="PAOPAWDECARABAO" fromVersion="2014.11.20.6" last_modified_tag="89b673c9-c450-4eba-9482-f99a50ee3d4d" name="Malware Database" toVersion="2015.2.1.6"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-02-01T14:16:55.241215-08:00" source="Manual" type="Update" username="SYSTEM" systemname="PAOPAWDECARABAO" fromVersion="2015.2.1.6" last_modified_tag="3bd70a00-e9b1-4b63-a716-86bc7fea2180" name="Malware Database" toVersion="2015.2.1.7"></record>
   <record severity="debug" scantype="threat" LoggingEventType="6" starttime="2015-02-01T14:16:55-08:00" datetime="2015-02-01T14:22:15.803550-08:00" source="Manual" type="Scan" username="SYSTEM" systemname="PAOPAWDECARABAO" last_modified_tag="9a3f3a2b-2a6f-47d9-88a5-0dbf7b81fa07" duration="320" malwaredetections="0" nonmalwaredetections="0" scanresult="completed"></record>
   <record severity="debug" LoggingEventType="6" datetime="2015-02-01T15:01:57.139434-08:00" source="Manual" type="Scan" username="SYSTEM" systemname="PAOPAWDECARABAO" duration="335" last_modified_tag="0515ed3e-147b-4a56-9c2d-a532f71f26c2" malwaredetections="0" nonmalwaredetections="0" scanresult="completed" scantype="threat" starttime="2015-02-01T14:56:21-08:00"></record>
</logs>

 

 

Log from malwarebytes


  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,960 posts
That would be a very long shot, but I'm willing to have a look.
Can you send me one of the files you are unable to open?
Attach a file, preferably a picture that you are unable to view to your next post.
  • 0

#13
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Thank you so much


Edited by Paopawdecarabao, 03 February 2015 - 09:16 AM.

  • 0

#14
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

The photos are having aa hard time uploading. Always error


  • 0

#15
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,960 posts
I'll PM you my email address.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP