Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with malware from Adobe Flash update pop-up, cozhost.exe


  • This topic is locked This topic is locked
27 replies to this topic

#1 dlaudens

dlaudens

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 12 December 2014 - 09:38 PM

Hello:

 

My PC is infected with a hard to remove malware that keeps generating pop ups when using Chrome.  I've tried cleaning it with Avast, AdAware, Hitman Pro, and Malwarebytes, but the program must be in the registry because it keeps coming back every time I reboot.

 

I downloaded Farbar recovery tool and ran it and also AdwCleaner and ran it, but it Malwarebytes is still detecting the Cozhost.exe and Cozhost32.exe malware files.   After running all of these programs, Chrome is running better (no pop ups as I type this) but I'm not sure if I'm totally clean.

 

Here are the logs from FRST.txt and Addition.txt from Farbar,  and the before and after log files from Malwarebytes..

 

Appreciate your help....

 

Dlaudens

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2014 03
Ran by Mom at 2014-12-12 21:19:33
Running from F:\Users\Mom\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
Ad-Aware Web Companion (x32 Version: 1.0.813.1538 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Barbie Horse Adventures - Riding Camp (HKLM-x32\...\{F6E2F819-4E70-4DA0-BE98-5F773FB3B9A5}) (Version: 1.00.0000 - Activision)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GP5 Web Conferencing (HKLM-x32\...\omniview) (Version:  - )
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{DAE3B13B-5097-4EAE-BC26-C463377BD80E}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
LavasoftTcpService (x32 Version: 2.2.9.5 - Lavasoft) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Typing Instructor 30th Anniversary Edition (HKLM-x32\...\Typing Instructor 30th Anniversary Edition) (Version:  - )
WD Quick View (HKLM-x32\...\{2A3862B1-F0C6-49F3-AB9A-C53D7C4EEBEA}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{5A6ABA38-E8D6-4B52-B0BF-44081833E1D2}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{e502616c-37a2-498e-a9ee-cd1234ccc820}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)
Web Companion (HKLM-x32\...\{89C9F6E5-50D4-400C-AB96-5A947584D4D6}_WebCompanion) (Version: 1.0.813.1538 - Lavasoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\KOFU.job => ?
Task: C:\Windows\Tasks\Tempo Runner coz32host.job => ?
Task: C:\Windows\Tasks\Tempo Runner coz64host.job => ?
Task: C:\Windows\Tasks\WCFIQ.job => ?
 
==================== Loaded Modules (whitelisted) =============
 
2014-10-15 14:03 - 2014-10-15 14:03 - 08925504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
2014-10-15 14:03 - 2014-10-15 14:03 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 02132800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
 
========================= Accounts: ==========================
 
Admin (S-1-5-21-1970038904-3716629727-1996332306-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1970038904-3716629727-1996332306-500 - Administrator - Disabled)
Alex (S-1-5-21-1970038904-3716629727-1996332306-1005 - Limited - Enabled) => C:\Users\Alex
Ellie (S-1-5-21-1970038904-3716629727-1996332306-1006 - Limited - Enabled) => C:\Users\Ellie
Gracie (S-1-5-21-1970038904-3716629727-1996332306-1012 - Limited - Enabled) => C:\Users\Gracie
Guest (S-1-5-21-1970038904-3716629727-1996332306-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1970038904-3716629727-1996332306-1059 - Limited - Enabled)
Mom (S-1-5-21-1970038904-3716629727-1996332306-1014 - Limited - Enabled) => C:\Users\Mom
Sophia (S-1-5-21-1970038904-3716629727-1996332306-1009 - Limited - Enabled) => C:\Users\Sophia
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/11/2014 11:16:25 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1970038904-3716629727-1996332306-1014}/">.
 
Error: (12/11/2014 10:29:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AppleMobileDeviceService.exe, version: 17.327.4.35, time stamp: 0x52fa24ee
Faulting module name: AppleMobileDeviceService_main.dll, version: 17.327.4.35, time stamp: 0x539a62a9
Exception code: 0xc0000005
Fault offset: 0x00009ae0
Faulting process id: 0x1c38
Faulting application start time: 0xAppleMobileDeviceService.exe0
Faulting application path: AppleMobileDeviceService.exe1
Faulting module path: AppleMobileDeviceService.exe2
Report Id: AppleMobileDeviceService.exe3
 
Error: (12/11/2014 09:51:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = F:\Users\Mom\Downloads\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).
 
Error: (12/11/2014 00:42:22 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1970038904-3716629727-1996332306-1007.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {dc8b1926-1962-4b39-936d-8e578dc48748}
 
Error: (12/11/2014 00:41:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1970038904-3716629727-1996332306-1007.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {dc8b1926-1962-4b39-936d-8e578dc48748}
 
Error: (12/11/2014 00:41:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1970038904-3716629727-1996332306-1007.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {dc8b1926-1962-4b39-936d-8e578dc48748}
 
Error: (12/11/2014 00:41:56 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {01008a24-12dd-46d0-a04e-f438e90f88ac}
 
Error: (12/11/2014 00:32:45 AM) (Source: MsiInstaller) (EventID: 1024) (User: MainPC)
Description: Product: Adobe Reader XI (11.0.09) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (12/11/2014 00:05:55 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1970038904-3716629727-1996332306-1014}/">.
 
Error: (12/11/2014 00:05:48 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1970038904-3716629727-1996332306-1014}/">.
 
 
System errors:
=============
Error: (12/11/2014 10:14:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/11/2014 09:54:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (12/11/2014 09:54:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (12/11/2014 09:54:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (12/11/2014 09:52:07 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (12/11/2014 09:52:04 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068WDBackup{59484148-65C9-4467-A092-3F8380023772}
 
Error: (12/11/2014 09:52:04 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068WDBackup{81213AB4-5937-4340-88CD-66B4BC80DF73}
 
Error: (12/11/2014 09:51:48 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}
 
Error: (12/11/2014 09:51:48 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
 
Error: (12/11/2014 09:51:48 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
 
Microsoft Office Sessions:
=========================
Error: (12/11/2014 11:16:25 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-1970038904-3716629727-1996332306-1014}/
 
Error: (12/11/2014 10:29:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AppleMobileDeviceService.exe17.327.4.3552fa24eeAppleMobileDeviceService_main.dll17.327.4.35539a62a9c000000500009ae01c3801d015bbd8df3a87C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll1b667ac7-81af-11e4-aee7-bc5ff4ba528e
 
Error: (12/11/2014 09:51:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: F:\Users\Mom\Downloads\HitmanPro_x64.exe Checkpoint by HitmanPro0x8007043c
 
Error: (12/11/2014 00:42:22 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1970038904-3716629727-1996332306-1007.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {dc8b1926-1962-4b39-936d-8e578dc48748}
 
Error: (12/11/2014 00:41:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1970038904-3716629727-1996332306-1007.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {dc8b1926-1962-4b39-936d-8e578dc48748}
 
Error: (12/11/2014 00:41:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1970038904-3716629727-1996332306-1007.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {dc8b1926-1962-4b39-936d-8e578dc48748}
 
Error: (12/11/2014 00:41:56 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {01008a24-12dd-46d0-a04e-f438e90f88ac}
 
Error: (12/11/2014 00:32:45 AM) (Source: MsiInstaller) (EventID: 1024) (User: MainPC)
Description: Adobe Reader XI (11.0.09){AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)
 
Error: (12/11/2014 00:05:55 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-1970038904-3716629727-1996332306-1014}/
 
Error: (12/11/2014 00:05:48 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-1970038904-3716629727-1996332306-1014}/
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 56%
Total physical RAM: 3750.63 MB
Available physical RAM: 1645.64 MB
Total Pagefile: 7499.45 MB
Available Pagefile: 5179.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive c: (System Disk) (Fixed) (Total:111.69 GB) (Free:32.11 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:931.51 GB) (Free:830.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================

Attached Files


Edited by xXToffeeXx, 21 December 2014 - 11:30 AM.
Posted logs for ease~


BC AdBot (Login to Remove)

 


#2 dlaudens

dlaudens
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 13 December 2014 - 10:12 PM

Follow up:

 

OK...so I ran Malwarebytes, Adaware, HitmanPro, Avast, and AdwCleaner several times.  (Avast is my normal virus protection/firewall.)

 

AdwCleaner and Malwarebytes seemed to identify the malware the best.  Malwarebytes first scan found about 15 items and after I cleaned them it went down to 2 files that were found, but it could never clean them completely.

 

I scanned one more time with Avast and it found two files that were identified but could not be scanned because they were 'password protected'.  They were some kind of Adobe installer files in an odd location so I went in and manually deleted them.

 

Since then I have rebooted (several times) and ran all five of the scanners above (full scan and boot) and none of them have identified and potentially harmful files.  I'm no longer getting pop ups on the internet or constant warnings from Avast.

 

I'm still not sure if my PC is 100 clean though.....Can anyone assist me and look at my scan files to see if I'm in the clear?

 

The latest FRST.txt file (clean) is attached.  Let me know if any more are needed.

 

dlaudens

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014
Ran by Mom (ATTENTION: The logged in user is not administrator) on MAINPC on 13-12-2014 21:58:20
Running from F:\Users\Mom\Downloads\FARBAR
Loaded Profile: Mom (Available profiles: Admin & Alex & Ellie & Sophia & Gracie & Mom)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\RunOnce: [Adobe Speed Launcher] => 1418525405
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\MountPoints2: {82bfbcfd-9423-11e3-836a-bc5ff4ba528e} - E:\iStudio.exe
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\MountPoints2: {cbcc722f-e9ae-11e3-8f71-bc5ff4ba528e} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\MountPoints2: {ebb12adc-cc9d-11e3-b56a-bc5ff4ba528e} - E:\MI.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-01] (Microsoft Corporation)
Startup: C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Sophia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1970038904-3716629727-1996332306-1014 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mom\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-29]
 
Chrome: 
=======
CHR Profile: C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-30]
CHR Extension: (Google Drive) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-30]
CHR Extension: (Google Search) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-30]
CHR Extension: (Google Wallet) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (Gmail) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-13] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-13] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-13] (Avast Software)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [1351512 2014-11-27] (Lavasoft Limited)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-11-27] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-11-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-13] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-13] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-13] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-18] (Qualcomm Atheros Co., Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-13] (Avast Software)
S3 AsrSetupDrv; \??\C:\Windows\SysWOW64\Drivers\AsrSetupDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-13 21:52 - 2014-12-13 21:52 - 00000197 _____ () C:\Windows\system32\2014-12-14-02-52-02.056-AvastVBoxSVC.exe-3844.log
2014-12-13 13:12 - 2014-12-13 13:12 - 00000197 _____ () C:\Windows\system32\2014-12-13-18-12-42.072-AvastVBoxSVC.exe-3956.log
2014-12-13 11:53 - 2014-12-13 11:53 - 00000197 _____ () C:\Windows\system32\2014-12-13-16-53-54.045-AvastVBoxSVC.exe-3784.log
2014-12-13 10:54 - 2014-12-13 10:54 - 00000197 _____ () C:\Windows\system32\2014-12-13-15-54-34.023-AvastVBoxSVC.exe-3876.log
2014-12-13 10:31 - 2014-12-13 10:31 - 00000197 _____ () C:\Windows\system32\2014-12-13-15-31-27.024-AvastVBoxSVC.exe-3956.log
2014-12-13 10:20 - 2014-12-13 10:20 - 00000197 _____ () C:\Windows\system32\2014-12-13-15-20-21.003-AvastVBoxSVC.exe-3976.log
2014-12-13 10:15 - 2014-12-13 10:15 - 00000197 _____ () C:\Windows\system32\2014-12-13-15-15-49.056-AvastVBoxSVC.exe-3680.log
2014-12-13 09:38 - 2014-12-13 09:39 - 00000197 _____ () C:\Windows\system32\2014-12-13-14-38-47.056-AvastVBoxSVC.exe-3852.log
2014-12-12 21:30 - 2014-12-12 21:30 - 00000197 _____ () C:\Windows\system32\2014-12-13-02-30-16.044-AvastVBoxSVC.exe-4016.log
2014-12-12 21:25 - 2014-12-12 21:25 - 00000197 _____ () C:\Windows\system32\2014-12-13-02-25-35.049-AvastVBoxSVC.exe-3740.log
2014-12-12 21:19 - 2014-12-13 21:58 - 00000000 ____D () C:\FRST
2014-12-12 19:41 - 2014-12-12 19:41 - 00000197 _____ () C:\Windows\system32\2014-12-13-00-41-57.032-AvastVBoxSVC.exe-4060.log
2014-12-11 23:00 - 2014-12-11 23:00 - 00000197 _____ () C:\Windows\system32\2014-12-12-04-00-36.016-AvastVBoxSVC.exe-4092.log
2014-12-11 22:43 - 2014-12-11 22:43 - 00000197 _____ () C:\Windows\system32\2014-12-12-03-43-51.083-AvastVBoxSVC.exe-4068.log
2014-12-11 22:30 - 2014-12-11 22:30 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-11 22:30 - 2014-12-11 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-11 22:30 - 2014-12-11 22:30 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-11 22:30 - 2014-12-11 22:30 - 00000000 ____D () C:\Program Files\iTunes
2014-12-11 22:30 - 2014-12-11 22:30 - 00000000 ____D () C:\Program Files\iPod
2014-12-11 22:30 - 2014-12-11 22:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-11 22:16 - 2014-12-11 22:16 - 00000197 _____ () C:\Windows\system32\2014-12-12-03-16-43.001-AvastVBoxSVC.exe-3928.log
2014-12-11 22:02 - 2014-12-11 22:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-11 22:02 - 2014-12-11 22:02 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-11 22:02 - 2014-12-11 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-11 22:02 - 2014-12-11 22:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-11 22:02 - 2014-12-11 22:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-11 22:02 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-11 22:02 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-11 22:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-11 15:44 - 2014-12-11 15:44 - 00000197 _____ () C:\Windows\system32\2014-12-11-20-44-16.014-AvastVBoxSVC.exe-5360.log
2014-12-11 13:16 - 2014-12-11 13:17 - 00000197 _____ () C:\Windows\system32\2014-12-11-18-16-48.090-AvastVBoxSVC.exe-4368.log
2014-12-11 00:42 - 2014-12-11 21:51 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-12-11 00:42 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 00:42 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 00:37 - 2014-12-11 00:37 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-11 00:34 - 2014-12-11 00:34 - 00000197 _____ () C:\Windows\system32\2014-12-11-05-34-13.061-AvastVBoxSVC.exe-6076.log
2014-12-11 00:03 - 2014-12-11 00:03 - 00000197 _____ () C:\Windows\system32\2014-12-11-05-03-01.048-AvastVBoxSVC.exe-5812.log
2014-12-10 23:57 - 2014-12-10 23:57 - 00000197 _____ () C:\Windows\system32\2014-12-11-04-57-16.083-AvastVBoxSVC.exe-4456.log
2014-12-10 23:55 - 2014-12-10 23:55 - 454531690 _____ () C:\Windows\MEMORY.DMP
2014-12-10 23:54 - 2014-12-11 00:00 - 00001766 _____ () C:\Windows\system32\.crusader
2014-12-10 23:50 - 2014-12-11 00:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-10 23:38 - 2014-12-10 23:38 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieUserList
2014-12-10 23:38 - 2014-12-10 23:38 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieSiteList
2014-12-10 23:38 - 2014-12-10 23:38 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieBrowserModeList
2014-12-10 23:18 - 2014-12-10 23:18 - 00000197 _____ () C:\Windows\system32\2014-12-11-04-18-19.045-AvastVBoxSVC.exe-5484.log
2014-12-10 23:18 - 2014-12-10 23:18 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Lavasoft
2014-12-10 21:47 - 2014-12-13 21:49 - 00004584 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2014-12-10 21:47 - 2014-12-13 21:49 - 00002416 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-10 21:47 - 2014-12-13 21:49 - 00002416 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2014-12-10 21:47 - 2014-12-10 21:47 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\LavasoftStatistics
2014-12-10 21:47 - 2014-12-10 21:47 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-12-10 21:47 - 2014-11-27 10:44 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2014-12-10 21:47 - 2014-11-27 10:44 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2014-12-10 21:46 - 2014-12-13 21:50 - 00002276 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-12-10 21:46 - 2014-12-10 21:55 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Lavasoft
2014-12-10 21:46 - 2014-12-10 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-12-10 21:45 - 2014-12-10 21:45 - 00000000 ____D () C:\Program Files\Lavasoft
2014-12-10 21:44 - 2014-12-10 21:46 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-12-10 21:44 - 2014-12-10 21:44 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-12-10 06:54 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 06:54 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 06:54 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 06:54 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 06:54 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 06:54 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 06:54 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 06:54 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 06:54 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 06:54 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 06:54 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 06:54 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 06:54 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 06:54 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 06:54 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 06:54 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 06:54 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 06:54 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 06:54 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 06:54 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 06:54 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 06:54 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 06:54 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 06:54 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 06:54 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 06:54 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 06:54 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 06:54 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 06:54 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 06:54 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 06:54 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 06:54 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 06:54 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 06:54 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 06:54 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 06:54 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 06:54 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 06:54 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 06:54 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 06:54 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 06:54 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 06:54 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 06:54 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 06:54 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 06:54 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 06:54 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 06:54 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 06:54 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 06:54 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 06:54 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 06:54 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 06:54 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 06:54 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 06:54 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 06:54 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 06:54 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 06:54 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 06:54 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 06:54 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 06:53 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 06:53 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 06:53 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 06:53 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 06:53 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 06:53 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 06:53 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 06:53 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 06:53 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 06:53 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 06:53 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 06:53 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 06:53 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 06:53 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 06:45 - 2014-12-10 06:46 - 00000197 _____ () C:\Windows\system32\2014-12-10-11-45-35.023-AvastVBoxSVC.exe-3356.log
2014-12-09 21:41 - 2014-12-09 21:41 - 00000197 _____ () C:\Windows\system32\2014-12-10-02-41-23.033-AvastVBoxSVC.exe-3468.log
2014-12-09 20:20 - 2014-12-09 20:20 - 00000197 _____ () C:\Windows\system32\2014-12-10-01-20-02.055-AvastVBoxSVC.exe-4660.log
2014-12-09 20:18 - 2014-12-11 22:14 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-09 20:17 - 2014-12-13 21:49 - 00059422 _____ () C:\Windows\PFRO.log
2014-12-09 20:17 - 2014-12-13 21:49 - 00003204 _____ () C:\Windows\setupact.log
2014-12-09 20:17 - 2014-12-09 20:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-09 18:28 - 2014-12-13 21:50 - 00001332 _____ () C:\Windows\Tasks\WCFIQ.job
2014-12-09 18:28 - 2014-12-13 21:50 - 00001330 _____ () C:\Windows\Tasks\KOFU.job
2014-12-09 18:28 - 2014-12-09 18:28 - 00000000 ____D () C:\Program Files (x86)\6cd887f2-b729-4c7f-ad31-97056ad39263
2014-12-09 06:34 - 2014-12-09 06:34 - 00000197 _____ () C:\Windows\system32\2014-12-09-11-34-01.059-AvastVBoxSVC.exe-2684.log
2014-12-08 07:52 - 2014-12-08 07:53 - 00000197 _____ () C:\Windows\system32\2014-12-08-12-52-27.037-AvastVBoxSVC.exe-2488.log
2014-12-07 08:12 - 2014-12-07 08:12 - 00000197 _____ () C:\Windows\system32\2014-12-07-13-12-43.032-AvastVBoxSVC.exe-2572.log
2014-12-07 08:03 - 2014-12-07 08:04 - 00000197 _____ () C:\Windows\system32\2014-12-07-13-03-56.057-AvastVBoxSVC.exe-2796.log
2014-12-06 15:23 - 2014-12-06 15:23 - 00000197 _____ () C:\Windows\system32\2014-12-06-20-23-53.070-AvastVBoxSVC.exe-2740.log
2014-12-06 15:18 - 2014-12-06 15:18 - 00000197 _____ () C:\Windows\system32\2014-12-06-20-18-05.032-AvastVBoxSVC.exe-2384.log
2014-12-06 09:07 - 2014-12-06 09:08 - 00000197 _____ () C:\Windows\system32\2014-12-06-14-07-27.050-AvastVBoxSVC.exe-2648.log
2014-12-05 07:05 - 2014-12-05 07:05 - 00000197 _____ () C:\Windows\system32\2014-12-05-12-05-13.020-AvastVBoxSVC.exe-2624.log
2014-12-04 07:07 - 2014-12-04 07:08 - 00000197 _____ () C:\Windows\system32\2014-12-04-12-07-42.079-AvastVBoxSVC.exe-2668.log
2014-12-03 07:31 - 2014-12-03 07:32 - 00000197 _____ () C:\Windows\system32\2014-12-03-12-31-30.012-AvastVBoxSVC.exe-2396.log
2014-12-02 20:44 - 2014-12-02 20:44 - 00000197 _____ () C:\Windows\system32\2014-12-03-01-44-13.076-AvastVBoxSVC.exe-2636.log
2014-12-02 20:21 - 2014-12-02 20:21 - 00000197 _____ () C:\Windows\system32\2014-12-03-01-21-06.047-AvastVBoxSVC.exe-2708.log
2014-12-02 20:13 - 2014-12-02 20:13 - 00000197 _____ () C:\Windows\system32\2014-12-03-01-13-18.044-AvastVBoxSVC.exe-2500.log
2014-12-02 09:52 - 2014-12-02 09:53 - 00000197 _____ () C:\Windows\system32\2014-12-02-14-52-57.038-AvastVBoxSVC.exe-2396.log
2014-12-02 07:04 - 2014-12-02 07:05 - 00000197 _____ () C:\Windows\system32\2014-12-02-12-04-54.063-AvastVBoxSVC.exe-2420.log
2014-12-01 06:31 - 2014-12-01 06:31 - 00000247 _____ () C:\Windows\system32\2014-12-01-11-31-13.072-aswFe.exe-4264.log
2014-12-01 06:29 - 2014-12-01 06:31 - 00000247 _____ () C:\Windows\system32\2014-12-01-11-29-35.025-aswFe.exe-5472.log
2014-12-01 06:29 - 2014-12-01 06:29 - 00000197 _____ () C:\Windows\system32\2014-12-01-11-29-32.095-AvastVBoxSVC.exe-1824.log
2014-11-30 11:23 - 2014-11-30 11:24 - 00000197 _____ () C:\Windows\system32\2014-11-30-16-23-52.072-AvastVBoxSVC.exe-2492.log
2014-11-29 09:34 - 2014-11-29 09:34 - 00000197 _____ () C:\Windows\system32\2014-11-29-14-34-36.050-AvastVBoxSVC.exe-2528.log
2014-11-28 10:03 - 2014-11-28 10:04 - 00000197 _____ () C:\Windows\system32\2014-11-28-15-03-55.066-AvastVBoxSVC.exe-2524.log
2014-11-27 16:11 - 2014-11-27 16:12 - 00000197 _____ () C:\Windows\system32\2014-11-27-21-11-23.087-AvastVBoxSVC.exe-2644.log
2014-11-27 09:04 - 2014-11-27 09:04 - 00000197 _____ () C:\Windows\system32\2014-11-27-14-04-34.030-AvastVBoxSVC.exe-2672.log
2014-11-26 08:27 - 2014-11-26 08:28 - 00000197 _____ () C:\Windows\system32\2014-11-26-13-27-40.033-AvastVBoxSVC.exe-2564.log
2014-11-25 07:01 - 2014-11-25 07:01 - 00000197 _____ () C:\Windows\system32\2014-11-25-12-01-18.090-AvastVBoxSVC.exe-2484.log
2014-11-24 06:51 - 2014-11-24 06:52 - 00000197 _____ () C:\Windows\system32\2014-11-24-11-51-21.094-AvastVBoxSVC.exe-2540.log
2014-11-23 10:57 - 2014-11-23 10:58 - 00000197 _____ () C:\Windows\system32\2014-11-23-15-57-28.068-AvastVBoxSVC.exe-2684.log
2014-11-22 14:55 - 2014-11-22 14:55 - 00000000 ____D () C:\Program Files\Western Digital
2014-11-21 07:21 - 2014-11-21 07:21 - 00000197 _____ () C:\Windows\system32\2014-11-21-12-21-03.066-AvastVBoxSVC.exe-2712.log
2014-11-20 03:04 - 2014-11-20 03:04 - 00000197 _____ () C:\Windows\system32\2014-11-20-08-04-48.088-AvastVBoxSVC.exe-2756.log
2014-11-19 07:52 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 07:52 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 07:52 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 07:52 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 07:49 - 2014-11-19 07:50 - 00000197 _____ () C:\Windows\system32\2014-11-19-12-49-33.021-AvastVBoxSVC.exe-2556.log
2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
2014-11-18 07:04 - 2014-11-18 07:04 - 00000197 _____ () C:\Windows\system32\2014-11-18-12-04-03.006-AvastVBoxSVC.exe-2484.log
2014-11-17 10:26 - 2014-11-17 10:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-17 10:26 - 2014-11-17 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-11-17 07:59 - 2014-11-17 07:59 - 00000197 _____ () C:\Windows\system32\2014-11-17-12-59-15.018-AvastVBoxSVC.exe-2516.log
2014-11-16 09:25 - 2014-11-16 09:26 - 00000197 _____ () C:\Windows\system32\2014-11-16-14-25-35.037-AvastVBoxSVC.exe-2520.log
2014-11-15 16:30 - 2014-11-15 16:30 - 00000197 _____ () C:\Windows\system32\2014-11-15-21-30-02.049-AvastVBoxSVC.exe-2732.log
2014-11-15 07:32 - 2014-11-15 07:32 - 00000197 _____ () C:\Windows\system32\2014-11-15-12-32-05.052-AvastVBoxSVC.exe-2456.log
2014-11-13 20:49 - 2014-11-13 20:49 - 00000247 _____ () C:\Windows\system32\2014-11-14-01-49-57.059-aswFe.exe-5004.log
2014-11-13 20:48 - 2014-11-13 20:49 - 00000247 _____ () C:\Windows\system32\2014-11-14-01-48-17.055-aswFe.exe-4328.log
2014-11-13 20:48 - 2014-11-13 20:48 - 00000197 _____ () C:\Windows\system32\2014-11-14-01-48-15.026-AvastVBoxSVC.exe-3132.log
2014-11-13 20:47 - 2014-11-13 20:47 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-13 20:47 - 2014-11-13 20:47 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-13 20:42 - 2014-11-13 20:42 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-11-13 20:42 - 2014-11-13 20:42 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-13 20:42 - 2014-11-13 20:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-13 20:42 - 2014-11-13 20:42 - 00002001 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2014-11-13 20:42 - 2014-11-13 20:42 - 00001941 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2014-11-13 20:42 - 2014-11-13 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-13 21:57 - 2009-07-13 23:45 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-13 21:57 - 2009-07-13 23:45 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-13 21:55 - 2009-07-14 00:13 - 00800244 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-13 21:53 - 2013-09-27 12:25 - 01542425 _____ () C:\Windows\WindowsUpdate.log
2014-12-13 21:50 - 2013-10-15 18:48 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-12-13 21:50 - 2013-09-29 03:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-13 21:49 - 2013-10-01 02:06 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-12-13 21:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-13 13:11 - 2013-09-29 01:56 - 00000000 ____D () C:\Users\Admin
2014-12-13 13:09 - 2013-09-29 03:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-13 13:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-11 23:11 - 2013-09-29 03:17 - 00002252 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 22:30 - 2014-08-28 11:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-12-11 22:30 - 2014-02-10 22:37 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-11 15:45 - 2009-07-13 21:34 - 00000530 _____ () C:\Windows\win.ini
2014-12-11 15:44 - 2013-09-29 10:22 - 00000000 ____D () C:\Users\Sophia
2014-12-11 13:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 00:47 - 2013-10-03 07:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 00:47 - 2013-09-29 02:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 00:43 - 2013-09-29 02:43 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 00:37 - 2013-10-07 08:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 00:00 - 2013-09-30 01:09 - 00000000 ____D () C:\Users\Mom
2014-12-10 23:58 - 2013-09-30 00:43 - 00000000 ____D () C:\Users\Gracie
2014-12-10 23:58 - 2013-09-29 10:22 - 00000000 ____D () C:\Users\Ellie
2014-12-10 23:58 - 2013-09-29 10:22 - 00000000 ____D () C:\Users\Alex
2014-12-10 23:55 - 2014-09-25 06:50 - 00000000 ____D () C:\Windows\Minidump
2014-12-09 18:28 - 2013-10-07 08:22 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-09 13:45 - 2014-09-09 10:21 - 00001138 _____ () C:\Users\Sophia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GP5.lnk
2014-12-09 13:45 - 2014-09-09 10:21 - 00001138 _____ () C:\Users\Sophia\AppData\Roaming\Microsoft\Windows\Start Menu\GP5.lnk
2014-11-22 14:55 - 2013-10-15 18:48 - 00000000 ____D () C:\ProgramData\Western Digital
2014-11-22 14:55 - 2013-10-15 18:48 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-22 14:55 - 2013-10-15 18:48 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-11-22 14:55 - 2013-10-15 18:48 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-11-21 20:01 - 2013-09-29 03:15 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-17 23:12 - 2014-02-23 13:39 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Skype
2014-11-17 15:27 - 2013-10-10 22:16 - 00088704 _____ () C:\Users\Sophia\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-17 10:27 - 2014-02-23 13:39 - 00000000 ____D () C:\ProgramData\Skype
2014-11-17 10:26 - 2014-02-23 13:39 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-11-13 20:42 - 2014-04-23 22:37 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-13 20:42 - 2013-12-23 23:35 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-13 20:42 - 2013-09-29 03:56 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-13 20:42 - 2013-09-29 03:56 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-13 20:42 - 2013-09-29 03:15 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-13 20:42 - 2013-09-29 03:15 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-13 20:42 - 2013-09-29 03:15 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-13 20:42 - 2013-09-29 03:15 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-11-13 18:02 - 2013-10-19 04:55 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Adobe
2014-11-13 16:50 - 2013-10-01 07:53 - 00088704 _____ () C:\Users\Mom\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 08:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 07:07 - 2009-07-13 23:45 - 00351504 _____ () C:\Windows\system32\FNTCACHE.DAT
 
Some content of TEMP:
====================
C:\Users\Sophia\AppData\Local\Temp\setup-gp5-updater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.
 
==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   41.75KB   4 downloads

Edited by xXToffeeXx, 21 December 2014 - 11:25 AM.
Added log for ease~


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 17 December 2014 - 09:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/559665 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 dlaudens

dlaudens
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 19 December 2014 - 11:42 PM

I was getting all kinds of popup ads from zoomify, etc, so I ran Malwarebytes, Adaware, HitmanPro, Avast, and AdwCleaner several times.  (Avast is my normal virus protection/firewall.)

 

AdwCleaner and Malwarebytes seemed to identify the malware the best.  Malwarebytes first scan found about 15 items and after I cleaned them it went down to 2 files that were found, but it could never clean them completely.

 

I scanned one more time with Avast and it found two files that were identified but could not be scanned because they were 'password protected'.  They were some kind of Adobe installer files in an odd location so I went in and manually deleted them.

 

Since then I have rebooted (several times) and ran all five of the scanners above (full scan and boot) and none of them have identified and potentially harmful files.  I'm no longer getting pop ups on the internet or constant warnings from Avast.  I did get several 'track 006' extensions on my google browser though.

 

I'm still not sure if my PC is 100 clean though.....Can anyone assist me and look at my scan files to see if I'm in the clear?

 

I tried downloading DDS on my pc but it won't launch.   Running windows 7 64 bit.  I have the disks.



#5 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 20 December 2014 - 01:42 AM

Hi dlaudens :)

 

My name is polskamachina and I will be assisting you with your malware problems. What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-8 Hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.

 

polskamachina



#6 dlaudens

dlaudens
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 20 December 2014 - 09:45 AM

Polskamachina:

 

Thanks for helping.  As I said in my post(s), I have run several anti virus/adware programs and think I have cleared the virus/adware.  It took a long time to finally get rid of all the malware.  Now, when I run the scans from the antivirus/adware programs, they all come back clean with no detections.

 

It was a pesky virus that was in the startup registry, because every time I would get it 'clean', the virus would come back when I rebooted.

 

What I am needing is someone to review my system to see if it is truly clean.

 

Thanks again for helping me out.

 

P.S. I am on EST.

 

dlaudens



#7 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 21 December 2014 - 03:35 AM

Hi dlaudens :)

 

Regarding DDS, do you get any error messages or any type of feedback at all after you run it?

 

polskamachina



#8 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 23 December 2014 - 10:41 PM

Hi Dlaudens :)
 
I've noticed from your logs that you have two anti-virus programs installed.
 
Using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

When scanning engines are initiated, each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "false positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that threat. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you may encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found after it has already been neutralized.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of another and may insist that it be removed prior to installation. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms as described above while trying to use it. In some cases, one of the anti-virus programs may even get disabled by the other.

To avoid these problems, use only one anti-virus solution.
 
We need to remove programs using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, click on only one of the below entries and select "Remove":

  • Ad-Aware Antivirus
  • avast! Antivirus

Additional instructions can be found here if needed.
 
Next:
 
In order for the FRST and DDS program to run effectively, they must be run with administrative privileges. Therefore, please do the following:

  • Right-click FRST then click "Run as administrator"
  • When the tool opens, click Yes to disclaimer.
  • Check the box for Addition.txt
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt and Addition.txt in the same directory from which the tool was run.
  • Please copy and paste the logs in your next reply.

Next:
 
Try to run DDS again but first make sure you disconnect from the internet and temporarily disable all of your antivirus protection before you click the Start button. After the scan is complete, please copy and paste the DDS and attach.txt logs in your next reply to me. Don't foget to re-enable your anti-virus program after you've run the program.
 
Let me know if you have any questions.
 
polskamachina



#9 dlaudens

dlaudens
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 24 December 2014 - 01:38 AM

polskamachina:

 

Thanks for the info on running 2 anti-virus.....not the standard setup for me.   Just added AdAware to see if it would find anything Avast didn't (Avast is normal Anti-Virus).

 

Here is FRST

 

 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014 (ATTENTION: ====> FRST version is 11 days old and could be outdated)

Ran by Admin (administrator) on MAINPC on 24-12-2014 01:27:04
Running from F:\Users\Mom\Downloads\FARBAR
Loaded Profiles: Admin & Mom (Available profiles: Admin & Alex & Ellie & Sophia & Gracie & Mom)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1970038904-3716629727-1996332306-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1970038904-3716629727-1996332306-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1970038904-3716629727-1996332306-1000\...\RunOnce: [Adobe Speed Launcher] => 1419400750
HKU\S-1-5-21-1970038904-3716629727-1996332306-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1970038904-3716629727-1996332306-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1970038904-3716629727-1996332306-1000\...\MountPoints2: {cbcc722f-e9ae-11e3-8f71-bc5ff4ba528e} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\RunOnce: [Adobe Speed Launcher] => 1419402270
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\MountPoints2: {82bfbcfd-9423-11e3-836a-bc5ff4ba528e} - E:\iStudio.exe
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\MountPoints2: {cbcc722f-e9ae-11e3-8f71-bc5ff4ba528e} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\MountPoints2: {ebb12adc-cc9d-11e3-b56a-bc5ff4ba528e} - E:\MI.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-01] (Microsoft Corporation)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Ellie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Sophia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1012\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1009\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1006\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1005\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1970038904-3716629727-1996332306-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1970038904-3716629727-1996332306-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1970038904-3716629727-1996332306-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1970038904-3716629727-1996332306-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1970038904-3716629727-1996332306-1014 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-29]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-01]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-13] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-13] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-13] (Avast Software)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-11-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-13] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-13] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-13] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-18] (Qualcomm Atheros Co., Ltd.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-13] (Avast Software)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-24 01:25 - 2014-12-24 01:25 - 00000197 _____ () C:\Windows\system32\2014-12-24-06-25-57.029-AvastVBoxSVC.exe-2720.log
2014-12-24 01:22 - 2014-12-24 01:22 - 00000159 _____ () C:\prefs.js
2014-12-24 01:22 - 2014-12-24 01:22 - 00000000 ____D () C:\searchplugins
2014-12-24 01:21 - 2014-12-24 01:21 - 00000000 ____D () C:\Users\Mom\AppData\Local\Lavasoft
2014-12-24 01:20 - 2014-12-24 01:20 - 00000197 _____ () C:\Windows\system32\2014-12-24-06-20-30.002-AvastVBoxSVC.exe-3420.log
2014-12-24 01:05 - 2014-12-24 01:05 - 00000197 _____ () C:\Windows\system32\2014-12-24-06-05-04.044-AvastVBoxSVC.exe-3504.log
2014-12-24 00:51 - 2014-12-24 00:52 - 00000197 _____ () C:\Windows\system32\2014-12-24-05-51-59.072-AvastVBoxSVC.exe-3368.log
2014-12-24 00:49 - 2014-12-24 00:49 - 00000197 _____ () C:\Windows\system32\2014-12-24-05-49-07.009-AvastVBoxSVC.exe-3840.log
2014-12-23 16:53 - 2014-12-23 16:54 - 00000197 _____ () C:\Windows\system32\2014-12-23-21-53-22.045-AvastVBoxSVC.exe-3932.log
2014-12-21 23:22 - 2014-12-21 23:22 - 00000197 _____ () C:\Windows\system32\2014-12-22-04-22-02.010-AvastVBoxSVC.exe-3992.log
2014-12-21 10:37 - 2014-12-21 10:38 - 00000197 _____ () C:\Windows\system32\2014-12-21-15-37-31.071-AvastVBoxSVC.exe-3888.log
2014-12-20 14:47 - 2014-12-20 14:47 - 00000197 _____ () C:\Windows\system32\2014-12-20-19-47-54.001-AvastVBoxSVC.exe-3828.log
2014-12-20 11:06 - 2014-12-20 11:06 - 00000197 _____ () C:\Windows\system32\2014-12-20-16-06-14.067-AvastVBoxSVC.exe-3872.log
2014-12-20 09:34 - 2014-12-20 09:34 - 00000197 _____ () C:\Windows\system32\2014-12-20-14-34-08.013-AvastVBoxSVC.exe-3952.log
2014-12-19 07:55 - 2014-12-19 07:55 - 00000197 _____ () C:\Windows\system32\2014-12-19-12-55-02.028-AvastVBoxSVC.exe-3872.log
2014-12-18 09:57 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 09:57 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-18 09:16 - 2014-12-18 09:16 - 00000197 _____ () C:\Windows\system32\2014-12-18-14-16-23.032-AvastVBoxSVC.exe-3888.log
2014-12-18 07:53 - 2014-12-18 07:53 - 00000247 _____ () C:\Windows\system32\2014-12-18-12-53-06.012-aswFe.exe-6572.log
2014-12-18 07:51 - 2014-12-18 07:53 - 00000247 _____ () C:\Windows\system32\2014-12-18-12-51-30.006-aswFe.exe-6696.log
2014-12-18 07:51 - 2014-12-18 07:51 - 00000197 _____ () C:\Windows\system32\2014-12-18-12-51-27.098-AvastVBoxSVC.exe-6820.log
2014-12-17 09:20 - 2014-12-17 09:21 - 00000197 _____ () C:\Windows\system32\2014-12-17-14-20-16.041-AvastVBoxSVC.exe-4000.log
2014-12-17 07:02 - 2014-12-17 07:02 - 00000197 _____ () C:\Windows\system32\2014-12-17-12-02-00.073-AvastVBoxSVC.exe-3964.log
2014-12-16 07:26 - 2014-12-16 07:27 - 00000197 _____ () C:\Windows\system32\2014-12-16-12-26-45.017-AvastVBoxSVC.exe-3904.log
2014-12-15 23:00 - 2014-12-15 23:00 - 00000197 _____ () C:\Windows\system32\2014-12-16-04-00-03.020-AvastVBoxSVC.exe-3864.log
2014-12-15 22:57 - 2014-12-24 01:23 - 00002128 _____ () C:\Windows\setupact.log
2014-12-15 22:57 - 2014-12-15 22:57 - 00000318 _____ () C:\Windows\PFRO.log
2014-12-15 22:57 - 2014-12-15 22:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-15 22:50 - 2014-12-15 22:50 - 00000197 _____ () C:\Windows\system32\2014-12-16-03-50-02.033-AvastVBoxSVC.exe-4036.log
2014-12-15 22:44 - 2014-12-15 22:57 - 00000000 ____D () C:\AdwCleaner
2014-12-15 22:40 - 2014-12-15 22:40 - 00000000 ____D () C:\Program Files\HitmanPro
2014-12-15 22:26 - 2014-12-15 22:26 - 00003274 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1970038904-3716629727-1996332306-1000
2014-12-15 22:19 - 2014-12-15 22:19 - 00000197 _____ () C:\Windows\system32\2014-12-16-03-19-55.007-AvastVBoxSVC.exe-3952.log
2014-12-15 22:05 - 2014-12-24 01:26 - 00264942 _____ () C:\Windows\WindowsUpdate.log
2014-12-15 22:05 - 2014-12-15 22:05 - 00000197 _____ () C:\Windows\system32\2014-12-16-03-05-06.038-AvastVBoxSVC.exe-3820.log
2014-12-15 21:40 - 2014-12-15 21:40 - 00000197 _____ () C:\Windows\system32\2014-12-16-02-40-21.032-AvastVBoxSVC.exe-4040.log
2014-12-15 07:52 - 2014-12-15 07:53 - 00000197 _____ () C:\Windows\system32\2014-12-15-12-52-51.056-AvastVBoxSVC.exe-3768.log
2014-12-14 17:07 - 2014-12-14 17:07 - 00000197 _____ () C:\Windows\system32\2014-12-14-22-07-13.037-AvastVBoxSVC.exe-3904.log
2014-12-13 21:52 - 2014-12-13 21:52 - 00000197 _____ () C:\Windows\system32\2014-12-14-02-52-02.056-AvastVBoxSVC.exe-3844.log
2014-12-13 13:12 - 2014-12-13 13:12 - 00000197 _____ () C:\Windows\system32\2014-12-13-18-12-42.072-AvastVBoxSVC.exe-3956.log
2014-12-13 11:53 - 2014-12-13 11:53 - 00000197 _____ () C:\Windows\system32\2014-12-13-16-53-54.045-AvastVBoxSVC.exe-3784.log
2014-12-13 10:54 - 2014-12-13 10:54 - 00000197 _____ () C:\Windows\system32\2014-12-13-15-54-34.023-AvastVBoxSVC.exe-3876.log
2014-12-13 10:31 - 2014-12-13 10:31 - 00000197 _____ () C:\Windows\system32\2014-12-13-15-31-27.024-AvastVBoxSVC.exe-3956.log
2014-12-13 10:20 - 2014-12-13 10:20 - 00000197 _____ () C:\Windows\system32\2014-12-13-15-20-21.003-AvastVBoxSVC.exe-3976.log
2014-12-13 10:15 - 2014-12-13 10:15 - 00000197 _____ () C:\Windows\system32\2014-12-13-15-15-49.056-AvastVBoxSVC.exe-3680.log
2014-12-13 09:38 - 2014-12-13 09:39 - 00000197 _____ () C:\Windows\system32\2014-12-13-14-38-47.056-AvastVBoxSVC.exe-3852.log
2014-12-12 21:30 - 2014-12-12 21:30 - 00000197 _____ () C:\Windows\system32\2014-12-13-02-30-16.044-AvastVBoxSVC.exe-4016.log
2014-12-12 21:25 - 2014-12-12 21:25 - 00000197 _____ () C:\Windows\system32\2014-12-13-02-25-35.049-AvastVBoxSVC.exe-3740.log
2014-12-12 21:19 - 2014-12-24 01:27 - 00000000 ____D () C:\FRST
2014-12-12 19:41 - 2014-12-12 19:41 - 00000197 _____ () C:\Windows\system32\2014-12-13-00-41-57.032-AvastVBoxSVC.exe-4060.log
2014-12-11 23:00 - 2014-12-11 23:00 - 00000197 _____ () C:\Windows\system32\2014-12-12-04-00-36.016-AvastVBoxSVC.exe-4092.log
2014-12-11 22:43 - 2014-12-11 22:43 - 00000197 _____ () C:\Windows\system32\2014-12-12-03-43-51.083-AvastVBoxSVC.exe-4068.log
2014-12-11 22:30 - 2014-12-11 22:30 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-11 22:30 - 2014-12-11 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-11 22:30 - 2014-12-11 22:30 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-11 22:30 - 2014-12-11 22:30 - 00000000 ____D () C:\Program Files\iTunes
2014-12-11 22:30 - 2014-12-11 22:30 - 00000000 ____D () C:\Program Files\iPod
2014-12-11 22:30 - 2014-12-11 22:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-11 22:16 - 2014-12-11 22:16 - 00000197 _____ () C:\Windows\system32\2014-12-12-03-16-43.001-AvastVBoxSVC.exe-3928.log
2014-12-11 22:02 - 2014-12-15 21:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-11 22:02 - 2014-12-11 22:02 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-11 22:02 - 2014-12-11 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-11 22:02 - 2014-12-11 22:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-11 22:02 - 2014-12-11 22:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-11 22:02 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-11 22:02 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-11 22:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-11 15:44 - 2014-12-11 15:44 - 00000197 _____ () C:\Windows\system32\2014-12-11-20-44-16.014-AvastVBoxSVC.exe-5360.log
2014-12-11 13:16 - 2014-12-11 13:17 - 00000197 _____ () C:\Windows\system32\2014-12-11-18-16-48.090-AvastVBoxSVC.exe-4368.log
2014-12-11 00:42 - 2014-12-11 21:51 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-12-11 00:42 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 00:42 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 00:37 - 2014-12-11 00:37 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-11 00:34 - 2014-12-11 00:34 - 00000197 _____ () C:\Windows\system32\2014-12-11-05-34-13.061-AvastVBoxSVC.exe-6076.log
2014-12-11 00:03 - 2014-12-11 00:03 - 00000197 _____ () C:\Windows\system32\2014-12-11-05-03-01.048-AvastVBoxSVC.exe-5812.log
2014-12-10 23:57 - 2014-12-10 23:57 - 00000197 _____ () C:\Windows\system32\2014-12-11-04-57-16.083-AvastVBoxSVC.exe-4456.log
2014-12-10 23:54 - 2014-12-11 00:00 - 00001766 _____ () C:\Windows\system32\.crusader
2014-12-10 23:50 - 2014-12-11 00:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-10 23:38 - 2014-12-10 23:38 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieUserList
2014-12-10 23:38 - 2014-12-10 23:38 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieSiteList
2014-12-10 23:38 - 2014-12-10 23:38 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieBrowserModeList
2014-12-10 23:18 - 2014-12-10 23:18 - 00000197 _____ () C:\Windows\system32\2014-12-11-04-18-19.045-AvastVBoxSVC.exe-5484.log
2014-12-10 21:47 - 2014-12-24 00:49 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\LavasoftStatistics
2014-12-10 21:47 - 2014-12-14 17:05 - 00004616 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2014-12-10 21:47 - 2014-12-14 17:05 - 00002448 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-10 21:47 - 2014-12-14 17:05 - 00002448 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2014-12-10 21:47 - 2014-11-27 10:44 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2014-12-10 21:47 - 2014-11-27 10:44 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2014-12-10 06:54 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 06:54 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 06:54 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 06:54 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 06:54 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 06:54 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 06:54 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 06:54 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 06:54 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 06:54 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 06:54 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 06:54 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 06:54 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 06:54 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 06:54 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 06:54 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 06:54 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 06:54 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 06:54 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 06:54 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 06:54 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 06:54 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 06:54 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 06:54 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 06:54 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 06:54 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 06:54 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 06:54 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 06:54 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 06:54 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 06:54 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 06:54 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 06:54 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 06:54 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 06:54 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 06:54 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 06:54 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 06:54 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 06:54 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 06:54 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 06:54 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 06:54 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 06:54 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 06:54 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 06:54 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 06:54 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 06:54 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 06:54 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 06:54 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 06:54 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 06:54 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 06:54 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 06:54 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 06:54 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 06:54 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 06:54 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 06:54 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 06:53 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 06:53 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 06:53 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 06:53 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 06:53 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 06:53 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 06:53 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 06:53 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 06:53 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 06:53 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 06:53 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 06:53 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 06:53 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 06:53 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 06:45 - 2014-12-10 06:46 - 00000197 _____ () C:\Windows\system32\2014-12-10-11-45-35.023-AvastVBoxSVC.exe-3356.log
2014-12-09 21:41 - 2014-12-09 21:41 - 00000197 _____ () C:\Windows\system32\2014-12-10-02-41-23.033-AvastVBoxSVC.exe-3468.log
2014-12-09 20:20 - 2014-12-09 20:20 - 00000197 _____ () C:\Windows\system32\2014-12-10-01-20-02.055-AvastVBoxSVC.exe-4660.log
2014-12-09 20:18 - 2014-12-11 22:14 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-09 18:28 - 2014-12-09 18:28 - 00000000 ____D () C:\Program Files (x86)\6cd887f2-b729-4c7f-ad31-97056ad39263
2014-12-09 06:34 - 2014-12-09 06:34 - 00000197 _____ () C:\Windows\system32\2014-12-09-11-34-01.059-AvastVBoxSVC.exe-2684.log
2014-12-08 07:52 - 2014-12-08 07:53 - 00000197 _____ () C:\Windows\system32\2014-12-08-12-52-27.037-AvastVBoxSVC.exe-2488.log
2014-12-07 08:12 - 2014-12-07 08:12 - 00000197 _____ () C:\Windows\system32\2014-12-07-13-12-43.032-AvastVBoxSVC.exe-2572.log
2014-12-07 08:03 - 2014-12-07 08:04 - 00000197 _____ () C:\Windows\system32\2014-12-07-13-03-56.057-AvastVBoxSVC.exe-2796.log
2014-12-06 15:23 - 2014-12-06 15:23 - 00000197 _____ () C:\Windows\system32\2014-12-06-20-23-53.070-AvastVBoxSVC.exe-2740.log
2014-12-06 15:18 - 2014-12-06 15:18 - 00000197 _____ () C:\Windows\system32\2014-12-06-20-18-05.032-AvastVBoxSVC.exe-2384.log
2014-12-06 09:07 - 2014-12-06 09:08 - 00000197 _____ () C:\Windows\system32\2014-12-06-14-07-27.050-AvastVBoxSVC.exe-2648.log
2014-12-05 07:05 - 2014-12-05 07:05 - 00000197 _____ () C:\Windows\system32\2014-12-05-12-05-13.020-AvastVBoxSVC.exe-2624.log
2014-12-04 07:07 - 2014-12-04 07:08 - 00000197 _____ () C:\Windows\system32\2014-12-04-12-07-42.079-AvastVBoxSVC.exe-2668.log
2014-12-03 07:31 - 2014-12-03 07:32 - 00000197 _____ () C:\Windows\system32\2014-12-03-12-31-30.012-AvastVBoxSVC.exe-2396.log
2014-12-02 20:44 - 2014-12-02 20:44 - 00000197 _____ () C:\Windows\system32\2014-12-03-01-44-13.076-AvastVBoxSVC.exe-2636.log
2014-12-02 20:21 - 2014-12-02 20:21 - 00000197 _____ () C:\Windows\system32\2014-12-03-01-21-06.047-AvastVBoxSVC.exe-2708.log
2014-12-02 20:13 - 2014-12-02 20:13 - 00000197 _____ () C:\Windows\system32\2014-12-03-01-13-18.044-AvastVBoxSVC.exe-2500.log
2014-12-02 09:52 - 2014-12-02 09:53 - 00000197 _____ () C:\Windows\system32\2014-12-02-14-52-57.038-AvastVBoxSVC.exe-2396.log
2014-12-02 07:04 - 2014-12-02 07:05 - 00000197 _____ () C:\Windows\system32\2014-12-02-12-04-54.063-AvastVBoxSVC.exe-2420.log
2014-12-01 06:31 - 2014-12-01 06:31 - 00000247 _____ () C:\Windows\system32\2014-12-01-11-31-13.072-aswFe.exe-4264.log
2014-12-01 06:29 - 2014-12-01 06:31 - 00000247 _____ () C:\Windows\system32\2014-12-01-11-29-35.025-aswFe.exe-5472.log
2014-12-01 06:29 - 2014-12-01 06:29 - 00000197 _____ () C:\Windows\system32\2014-12-01-11-29-32.095-AvastVBoxSVC.exe-1824.log
2014-11-30 11:23 - 2014-11-30 11:24 - 00000197 _____ () C:\Windows\system32\2014-11-30-16-23-52.072-AvastVBoxSVC.exe-2492.log
2014-11-29 09:34 - 2014-11-29 09:34 - 00000197 _____ () C:\Windows\system32\2014-11-29-14-34-36.050-AvastVBoxSVC.exe-2528.log
2014-11-28 10:03 - 2014-11-28 10:04 - 00000197 _____ () C:\Windows\system32\2014-11-28-15-03-55.066-AvastVBoxSVC.exe-2524.log
2014-11-27 16:11 - 2014-11-27 16:12 - 00000197 _____ () C:\Windows\system32\2014-11-27-21-11-23.087-AvastVBoxSVC.exe-2644.log
2014-11-27 09:04 - 2014-11-27 09:04 - 00000197 _____ () C:\Windows\system32\2014-11-27-14-04-34.030-AvastVBoxSVC.exe-2672.log
2014-11-26 08:27 - 2014-11-26 08:28 - 00000197 _____ () C:\Windows\system32\2014-11-26-13-27-40.033-AvastVBoxSVC.exe-2564.log
2014-11-25 07:01 - 2014-11-25 07:01 - 00000197 _____ () C:\Windows\system32\2014-11-25-12-01-18.090-AvastVBoxSVC.exe-2484.log
2014-11-24 06:51 - 2014-11-24 06:52 - 00000197 _____ () C:\Windows\system32\2014-11-24-11-51-21.094-AvastVBoxSVC.exe-2540.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-24 01:26 - 2013-09-29 03:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-24 01:24 - 2013-10-15 18:48 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-12-24 01:24 - 2013-09-29 03:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-24 01:23 - 2013-10-01 02:06 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-12-24 01:23 - 2009-07-14 00:13 - 00800244 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 01:23 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-24 01:23 - 2009-07-13 23:45 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-24 01:23 - 2009-07-13 23:45 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-24 00:57 - 2013-09-29 01:56 - 00000000 ____D () C:\Users\Admin
2014-12-24 00:43 - 2013-09-29 03:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-20 14:54 - 2013-09-30 02:00 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0E65A735-DF72-4F91-86C2-10DF5A3EA764}
2014-12-20 14:48 - 2013-09-29 10:22 - 00000000 ____D () C:\Users\Alex
2014-12-20 11:04 - 2013-09-29 10:22 - 00000000 ____D () C:\Users\Sophia
2014-12-18 20:05 - 2014-07-22 20:32 - 00000000 ____D () C:\Users\Mom\AppData\Local\HP
2014-12-18 08:55 - 2013-10-03 07:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-15 22:47 - 2009-07-14 00:08 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-15 22:37 - 2013-12-24 11:02 - 00000793 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-15 22:37 - 2013-12-24 11:02 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-15 22:01 - 2014-11-13 20:42 - 00002191 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2014-12-15 22:01 - 2014-09-25 06:50 - 00000000 ____D () C:\Windows\Minidump
2014-12-14 16:39 - 2013-09-29 10:22 - 00000000 ____D () C:\Users\Ellie
2014-12-13 22:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 13:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-11 23:11 - 2013-09-29 03:17 - 00002252 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 22:30 - 2014-08-28 11:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-12-11 22:30 - 2014-02-10 22:37 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-11 15:45 - 2009-07-13 21:34 - 00000530 _____ () C:\Windows\win.ini
2014-12-11 13:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 00:47 - 2013-09-29 02:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 00:43 - 2013-09-29 02:43 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 00:38 - 2013-10-07 08:20 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-12-11 00:37 - 2013-10-07 08:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 00:00 - 2013-09-30 01:09 - 00000000 ____D () C:\Users\Mom
2014-12-10 23:58 - 2013-09-30 00:43 - 00000000 ____D () C:\Users\Gracie
2014-12-10 21:44 - 2013-09-29 10:21 - 00088704 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 18:28 - 2013-10-07 08:22 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-09 13:45 - 2014-09-09 10:21 - 00001138 _____ () C:\Users\Sophia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GP5.lnk
2014-12-09 13:45 - 2014-09-09 10:21 - 00001138 _____ () C:\Users\Sophia\AppData\Roaming\Microsoft\Windows\Start Menu\GP5.lnk
2014-12-02 19:53 - 2013-09-30 10:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\Windows Live
2014-12-02 10:12 - 2013-10-09 22:16 - 00088704 _____ () C:\Users\Gracie\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-02 09:55 - 2014-03-12 19:36 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A787374D-43B6-42B3-9B97-FB4B6707D848}
2014-11-25 15:11 - 2013-10-02 01:15 - 00088704 _____ () C:\Users\Ellie\AppData\Local\GDIPFONTCACHEV1.DAT
 
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
C:\Users\Sophia\AppData\Local\Temp\setup-gp5-updater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-15 08:22
 
==================== End Of Log ============================
 
Here is addition
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2014
Ran by Admin at 2014-12-24 01:27:18
Running from F:\Users\Mom\Downloads\FARBAR
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Barbie Horse Adventures - Riding Camp (HKLM-x32\...\{F6E2F819-4E70-4DA0-BE98-5F773FB3B9A5}) (Version: 1.00.0000 - Activision)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GP5 Web Conferencing (HKLM-x32\...\omniview) (Version:  - )
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{DAE3B13B-5097-4EAE-BC26-C463377BD80E}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Typing Instructor 30th Anniversary Edition (HKLM-x32\...\Typing Instructor 30th Anniversary Edition) (Version:  - )
WD Quick View (HKLM-x32\...\{2A3862B1-F0C6-49F3-AB9A-C53D7C4EEBEA}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{5A6ABA38-E8D6-4B52-B0BF-44081833E1D2}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{e502616c-37a2-498e-a9ee-cd1234ccc820}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
31-10-2014 12:31:00 Scheduled Checkpoint
08-11-2014 14:29:00 Scheduled Checkpoint
13-11-2014 04:08:52 Windows Update
14-11-2014 01:39:38 avast! antivirus system restore point
14-11-2014 01:42:50 Device Driver Package Install: Avast Network Service
20-11-2014 08:00:12 Windows Update
22-11-2014 19:54:37 WD SmartWare Installer
22-11-2014 19:55:44 WD SmartWare Installer
30-11-2014 17:26:17 Scheduled Checkpoint
08-12-2014 14:03:12 Scheduled Checkpoint
11-12-2014 02:44:07 AA11
11-12-2014 02:46:50 LavasoftWeCompanion
11-12-2014 04:53:23 Checkpoint by HitmanPro
11-12-2014 04:54:11 Checkpoint by HitmanPro
11-12-2014 04:59:51 Checkpoint by HitmanPro
11-12-2014 05:02:21 Checkpoint by HitmanPro
11-12-2014 05:03:57 Checkpoint by HitmanPro
11-12-2014 05:41:56 Checkpoint by HitmanPro
11-12-2014 05:42:22 Windows Update
16-12-2014 03:42:36 Checkpoint by HitmanPro
19-12-2014 03:52:05 Windows Update
22-12-2014 03:43:54 AA11
24-12-2014 05:48:38 AA11
24-12-2014 06:22:50 LavasoftWeCompanion
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0EEB4A7F-6093-415C-9801-44194DB4C28E} - \fd1fd2c7-fe9d-4d6b-b56f-02c2238af02a No Task File <==== ATTENTION
Task: {10117394-58A0-473C-8B14-03DA634D20E4} - \becb841e-11b5-495b-a5ae-84eb73774b80-5_user No Task File <==== ATTENTION
Task: {2A36A0FA-7823-49C1-85A3-5E66C912B082} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {2C8A158D-00B0-4666-9897-A6C21EFC0297} - \becb841e-11b5-495b-a5ae-84eb73774b80-10_user No Task File <==== ATTENTION
Task: {5AE5671A-4385-400F-9649-7D5B434B25B1} - \becb841e-11b5-495b-a5ae-84eb73774b80-7 No Task File <==== ATTENTION
Task: {600C72D9-6A57-4F5F-ABFA-61E6CF10EC37} - \becb841e-11b5-495b-a5ae-84eb73774b80-6 No Task File <==== ATTENTION
Task: {78035B29-F66D-47FA-A24C-8826970233F8} - \becb841e-11b5-495b-a5ae-84eb73774b80-11 No Task File <==== ATTENTION
Task: {848B1A9F-3341-472C-A67D-13F5E1A66F46} - \a1f7bef6-7d31-40a9-8584-4eca24769f84 No Task File <==== ATTENTION
Task: {8AC5DE77-69A9-4BE5-8311-7E15A16255EF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-13] (AVAST Software)
Task: {B50F4590-6FFC-4412-B9C4-EE765421A392} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B911DDC2-192C-4F8B-8028-42EC0F8909C3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C4F3C520-18C0-457F-A916-838798C1ABFD} - System32\Tasks\avastBCLRestartS-1-5-21-1970038904-3716629727-1996332306-1000 => Chrome.exe 
Task: {DB25D26B-ED9C-4B50-96E6-9BC2B86706E6} - \becb841e-11b5-495b-a5ae-84eb73774b80-4 No Task File <==== ATTENTION
Task: {DBF00007-AA1E-4B7C-A2D1-0C0A994F592D} - \becb841e-11b5-495b-a5ae-84eb73774b80-3 No Task File <==== ATTENTION
Task: {E170285B-6D56-45CA-96EC-F9B2D2F1EE8E} - \becb841e-11b5-495b-a5ae-84eb73774b80-2 No Task File <==== ATTENTION
Task: {E1D5461C-4CF7-42F3-94B4-BC0E8D766164} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {F47E5667-3C27-4361-A48C-E2FC4456BF8F} - \becb841e-11b5-495b-a5ae-84eb73774b80-5 No Task File <==== ATTENTION
Task: {F8AF73CF-FD59-417C-AA24-A441345AD7F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {FC23A73C-ADB8-438D-B015-C599D7854AB9} - \becb841e-11b5-495b-a5ae-84eb73774b80-1 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-11-13 20:42 - 2014-11-13 20:42 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-13 20:42 - 2014-11-13 20:42 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-23 16:53 - 2014-12-23 16:53 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122301\algo.dll
2014-11-13 20:42 - 2014-11-13 20:42 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-13 20:42 - 2014-11-13 20:42 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
 
========================= Accounts: ==========================
 
Admin (S-1-5-21-1970038904-3716629727-1996332306-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1970038904-3716629727-1996332306-500 - Administrator - Disabled)
Alex (S-1-5-21-1970038904-3716629727-1996332306-1005 - Limited - Enabled) => C:\Users\Alex
Ellie (S-1-5-21-1970038904-3716629727-1996332306-1006 - Limited - Enabled) => C:\Users\Ellie
Gracie (S-1-5-21-1970038904-3716629727-1996332306-1012 - Limited - Enabled) => C:\Users\Gracie
Guest (S-1-5-21-1970038904-3716629727-1996332306-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1970038904-3716629727-1996332306-1059 - Limited - Enabled)
Mom (S-1-5-21-1970038904-3716629727-1996332306-1014 - Limited - Enabled) => C:\Users\Mom
Sophia (S-1-5-21-1970038904-3716629727-1996332306-1009 - Limited - Enabled) => C:\Users\Sophia
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/24/2014 01:22:51 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1970038904-3716629727-1996332306-1007.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {78ea8a02-9b5c-45d7-9a03-f068b818ef72}
 
Error: (12/24/2014 00:48:38 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1970038904-3716629727-1996332306-1007.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {1b3c24ab-5dbc-4152-88ff-6e28762d3817}
 
Error: (12/21/2014 11:17:36 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1970038904-3716629727-1996332306-1014}/">.
 
Error: (12/21/2014 11:17:01 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1970038904-3716629727-1996332306-1014}/">.
 
Error: (12/21/2014 10:43:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1970038904-3716629727-1996332306-1007.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {71b59390-c868-4ce3-b7ad-3125b607309a}
 
Error: (12/20/2014 02:45:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: HPWia2_OJ8610.dll, version: 32.0.159.0, time stamp: 0x51ae342f
Exception code: 0x40000015
Fault offset: 0x0000000000032895
Faulting process id: 0x908
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
 
Error: (12/20/2014 09:33:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: HPWia2_OJ8610.dll, version: 32.0.159.0, time stamp: 0x51ae342f
Exception code: 0x40000015
Fault offset: 0x0000000000032895
Faulting process id: 0x8cc
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
 
Error: (12/19/2014 11:49:12 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1970038904-3716629727-1996332306-1014}/">.
 
Error: (12/19/2014 11:48:43 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1970038904-3716629727-1996332306-1014}/">.
 
Error: (12/18/2014 10:52:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1970038904-3716629727-1996332306-1007.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {11cfaf24-1e7d-437f-a027-934257e5455e}
 
 
System errors:
=============
Error: (12/24/2014 01:18:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WMI Performance Adapter service terminated with the following error: 
%%-2147467259
 
Error: (12/24/2014 00:57:24 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: MainPC)
Description: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.
 
Error: (12/24/2014 00:43:37 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (12/21/2014 11:30:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/21/2014 09:59:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (12/20/2014 02:48:48 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: MainPC)
Description: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.
 
Error: (12/20/2014 02:47:41 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: MainPC)
Description: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.
 
Error: (12/20/2014 02:45:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/20/2014 11:04:16 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: MainPC)
Description: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.
 
Error: (12/20/2014 11:02:55 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 12291) (User: NT AUTHORITY)
Description: SAM failed to start the TCP/IP or SPX/IPX listening thread
 
 
Microsoft Office Sessions:
=========================
Error: (12/24/2014 01:22:51 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1970038904-3716629727-1996332306-1007.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {78ea8a02-9b5c-45d7-9a03-f068b818ef72}
 
Error: (12/24/2014 00:48:38 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1970038904-3716629727-1996332306-1007.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {1b3c24ab-5dbc-4152-88ff-6e28762d3817}
 
Error: (12/21/2014 11:17:36 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-1970038904-3716629727-1996332306-1014}/
 
Error: (12/21/2014 11:17:01 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-1970038904-3716629727-1996332306-1014}/
 
Error: (12/21/2014 10:43:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1970038904-3716629727-1996332306-1007.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {71b59390-c868-4ce3-b7ad-3125b607309a}
 
Error: (12/20/2014 02:45:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1HPWia2_OJ8610.dll32.0.159.051ae342f40000015000000000003289590801d01c8d8e4596bbC:\Windows\system32\svchost.exeC:\Windows\system32\HPWia2_OJ8610.dllce0c9d73-8880-11e4-9576-bc5ff4ba528e
 
Error: (12/20/2014 09:33:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1HPWia2_OJ8610.dll32.0.159.051ae342f4000001500000000000328958cc01d01c61e554689eC:\Windows\system32\svchost.exeC:\Windows\system32\HPWia2_OJ8610.dll255b56b4-8855-11e4-96c2-bc5ff4ba528e
 
Error: (12/19/2014 11:49:12 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-1970038904-3716629727-1996332306-1014}/
 
Error: (12/19/2014 11:48:43 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-1970038904-3716629727-1996332306-1014}/
 
Error: (12/18/2014 10:52:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1970038904-3716629727-1996332306-1007.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {11cfaf24-1e7d-437f-a027-934257e5455e}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 47%
Total physical RAM: 3750.63 MB
Available physical RAM: 1964.27 MB
Total Pagefile: 7499.45 MB
Available Pagefile: 5815.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (System Disk) (Fixed) (Total:111.69 GB) (Free:23.52 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:931.51 GB) (Free:830.26 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 8CD53C54)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A7BBDE29)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Here is DDS
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 
Run by Admin at 1:29:59 on 2014-12-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3751.1858 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: {72351B45-9636-4F99-820B-7C552D27897D}} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRunOnce: [Adobe Speed Launcher] 1419402545
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.200.1 192.168.1.1
TCP: Interfaces\{7A44EE0D-4899-4A9F-81B4-08E7EA355274} : DHCPNameServer = 192.168.200.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: {72351B45-9636-4F99-820B-7C552D27897D}} - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-11-13 449936]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-9-29 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-9-29 267632]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-9-29 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-9-29 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-9-29 436624]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-23 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-9-29 83280]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-13 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-11-13 104416]
R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-9-30 57840]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-13 271752]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-11-14 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-6-2 296312]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-13 4012248]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-5-18 442368]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-10-1 366216]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-10-1 786056]
R3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-23 116728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-18 46568]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2013-9-29 118504]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-30 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-29 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .ini: inifile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .inf: inffile="C:\Windows\System32\NOTEPAD.EXE" %1
.
=============== Created Last 30 ================
.
2014-12-24 06:22:49 -------- d-----w- C:\searchplugins
2014-12-18 14:57:27 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-18 14:57:27 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-16 03:44:12 -------- d-----w- C:\AdwCleaner
2014-12-16 03:40:14 -------- d-----w- C:\Program Files\HitmanPro
2014-12-13 02:19:13 -------- d-----w- C:\FRST
2014-12-12 03:30:21 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-12 03:30:21 -------- d-----w- C:\Program Files\iTunes
2014-12-12 03:30:21 -------- d-----w- C:\Program Files\iPod
2014-12-12 03:30:21 -------- d-----w- C:\Program Files (x86)\iTunes
2014-12-12 03:02:46 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-12 03:02:39 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-12-12 03:02:39 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-12-12 03:02:39 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-12-12 03:02:39 -------- d-----w- C:\ProgramData\Malwarebytes
2014-12-12 03:02:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-11 05:42:49 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-11 05:42:48 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-11 05:42:03 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2014-12-11 04:50:20 -------- d-----w- C:\ProgramData\HitmanPro
2014-12-11 02:47:34 -------- d-----w- C:\Users\Admin\AppData\Roaming\LavasoftStatistics
2014-12-11 02:47:26 358736 ----a-w- C:\Windows\System32\LavasoftTcpService64.dll
2014-12-11 02:47:25 312424 ----a-w- C:\Windows\SysWow64\LavasoftTcpService.dll
2014-12-10 11:53:24 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-12-09 23:28:24 -------- d-----w- C:\Program Files (x86)\6cd887f2-b729-4c7f-ad31-97056ad39263
2014-11-25 18:59:38 18638520 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
==================== Find3M  ====================
.
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:01:54 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-19 09:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-14 01:42:27 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-14 01:42:27 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-14 01:42:27 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-14 01:42:27 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-14 01:42:27 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-14 01:42:27 116728 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-11-14 01:42:26 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-14 01:42:23 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-11-14 01:42:20 449936 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:23 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
2014-10-03 02:12:22 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 02:11:49 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
2013-10-13 14:25:52 50053120 ----a-w- C:\Program Files (x86)\GUT31E3.tmp
.
============= FINISH:  1:30:07.65 ===============
 
Attach is zipped per the program instructions and attached.
 
 
 
Thanks.....dlaudens
 

Attached Files



#10 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 27 December 2014 - 02:49 PM

Hi Dlaudens :)
 
We need to run a fix with FRST64: but first please download the updated 64-bit version here:

  • Please copy and paste the following text into Notepad and save it to the same location as FRST64:
  • GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1012\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1009\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1006\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1005\User: Group Policy restriction detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Note: It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
     
  • Run FRST64.exe and press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log, Fixlog.txt, in the same location as the tool was run. Please copy and paste it into your next reply to me.

Let me know if you have any questions.
 
polskamachina



#11 dlaudens

dlaudens
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 27 December 2014 - 10:12 PM

fixlog.txt attached

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-12-2014
Ran by Mom at 2014-12-27 22:10:07 Run:1
Running from F:\Users\Mom\Downloads\FARBAR
Loaded Profiles: Admin & Mom (Available profiles: Admin & Alex & Ellie & Sophia & Gracie & Mom)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1012\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1009\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1006\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1005\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************
 
 
"C:\Windows\system32\GroupPolicy\Machine" directory move:
 
Could not move "C:\Windows\system32\GroupPolicy\Machine\Registry.pol" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\GroupPolicy\Machine" directory. => Scheduled to move on reboot.
 
Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1012\User" => File/Directory not found.
Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1009\User" => File/Directory not found.
Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1006\User" => File/Directory not found.
Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1005\User" => File/Directory not found.
Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
HKLM\SOFTWARE\Policies\Google => Key could not be deleted. Access denied.


#12 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 30 December 2014 - 01:12 AM

Hi Dlaudens :)

 

I'm still reviewing your logs and preparing my next reply.

 

Thank you for your patience.

 

polskamachina



#13 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 31 December 2014 - 12:17 PM

Hi Dlaudens :)
 
We need to run a fix with FRST64.

Please copy and paste the following text into Notepad and save it with the filename, fixlist.txt into the same location as FRST64.exe The fix will not work unless they are in the same location.
 

Task: {0EEB4A7F-6093-415C-9801-44194DB4C28E} - \fd1fd2c7-fe9d-4d6b-b56f-02c2238af02a No Task File <==== ATTENTION
Task: {10117394-58A0-473C-8B14-03DA634D20E4} - \becb841e-11b5-495b-a5ae-84eb73774b80-5_user No Task File <==== ATTENTION
Task: {2C8A158D-00B0-4666-9897-A6C21EFC0297} - \becb841e-11b5-495b-a5ae-84eb73774b80-10_user No Task File <==== ATTENTION
Task: {5AE5671A-4385-400F-9649-7D5B434B25B1} - \becb841e-11b5-495b-a5ae-84eb73774b80-7 No Task File <==== ATTENTION
Task: {600C72D9-6A57-4F5F-ABFA-61E6CF10EC37} - \becb841e-11b5-495b-a5ae-84eb73774b80-6 No Task File <==== ATTENTION
Task: {78035B29-F66D-47FA-A24C-8826970233F8} - \becb841e-11b5-495b-a5ae-84eb73774b80-11 No Task File <==== ATTENTION
Task: {848B1A9F-3341-472C-A67D-13F5E1A66F46} - \a1f7bef6-7d31-40a9-8584-4eca24769f84 No Task File <==== ATTENTION
Task: {DB25D26B-ED9C-4B50-96E6-9BC2B86706E6} - \becb841e-11b5-495b-a5ae-84eb73774b80-4 No Task File <==== ATTENTION
Task: {DBF00007-AA1E-4B7C-A2D1-0C0A994F592D} - \becb841e-11b5-495b-a5ae-84eb73774b80-3 No Task File <==== ATTENTION
Task: {E170285B-6D56-45CA-96EC-F9B2D2F1EE8E} - \becb841e-11b5-495b-a5ae-84eb73774b80-2 No Task File <==== ATTENTION
Task: {F47E5667-3C27-4361-A48C-E2FC4456BF8F} - \becb841e-11b5-495b-a5ae-84eb73774b80-5 No Task File <==== ATTENTION
Task: {FC23A73C-ADB8-438D-B015-C599D7854AB9} - \becb841e-11b5-495b-a5ae-84eb73774b80-1 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\KOFU.job => ?
Task: C:\Windows\Tasks\Tempo Runner coz32host.job => ?
Task: C:\Windows\Tasks\Tempo Runner coz64host.job => ?
Task: C:\Windows\Tasks\WCFIQ.job => ?
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
  • Right-click FRST64.exe then click Run as administrator
  • When the tool opens, click Yes to disclaimer.
  • Click the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST64 will generate a log, Fixlog.txt in the same location from which it was run. Please copy and paste it into your next reply to me.

Finally:

  • Run FRST64 again (Right-click FRST64.exe then click Run as administrator etc.)
  • Check the box for Addition.txt
  • Click on the Scan button.
  • When the scan has completed, FRST.txt will be created.
  • Please copy and paste that log into your next reply to me as well.

 Let me know if you have any questions.
 
polskamachina



#14 dlaudens

dlaudens
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 31 December 2014 - 03:38 PM

polskamachina:

 

Here is the FIXLOG.TXT and FRST.TXT files (run as administrator).

 

Let me know what's next....

 

Happy New Year! and thanks!

 

FIXLOG

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-12-2014
Ran by Admin at 2014-12-31 15:30:56 Run:2
Running from F:\Users\Mom\Downloads\FARBAR
Loaded Profiles: Admin & Mom (Available profiles: Admin & Alex & Ellie & Sophia & Gracie & Mom)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Task: {0EEB4A7F-6093-415C-9801-44194DB4C28E} - \fd1fd2c7-fe9d-4d6b-b56f-02c2238af02a No Task File <==== ATTENTION Task: {10117394-58A0-473C-8B14-03DA634D20E4} - \becb841e-11b5-495b-a5ae-84eb73774b80-5_user No Task File <==== ATTENTION Task: {2C8A158D-00B0-4666-9897-A6C21EFC0297} - \becb841e-11b5-495b-a5ae-84eb73774b80-10_user No Task File <==== ATTENTION Task: {5AE5671A-4385-400F-9649-7D5B434B25B1} - \becb841e-11b5-495b-a5ae-84eb73774b80-7 No Task File <==== ATTENTION Task: {600C72D9-6A57-4F5F-ABFA-61E6CF10EC37} - \becb841e-11b5-495b-a5ae-84eb73774b80-6 No Task File <==== ATTENTION Task: {78035B29-F66D-47FA-A24C-8826970233F8} - \becb841e-11b5-495b-a5ae-84eb73774b80-11 No Task File <==== ATTENTION Task: {848B1A9F-3341-472C-A67D-13F5E1A66F46} - \a1f7bef6-7d31-40a9-8584-4eca24769f84 No Task File <==== ATTENTION Task: {DB25D26B-ED9C-4B50-96E6-9BC2B86706E6} - \becb841e-11b5-495b-a5ae-84eb73774b80-4 No Task File <==== ATTENTION Task: {DBF00007-AA1E-4B7C-A2D1-0C0A994F592D} - \becb841e-11b5-495b-a5ae-84eb73774b80-3 No Task File <==== ATTENTION Task: {E170285B-6D56-45CA-96EC-F9B2D2F1EE8E} - \becb841e-11b5-495b-a5ae-84eb73774b80-2 No Task File <==== ATTENTION Task: {F47E5667-3C27-4361-A48C-E2FC4456BF8F} - \becb841e-11b5-495b-a5ae-84eb73774b80-5 No Task File <==== ATTENTION Task: {FC23A73C-ADB8-438D-B015-C599D7854AB9} - \becb841e-11b5-495b-a5ae-84eb73774b80-1 No Task File <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ? Task: C:\Windows\Tasks\KOFU.job => ? Task: C:\Windows\Tasks\Tempo Runner coz32host.job => ? Task: C:\Windows\Tasks\Tempo Runner coz64host.job => ? Task: C:\Windows\Tasks\WCFIQ.job => ? FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
*****************
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\disabled No File FF Plugin-x32: @microsoft.com/GENUINE => Key not found. 
HKCR\CLSID\disabled No File FF Plugin-x32: @microsoft.com/GENUINE => Key not found. 
 
==== End of Fixlog 15:31:00 ====
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by Admin (administrator) on MAINPC on 31-12-2014 15:31:55
Running from F:\Users\Mom\Downloads\FARBAR
Loaded Profiles: Admin & Mom (Available profiles: Admin & Alex & Ellie & Sophia & Gracie & Mom)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1970038904-3716629727-1996332306-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1970038904-3716629727-1996332306-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1970038904-3716629727-1996332306-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1970038904-3716629727-1996332306-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1970038904-3716629727-1996332306-1000\...\MountPoints2: {cbcc722f-e9ae-11e3-8f71-bc5ff4ba528e} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\MountPoints2: {82bfbcfd-9423-11e3-836a-bc5ff4ba528e} - E:\iStudio.exe
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\MountPoints2: {cbcc722f-e9ae-11e3-8f71-bc5ff4ba528e} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\...\MountPoints2: {ebb12adc-cc9d-11e3-b56a-bc5ff4ba528e} - E:\MI.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-01] (Microsoft Corporation)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Ellie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Sophia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1012\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1009\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1006\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1970038904-3716629727-1996332306-1005\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1970038904-3716629727-1996332306-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1970038904-3716629727-1996332306-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1970038904-3716629727-1996332306-1014\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1970038904-3716629727-1996332306-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1970038904-3716629727-1996332306-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1970038904-3716629727-1996332306-1014 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-29]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-01]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-13] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-13] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-13] (Avast Software)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-11-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-13] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-13] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-13] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-18] (Qualcomm Atheros Co., Ltd.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-13] (Avast Software)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-31 15:12 - 2014-12-31 15:12 - 00000197 _____ () C:\Windows\system32\2014-12-31-20-12-32.060-AvastVBoxSVC.exe-2944.log
2014-12-30 20:19 - 2014-12-30 20:19 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-30 20:19 - 2014-12-30 20:19 - 00000197 _____ () C:\Windows\system32\2014-12-31-01-19-17.041-AvastVBoxSVC.exe-2368.log
2014-12-28 21:29 - 2014-12-28 21:29 - 00000197 _____ () C:\Windows\system32\2014-12-29-02-29-31.072-AvastVBoxSVC.exe-2560.log
2014-12-27 22:12 - 2014-12-27 22:12 - 00000197 _____ () C:\Windows\system32\2014-12-28-03-12-36.014-AvastVBoxSVC.exe-2656.log
2014-12-27 22:01 - 2014-12-27 22:01 - 00000197 _____ () C:\Windows\system32\2014-12-28-03-01-10.052-AvastVBoxSVC.exe-2392.log
2014-12-26 10:53 - 2014-12-26 10:53 - 00000197 _____ () C:\Windows\system32\2014-12-26-15-53-23.035-AvastVBoxSVC.exe-2808.log
2014-12-25 13:02 - 2014-12-25 13:02 - 00000247 _____ () C:\Windows\system32\2014-12-25-18-02-30.051-aswFe.exe-3796.log
2014-12-25 13:00 - 2014-12-25 13:02 - 00000247 _____ () C:\Windows\system32\2014-12-25-18-00-55.064-aswFe.exe-5024.log
2014-12-25 13:00 - 2014-12-25 13:00 - 00000197 _____ () C:\Windows\system32\2014-12-25-18-00-53.026-AvastVBoxSVC.exe-3612.log
2014-12-24 01:25 - 2014-12-24 01:25 - 00000197 _____ () C:\Windows\system32\2014-12-24-06-25-57.029-AvastVBoxSVC.exe-2720.log
2014-12-24 01:22 - 2014-12-24 01:22 - 00000159 _____ () C:\prefs.js
2014-12-24 01:22 - 2014-12-24 01:22 - 00000000 ____D () C:\searchplugins
2014-12-24 01:21 - 2014-12-24 01:21 - 00000000 ____D () C:\Users\Mom\AppData\Local\Lavasoft
2014-12-24 01:20 - 2014-12-24 01:20 - 00000197 _____ () C:\Windows\system32\2014-12-24-06-20-30.002-AvastVBoxSVC.exe-3420.log
2014-12-24 01:05 - 2014-12-24 01:05 - 00000197 _____ () C:\Windows\system32\2014-12-24-06-05-04.044-AvastVBoxSVC.exe-3504.log
2014-12-24 00:51 - 2014-12-24 00:52 - 00000197 _____ () C:\Windows\system32\2014-12-24-05-51-59.072-AvastVBoxSVC.exe-3368.log
2014-12-24 00:49 - 2014-12-24 00:49 - 00000197 _____ () C:\Windows\system32\2014-12-24-05-49-07.009-AvastVBoxSVC.exe-3840.log
2014-12-23 16:53 - 2014-12-23 16:54 - 00000197 _____ () C:\Windows\system32\2014-12-23-21-53-22.045-AvastVBoxSVC.exe-3932.log
2014-12-21 23:22 - 2014-12-21 23:22 - 00000197 _____ () C:\Windows\system32\2014-12-22-04-22-02.010-AvastVBoxSVC.exe-3992.log
2014-12-21 10:37 - 2014-12-21 10:38 - 00000197 _____ () C:\Windows\system32\2014-12-21-15-37-31.071-AvastVBoxSVC.exe-3888.log
2014-12-20 14:47 - 2014-12-20 14:47 - 00000197 _____ () C:\Windows\system32\2014-12-20-19-47-54.001-AvastVBoxSVC.exe-3828.log
2014-12-20 11:06 - 2014-12-20 11:06 - 00000197 _____ () C:\Windows\system32\2014-12-20-16-06-14.067-AvastVBoxSVC.exe-3872.log
2014-12-20 09:34 - 2014-12-20 09:34 - 00000197 _____ () C:\Windows\system32\2014-12-20-14-34-08.013-AvastVBoxSVC.exe-3952.log
2014-12-19 07:55 - 2014-12-19 07:55 - 00000197 _____ () C:\Windows\system32\2014-12-19-12-55-02.028-AvastVBoxSVC.exe-3872.log
2014-12-18 09:57 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 09:57 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-18 09:16 - 2014-12-18 09:16 - 00000197 _____ () C:\Windows\system32\2014-12-18-14-16-23.032-AvastVBoxSVC.exe-3888.log
2014-12-18 07:53 - 2014-12-18 07:53 - 00000247 _____ () C:\Windows\system32\2014-12-18-12-53-06.012-aswFe.exe-6572.log
2014-12-18 07:51 - 2014-12-18 07:53 - 00000247 _____ () C:\Windows\system32\2014-12-18-12-51-30.006-aswFe.exe-6696.log
2014-12-18 07:51 - 2014-12-18 07:51 - 00000197 _____ () C:\Windows\system32\2014-12-18-12-51-27.098-AvastVBoxSVC.exe-6820.log
2014-12-17 09:20 - 2014-12-17 09:21 - 00000197 _____ () C:\Windows\system32\2014-12-17-14-20-16.041-AvastVBoxSVC.exe-4000.log
2014-12-17 07:02 - 2014-12-17 07:02 - 00000197 _____ () C:\Windows\system32\2014-12-17-12-02-00.073-AvastVBoxSVC.exe-3964.log
2014-12-16 07:26 - 2014-12-16 07:27 - 00000197 _____ () C:\Windows\system32\2014-12-16-12-26-45.017-AvastVBoxSVC.exe-3904.log
2014-12-15 23:00 - 2014-12-15 23:00 - 00000197 _____ () C:\Windows\system32\2014-12-16-04-00-03.020-AvastVBoxSVC.exe-3864.log
2014-12-15 22:57 - 2014-12-31 15:10 - 00006216 _____ () C:\Windows\setupact.log
2014-12-15 22:57 - 2014-12-15 22:57 - 00000318 _____ () C:\Windows\PFRO.log
2014-12-15 22:57 - 2014-12-15 22:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-15 22:50 - 2014-12-15 22:50 - 00000197 _____ () C:\Windows\system32\2014-12-16-03-50-02.033-AvastVBoxSVC.exe-4036.log
2014-12-15 22:44 - 2014-12-15 22:57 - 00000000 ____D () C:\AdwCleaner
2014-12-15 22:40 - 2014-12-15 22:40 - 00000000 ____D () C:\Program Files\HitmanPro
2014-12-15 22:26 - 2014-12-15 22:26 - 00003274 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1970038904-3716629727-1996332306-1000
2014-12-15 22:19 - 2014-12-15 22:19 - 00000197 _____ () C:\Windows\system32\2014-12-16-03-19-55.007-AvastVBoxSVC.exe-3952.log
2014-12-15 22:05 - 2014-12-31 15:13 - 00346524 _____ () C:\Windows\WindowsUpdate.log
2014-12-15 22:05 - 2014-12-15 22:05 - 00000197 _____ () C:\Windows\system32\2014-12-16-03-05-06.038-AvastVBoxSVC.exe-3820.log
2014-12-15 21:40 - 2014-12-15 21:40 - 00000197 _____ () C:\Windows\system32\2014-12-16-02-40-21.032-AvastVBoxSVC.exe-4040.log
2014-12-15 07:52 - 2014-12-15 07:53 - 00000197 _____ () C:\Windows\system32\2014-12-15-12-52-51.056-AvastVBoxSVC.exe-3768.log
2014-12-14 17:07 - 2014-12-14 17:07 - 00000197 _____ () C:\Windows\system32\2014-12-14-22-07-13.037-AvastVBoxSVC.exe-3904.log
2014-12-13 21:52 - 2014-12-13 21:52 - 00000197 _____ () C:\Windows\system32\2014-12-14-02-52-02.056-AvastVBoxSVC.exe-3844.log
2014-12-13 13:12 - 2014-12-13 13:12 - 00000197 _____ () C:\Windows\system32\2014-12-13-18-12-42.072-AvastVBoxSVC.exe-3956.log
2014-12-13 11:53 - 2014-12-13 11:53 - 00000197 _____ () C:\Windows\system32\2014-12-13-16-53-54.045-AvastVBoxSVC.exe-3784.log
2014-12-13 10:54 - 2014-12-13 10:54 - 00000197 _____ () C:\Windows\system32\2014-12-13-15-54-34.023-AvastVBoxSVC.exe-3876.log
2014-12-13 10:31 - 2014-12-13 10:31 - 00000197 _____ () C:\Windows\system32\2014-12-13-15-31-27.024-AvastVBoxSVC.exe-3956.log
2014-12-13 10:20 - 2014-12-13 10:20 - 00000197 _____ () C:\Windows\system32\2014-12-13-15-20-21.003-AvastVBoxSVC.exe-3976.log
2014-12-13 10:15 - 2014-12-13 10:15 - 00000197 _____ () C:\Windows\system32\2014-12-13-15-15-49.056-AvastVBoxSVC.exe-3680.log
2014-12-13 09:38 - 2014-12-13 09:39 - 00000197 _____ () C:\Windows\system32\2014-12-13-14-38-47.056-AvastVBoxSVC.exe-3852.log
2014-12-12 21:30 - 2014-12-12 21:30 - 00000197 _____ () C:\Windows\system32\2014-12-13-02-30-16.044-AvastVBoxSVC.exe-4016.log
2014-12-12 21:25 - 2014-12-12 21:25 - 00000197 _____ () C:\Windows\system32\2014-12-13-02-25-35.049-AvastVBoxSVC.exe-3740.log
2014-12-12 21:19 - 2014-12-31 15:31 - 00000000 ____D () C:\FRST
2014-12-12 19:41 - 2014-12-12 19:41 - 00000197 _____ () C:\Windows\system32\2014-12-13-00-41-57.032-AvastVBoxSVC.exe-4060.log
2014-12-11 23:00 - 2014-12-11 23:00 - 00000197 _____ () C:\Windows\system32\2014-12-12-04-00-36.016-AvastVBoxSVC.exe-4092.log
2014-12-11 22:43 - 2014-12-11 22:43 - 00000197 _____ () C:\Windows\system32\2014-12-12-03-43-51.083-AvastVBoxSVC.exe-4068.log
2014-12-11 22:30 - 2014-12-11 22:30 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-11 22:30 - 2014-12-11 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-11 22:30 - 2014-12-11 22:30 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-11 22:30 - 2014-12-11 22:30 - 00000000 ____D () C:\Program Files\iTunes
2014-12-11 22:30 - 2014-12-11 22:30 - 00000000 ____D () C:\Program Files\iPod
2014-12-11 22:30 - 2014-12-11 22:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-11 22:16 - 2014-12-11 22:16 - 00000197 _____ () C:\Windows\system32\2014-12-12-03-16-43.001-AvastVBoxSVC.exe-3928.log
2014-12-11 22:02 - 2014-12-15 21:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-11 22:02 - 2014-12-11 22:02 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-11 22:02 - 2014-12-11 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-11 22:02 - 2014-12-11 22:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-11 22:02 - 2014-12-11 22:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-11 22:02 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-11 22:02 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-11 22:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-11 15:44 - 2014-12-11 15:44 - 00000197 _____ () C:\Windows\system32\2014-12-11-20-44-16.014-AvastVBoxSVC.exe-5360.log
2014-12-11 13:16 - 2014-12-11 13:17 - 00000197 _____ () C:\Windows\system32\2014-12-11-18-16-48.090-AvastVBoxSVC.exe-4368.log
2014-12-11 00:42 - 2014-12-11 21:51 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-12-11 00:42 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 00:42 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 00:37 - 2014-12-11 00:37 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-11 00:34 - 2014-12-11 00:34 - 00000197 _____ () C:\Windows\system32\2014-12-11-05-34-13.061-AvastVBoxSVC.exe-6076.log
2014-12-11 00:03 - 2014-12-11 00:03 - 00000197 _____ () C:\Windows\system32\2014-12-11-05-03-01.048-AvastVBoxSVC.exe-5812.log
2014-12-10 23:57 - 2014-12-10 23:57 - 00000197 _____ () C:\Windows\system32\2014-12-11-04-57-16.083-AvastVBoxSVC.exe-4456.log
2014-12-10 23:54 - 2014-12-11 00:00 - 00001766 _____ () C:\Windows\system32\.crusader
2014-12-10 23:50 - 2014-12-11 00:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-10 23:38 - 2014-12-10 23:38 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieUserList
2014-12-10 23:38 - 2014-12-10 23:38 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieSiteList
2014-12-10 23:38 - 2014-12-10 23:38 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieBrowserModeList
2014-12-10 23:18 - 2014-12-10 23:18 - 00000197 _____ () C:\Windows\system32\2014-12-11-04-18-19.045-AvastVBoxSVC.exe-5484.log
2014-12-10 21:47 - 2014-12-24 00:49 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\LavasoftStatistics
2014-12-10 21:47 - 2014-12-14 17:05 - 00004616 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2014-12-10 21:47 - 2014-12-14 17:05 - 00002448 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-10 21:47 - 2014-12-14 17:05 - 00002448 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2014-12-10 21:47 - 2014-11-27 10:44 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2014-12-10 21:47 - 2014-11-27 10:44 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2014-12-10 06:54 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 06:54 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 06:54 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 06:54 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 06:54 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 06:54 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 06:54 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 06:54 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 06:54 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 06:54 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 06:54 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 06:54 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 06:54 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 06:54 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 06:54 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 06:54 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 06:54 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 06:54 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 06:54 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 06:54 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 06:54 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 06:54 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 06:54 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 06:54 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 06:54 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 06:54 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 06:54 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 06:54 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 06:54 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 06:54 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 06:54 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 06:54 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 06:54 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 06:54 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 06:54 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 06:54 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 06:54 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 06:54 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 06:54 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 06:54 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 06:54 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 06:54 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 06:54 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 06:54 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 06:54 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 06:54 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 06:54 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 06:54 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 06:54 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 06:54 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 06:54 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 06:54 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 06:54 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 06:54 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 06:54 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 06:54 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 06:54 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 06:53 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 06:53 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 06:53 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 06:53 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 06:53 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 06:53 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 06:53 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 06:53 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 06:53 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 06:53 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 06:53 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 06:53 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 06:53 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 06:53 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 06:45 - 2014-12-10 06:46 - 00000197 _____ () C:\Windows\system32\2014-12-10-11-45-35.023-AvastVBoxSVC.exe-3356.log
2014-12-09 21:41 - 2014-12-09 21:41 - 00000197 _____ () C:\Windows\system32\2014-12-10-02-41-23.033-AvastVBoxSVC.exe-3468.log
2014-12-09 20:20 - 2014-12-09 20:20 - 00000197 _____ () C:\Windows\system32\2014-12-10-01-20-02.055-AvastVBoxSVC.exe-4660.log
2014-12-09 20:18 - 2014-12-11 22:14 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-09 18:28 - 2014-12-09 18:28 - 00000000 ____D () C:\Program Files (x86)\6cd887f2-b729-4c7f-ad31-97056ad39263
2014-12-09 06:34 - 2014-12-09 06:34 - 00000197 _____ () C:\Windows\system32\2014-12-09-11-34-01.059-AvastVBoxSVC.exe-2684.log
2014-12-08 07:52 - 2014-12-08 07:53 - 00000197 _____ () C:\Windows\system32\2014-12-08-12-52-27.037-AvastVBoxSVC.exe-2488.log
2014-12-07 08:12 - 2014-12-07 08:12 - 00000197 _____ () C:\Windows\system32\2014-12-07-13-12-43.032-AvastVBoxSVC.exe-2572.log
2014-12-07 08:03 - 2014-12-07 08:04 - 00000197 _____ () C:\Windows\system32\2014-12-07-13-03-56.057-AvastVBoxSVC.exe-2796.log
2014-12-06 15:23 - 2014-12-06 15:23 - 00000197 _____ () C:\Windows\system32\2014-12-06-20-23-53.070-AvastVBoxSVC.exe-2740.log
2014-12-06 15:18 - 2014-12-06 15:18 - 00000197 _____ () C:\Windows\system32\2014-12-06-20-18-05.032-AvastVBoxSVC.exe-2384.log
2014-12-06 09:07 - 2014-12-06 09:08 - 00000197 _____ () C:\Windows\system32\2014-12-06-14-07-27.050-AvastVBoxSVC.exe-2648.log
2014-12-05 07:05 - 2014-12-05 07:05 - 00000197 _____ () C:\Windows\system32\2014-12-05-12-05-13.020-AvastVBoxSVC.exe-2624.log
2014-12-04 07:07 - 2014-12-04 07:08 - 00000197 _____ () C:\Windows\system32\2014-12-04-12-07-42.079-AvastVBoxSVC.exe-2668.log
2014-12-03 07:31 - 2014-12-03 07:32 - 00000197 _____ () C:\Windows\system32\2014-12-03-12-31-30.012-AvastVBoxSVC.exe-2396.log
2014-12-02 20:44 - 2014-12-02 20:44 - 00000197 _____ () C:\Windows\system32\2014-12-03-01-44-13.076-AvastVBoxSVC.exe-2636.log
2014-12-02 20:21 - 2014-12-02 20:21 - 00000197 _____ () C:\Windows\system32\2014-12-03-01-21-06.047-AvastVBoxSVC.exe-2708.log
2014-12-02 20:13 - 2014-12-02 20:13 - 00000197 _____ () C:\Windows\system32\2014-12-03-01-13-18.044-AvastVBoxSVC.exe-2500.log
2014-12-02 09:52 - 2014-12-02 09:53 - 00000197 _____ () C:\Windows\system32\2014-12-02-14-52-57.038-AvastVBoxSVC.exe-2396.log
2014-12-02 07:04 - 2014-12-02 07:05 - 00000197 _____ () C:\Windows\system32\2014-12-02-12-04-54.063-AvastVBoxSVC.exe-2420.log
2014-12-01 06:31 - 2014-12-01 06:31 - 00000247 _____ () C:\Windows\system32\2014-12-01-11-31-13.072-aswFe.exe-4264.log
2014-12-01 06:29 - 2014-12-01 06:31 - 00000247 _____ () C:\Windows\system32\2014-12-01-11-29-35.025-aswFe.exe-5472.log
2014-12-01 06:29 - 2014-12-01 06:29 - 00000197 _____ () C:\Windows\system32\2014-12-01-11-29-32.095-AvastVBoxSVC.exe-1824.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-31 15:29 - 2009-07-13 21:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-31 15:23 - 2013-09-29 03:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 15:22 - 2009-07-14 00:13 - 00800244 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 15:17 - 2009-07-13 23:45 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-31 15:17 - 2009-07-13 23:45 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-31 15:16 - 2013-10-15 18:48 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-12-31 15:16 - 2013-09-29 01:56 - 00000000 ____D () C:\Users\Admin
2014-12-31 15:10 - 2013-10-01 02:06 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-12-31 15:10 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-28 22:09 - 2013-09-29 03:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-28 21:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-27 22:02 - 2013-09-29 03:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-25 12:58 - 2013-09-29 10:22 - 00000000 ____D () C:\Users\Alex
2014-12-20 14:54 - 2013-09-30 02:00 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0E65A735-DF72-4F91-86C2-10DF5A3EA764}
2014-12-20 11:04 - 2013-09-29 10:22 - 00000000 ____D () C:\Users\Sophia
2014-12-18 20:05 - 2014-07-22 20:32 - 00000000 ____D () C:\Users\Mom\AppData\Local\HP
2014-12-18 08:55 - 2013-10-03 07:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-15 22:47 - 2009-07-14 00:08 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-15 22:37 - 2013-12-24 11:02 - 00000793 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-15 22:37 - 2013-12-24 11:02 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-15 22:01 - 2014-11-13 20:42 - 00002191 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2014-12-15 22:01 - 2014-09-25 06:50 - 00000000 ____D () C:\Windows\Minidump
2014-12-14 16:39 - 2013-09-29 10:22 - 00000000 ____D () C:\Users\Ellie
2014-12-13 22:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 23:11 - 2013-09-29 03:17 - 00002252 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 22:30 - 2014-08-28 11:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-12-11 22:30 - 2014-02-10 22:37 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-11 15:45 - 2009-07-13 21:34 - 00000530 _____ () C:\Windows\win.ini
2014-12-11 13:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 00:47 - 2013-09-29 02:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 00:43 - 2013-09-29 02:43 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 00:38 - 2013-10-07 08:20 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-12-11 00:37 - 2013-10-07 08:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 00:00 - 2013-09-30 01:09 - 00000000 ____D () C:\Users\Mom
2014-12-10 23:58 - 2013-09-30 00:43 - 00000000 ____D () C:\Users\Gracie
2014-12-10 21:44 - 2013-09-29 10:21 - 00088704 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 18:28 - 2013-10-07 08:22 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-09 13:45 - 2014-09-09 10:21 - 00001138 _____ () C:\Users\Sophia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GP5.lnk
2014-12-09 13:45 - 2014-09-09 10:21 - 00001138 _____ () C:\Users\Sophia\AppData\Roaming\Microsoft\Windows\Start Menu\GP5.lnk
2014-12-02 19:53 - 2013-09-30 10:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\Windows Live
2014-12-02 10:12 - 2013-10-09 22:16 - 00088704 _____ () C:\Users\Gracie\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-02 09:55 - 2014-03-12 19:36 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A787374D-43B6-42B3-9B97-FB4B6707D848}
 
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
C:\Users\Sophia\AppData\Local\Temp\setup-gp5-updater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-25 15:34
 
==================== End Of Log ============================


#15 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 31 December 2014 - 11:53 PM

Hi Dlaudens :)

 

Happy New Year to you too!

 

I neglected to mention in my previous instructions that you need to have copied and pasted the addition.txt log in your next reply to me. If you did check the box for Addition.txt before you clicked on scan, you will find the log at, C:\FRST\Logs. If not, please run FRST64 again, check the box for Addition.txt, and then click on the Scan button. Then copy and paste the addition.txt log in your next reply to me.

 

Let me know if you have any questions.

 

polskamachina






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users