Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ads.adamoads.com


  • This topic is locked This topic is locked
15 replies to this topic

#1 hansh2

hansh2

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane, Australia
  • Local time:08:26 PM

Posted 11 January 2015 - 03:04 AM

I am not quite sure if this is the correct forum for my question but I hope it is.

As of yesterday 10/1 my Malwarebytes Anti Malware program is picking up the subject website as malware.

I have a screenshot of the scan result which actually shows that Firefox 34.0.5 is making the unwanted connection.

I have looked at the Firebox knowledge base which referred me to here.

Does anybody know how I can stop this site contacting Firefox or vice versa?

 

Attached File  adsadamoads.com - firefox exe.JPG   46.59KB   0 downloads

 

Any advice would be greatly appreciated. Kind thanks.



BC AdBot (Login to Remove)

 


m

#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:05:26 AM

Posted 11 January 2015 - 04:31 PM

:welcome:

 

Need to see some logs so we can see whats going on

 

 
1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  •  
    I just want to see the report....Please Do Not Fix Anything
     
    ============================================================================
     
     
     
     
    Please download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
    A simple way to check your system: Start --> Computer (right click) --> Properties
     
    FRST_zps5d956a1a.jpg
     
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Just keep the defaults as in the picture checkmarked
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #3 hansh2

    hansh2
    • Topic Starter

    • Members
    • 9 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Brisbane, Australia
    • Local time:08:26 PM

    Posted 12 January 2015 - 01:57 AM

    G'day Ken545, thanks for your response and your suggestions. I have followed all your instruction which worked well until I came to running the Farbar Tool. It started ok but appx half way through, I suddenly got a blue screen and a message which I couldn't write down because it didn't last very long. It stated something like this:

    "A problem has been detected and Windows must shutdown to avoid damage to your computer......." plus another 2 sentences. The computer shutdown and I had to restart again. Thinking it may have been the Farbar Tool, I uninstalled that and then re-downloaded it to start again. The second time all ran well and no interruptions during the Farbar scans.

    I have attached the three results for your perusal and hope that I have got all the details for you to decipher if I have a problem or not.

    Thanks for your next post.

    Attached File  aswMBR.txt   2.25KB   1 downloads

    Attached File  FRST.txt   35.28KB   1 downloads

    Attached File  Addition.txt   26.92KB   1 downloads

     

     

    aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
    Run date: 2015-01-12 15:35:27
    -----------------------------
    15:35:27.057    OS Version: Windows x64 6.1.7601 Service Pack 1
    15:35:27.057    Number of processors: 2 586 0x170A
    15:35:27.057    ComputerName: BLACKBEAUTY  UserName: Hans
    15:35:27.650    Initialize success
    15:35:27.681    VM: initialized successfully
    15:35:27.681    VM: Intel CPU supported virtualized 
    15:35:33.104    VM: supported disk I/O ataport.SYS
    15:35:36.629    AVAST engine defs: 15011101
    15:35:59.327    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
    15:35:59.327    Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
    15:35:59.421    Disk 0 MBR read successfully
    15:35:59.437    Disk 0 MBR scan
    15:35:59.437    Disk 0 Windows 7 default MBR code
    15:35:59.452    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
    15:35:59.452    Disk 0 Boot: NTFS     code=2
    15:35:59.483    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       483302 MB offset 206848
    15:35:59.515    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       470464 MB offset 990009344
    15:35:59.515    Disk 0 scanning C:\Windows\system32\drivers
    15:36:09.046    Service scanning
    15:36:27.657    Modules scanning
    15:36:27.657    Disk 0 trace - called modules:
    15:36:27.673    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
    15:36:27.673    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004926060]
    15:36:27.688    3 CLASSPNP.SYS[fffff880019ca43f] -> nt!IofCallDriver -> [0xfffffa80047e0520]
    15:36:27.688    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa80047d7060]
    15:36:28.187    AVAST engine scan C:\Windows
    15:36:29.560    AVAST engine scan C:\Windows\system32
    15:39:20.302    AVAST engine scan C:\Windows\system32\drivers
    15:40:04.747    AVAST engine scan C:\Users\Hans
    15:41:21.000    AVAST engine scan C:\ProgramData
    15:42:56.113    Disk 0 statistics 3638901/0/0 @ 5.82 MB/s
    15:42:56.129    Scan finished successfully
    15:43:28.920    Disk 0 MBR has been saved successfully to "C:\Users\Hans\Desktop\MBR.dat"
    15:43:28.936    The log file has been saved successfully to "C:\Users\Hans\Desktop\aswMBR.txt"
     
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015
    Ran by Hans (administrator) on BLACKBEAUTY on 12-01-2015 16:22:24
    Running from C:\Users\Hans\Desktop
    Loaded Profile: Hans (Available profiles: Hans & DefaultAppPool)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (ArcSoft, Inc.) C:\Users\Hans\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
    (Microsoft Corporation) C:\Windows\System32\snmp.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
    (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    (Logitech©) C:\Program Files (x86)\Logitech\G35\G35.exe
    () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    () C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465832 2010-09-07] (Realtek Semiconductor)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-08-01] (Logitech, Inc.)
    HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
    HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-03-24] (CANON INC.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
    HKLM-x32\...\Run: [Logitech G35] => C:\Program Files (x86)\Logitech\G35\G35.exe [1811800 2010-10-05] (Logitech©)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    BootExecute: autocheck autochk * sdnclean64.exe
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2843025847-2041325122-3153672473-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyEnable: [S-1-5-21-2843025847-2041325122-3153672473-1000] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-2843025847-2041325122-3153672473-1000] => localhost:21320
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
    HKU\S-1-5-21-2843025847-2041325122-3153672473-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2843025847-2041325122-3153672473-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Toolbar: HKLM - No Name - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} -  No File
    Toolbar: HKU\S-1-5-21-2843025847-2041325122-3153672473-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Hosts: Hosts file not detected in the default directory
    Tcpip\Parameters: [DhcpNameServer] 192.168.20.1
    Tcpip\..\Interfaces\{CF4C99F7-24C8-434C-AC4C-2EF7084A2D7C}: [NameServer] 220.233.0.4,220.233.0.3
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\6ksyry1b.default-1392547607755
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    FF Extension: Ant Video Downloader - C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\6ksyry1b.default-1392547607755\Extensions\anttoolbar@ant.com [2014-08-02]
    FF Extension: Click&amp;Clean - C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\6ksyry1b.default-1392547607755\Extensions\clickclean@hotcleaner.com [2014-02-16]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-23]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-03-08]
     
    Chrome: 
    =======
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-05]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-17]
    CHR HKLM-x32\...\Chrome\Extension: [jfemidifmoggeogcnblgoempfakkilmn] - C:\ProgramData\ADDICT-THING\jfemidifmoggeogcnblgoempfakkilmn.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-17] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-17] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-17] (Avast Software)
    R2 BackupService; C:\Users\Hans\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-02] (ArcSoft, Inc.)
    R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-14] (Microsoft Corporation)
    R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation)
    R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
    R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-17] ()
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-17] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-17] (AVAST Software)
    R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-17] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-17] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-17] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-17] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-17] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-17] ()
    S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
    S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
    S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
    S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-11] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-17] (Avast Software)
    U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
    S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    U3 aswMBR; \??\C:\Users\Hans\AppData\Local\Temp\aswMBR.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-12 16:22 - 2015-01-12 16:22 - 00015209 _____ () C:\Users\Hans\Desktop\FRST.txt
    2015-01-12 16:21 - 2015-01-12 16:21 - 02124288 _____ (Farbar) C:\Users\Hans\Desktop\FRST64.exe
    2015-01-12 15:48 - 2015-01-12 16:22 - 00000000 ____D () C:\FRST
    2015-01-12 15:43 - 2015-01-12 15:43 - 00002301 _____ () C:\Users\Hans\Desktop\aswMBR.txt
    2015-01-12 15:43 - 2015-01-12 15:43 - 00000512 _____ () C:\Users\Hans\Desktop\MBR.dat
    2015-01-12 15:33 - 2015-01-12 15:33 - 00000197 _____ () C:\Windows\system32\2015-01-12-05-33-57.006-AvastVBoxSVC.exe-3648.log
    2015-01-12 15:21 - 2015-01-12 15:22 - 05198336 _____ (AVAST Software) C:\Users\Hans\Desktop\aswMBR.exe
    2015-01-12 11:03 - 2015-01-12 11:03 - 00000197 _____ () C:\Windows\system32\2015-01-12-01-03-19.001-AvastVBoxSVC.exe-4044.log
    2015-01-11 21:42 - 2015-01-11 21:43 - 00000197 _____ () C:\Windows\system32\2015-01-11-11-42-23.006-AvastVBoxSVC.exe-4716.log
    2015-01-11 13:34 - 2015-01-11 13:34 - 00000247 _____ () C:\Windows\system32\2015-01-11-03-34-32.027-aswFe.exe-4972.log
    2015-01-11 13:31 - 2015-01-11 13:34 - 00000247 _____ () C:\Windows\system32\2015-01-11-03-31-05.075-aswFe.exe-3144.log
    2015-01-11 13:31 - 2015-01-11 13:31 - 00000197 _____ () C:\Windows\system32\2015-01-11-03-31-01.019-AvastVBoxSVC.exe-1480.log
    2015-01-11 13:31 - 2015-01-11 13:31 - 00000000 ____D () C:\Users\Hans\Documents\ProcAlyzer Dumps
    2015-01-11 11:35 - 2015-01-11 11:36 - 00000197 _____ () C:\Windows\system32\2015-01-11-01-35-43.038-AvastVBoxSVC.exe-4680.log
    2015-01-10 17:23 - 2015-01-10 17:23 - 00000197 _____ () C:\Windows\system32\2015-01-10-07-23-00.055-AvastVBoxSVC.exe-3492.log
    2015-01-10 10:42 - 2015-01-10 10:43 - 00000197 _____ () C:\Windows\system32\2015-01-10-00-42-23.033-AvastVBoxSVC.exe-4064.log
    2015-01-09 23:09 - 2015-01-09 23:09 - 00000197 _____ () C:\Windows\system32\2015-01-09-13-09-02.005-AvastVBoxSVC.exe-4008.log
    2015-01-09 16:37 - 2015-01-09 16:37 - 00000197 _____ () C:\Windows\system32\2015-01-09-06-37-16.039-AvastVBoxSVC.exe-4656.log
    2015-01-09 14:16 - 2015-01-09 14:16 - 00000197 _____ () C:\Windows\system32\2015-01-09-04-16-27.008-AvastVBoxSVC.exe-4692.log
    2015-01-09 10:58 - 2015-01-09 10:58 - 00000197 _____ () C:\Windows\system32\2015-01-09-00-58-06.048-AvastVBoxSVC.exe-4820.log
    2015-01-08 15:21 - 2015-01-08 15:21 - 00000197 _____ () C:\Windows\system32\2015-01-08-05-21-42.075-AvastVBoxSVC.exe-3504.log
    2015-01-08 09:51 - 2015-01-08 09:51 - 00000197 _____ () C:\Windows\system32\2015-01-07-23-51-25.099-AvastVBoxSVC.exe-3692.log
    2015-01-07 16:41 - 2015-01-07 16:41 - 00000197 _____ () C:\Windows\system32\2015-01-07-06-41-45.050-AvastVBoxSVC.exe-3900.log
    2015-01-07 10:34 - 2015-01-07 10:34 - 00000197 _____ () C:\Windows\system32\2015-01-07-00-34-09.034-AvastVBoxSVC.exe-4580.log
    2015-01-06 12:55 - 2015-01-06 12:55 - 00000197 _____ () C:\Windows\system32\2015-01-06-02-55-36.047-AvastVBoxSVC.exe-3472.log
    2015-01-06 09:13 - 2015-01-06 09:14 - 00000197 _____ () C:\Windows\system32\2015-01-05-23-13-48.042-AvastVBoxSVC.exe-3632.log
    2015-01-05 16:24 - 2015-01-05 16:24 - 00000197 _____ () C:\Windows\system32\2015-01-05-06-24-01.027-AvastVBoxSVC.exe-3544.log
    2015-01-05 11:23 - 2015-01-05 11:24 - 00000197 _____ () C:\Windows\system32\2015-01-05-01-23-30.006-AvastVBoxSVC.exe-3732.log
    2015-01-04 21:40 - 2015-01-04 21:40 - 00000197 _____ () C:\Windows\system32\2015-01-04-11-40-40.099-AvastVBoxSVC.exe-4080.log
    2015-01-04 15:05 - 2015-01-04 15:06 - 00000197 _____ () C:\Windows\system32\2015-01-04-05-05-58.019-AvastVBoxSVC.exe-3844.log
    2015-01-04 11:36 - 2015-01-04 11:37 - 00000197 _____ () C:\Windows\system32\2015-01-04-01-36-57.045-AvastVBoxSVC.exe-4796.log
    2015-01-03 11:30 - 2015-01-03 11:31 - 00000197 _____ () C:\Windows\system32\2015-01-03-01-30-33.075-AvastVBoxSVC.exe-4672.log
    2015-01-02 20:44 - 2015-01-02 20:45 - 00000197 _____ () C:\Windows\system32\2015-01-02-10-44-45.038-AvastVBoxSVC.exe-3568.log
    2015-01-02 15:47 - 2015-01-02 15:47 - 00000197 _____ () C:\Windows\system32\2015-01-02-05-47-40.026-AvastVBoxSVC.exe-3464.log
    2015-01-02 09:41 - 2015-01-02 09:41 - 00000197 _____ () C:\Windows\system32\2015-01-01-23-41-05.076-AvastVBoxSVC.exe-3624.log
    2015-01-01 22:49 - 2015-01-01 22:49 - 00000197 _____ () C:\Windows\system32\2015-01-01-12-49-12.097-AvastVBoxSVC.exe-2184.log
    2015-01-01 16:17 - 2015-01-01 16:17 - 00000197 _____ () C:\Windows\system32\2015-01-01-06-17-38.011-AvastVBoxSVC.exe-4324.log
    2015-01-01 10:54 - 2015-01-01 10:55 - 00000197 _____ () C:\Windows\system32\2015-01-01-00-54-59.071-AvastVBoxSVC.exe-4848.log
    2014-12-31 16:22 - 2014-12-31 16:22 - 00000197 _____ () C:\Windows\system32\2014-12-31-06-22-43.043-AvastVBoxSVC.exe-3704.log
    2014-12-31 13:24 - 2014-12-31 13:24 - 00001424 _____ () C:\Users\Hans\Desktop\1) Glucose to 31-3-15.xlsx.lnk
    2014-12-31 11:07 - 2014-12-31 11:08 - 00000197 _____ () C:\Windows\system32\2014-12-31-01-07-52.093-AvastVBoxSVC.exe-4224.log
    2014-12-30 16:15 - 2014-12-30 16:15 - 00000197 _____ () C:\Windows\system32\2014-12-30-06-15-18.090-AvastVBoxSVC.exe-3388.log
    2014-12-30 11:30 - 2014-12-30 11:31 - 00000197 _____ () C:\Windows\system32\2014-12-30-01-30-56.077-AvastVBoxSVC.exe-3704.log
    2014-12-29 16:43 - 2014-12-29 16:44 - 00000197 _____ () C:\Windows\system32\2014-12-29-06-43-49.037-AvastVBoxSVC.exe-3900.log
    2014-12-29 11:32 - 2014-12-29 11:33 - 00000197 _____ () C:\Windows\system32\2014-12-29-01-32-21.064-AvastVBoxSVC.exe-3864.log
    2014-12-28 11:29 - 2014-12-28 11:29 - 00000197 _____ () C:\Windows\system32\2014-12-28-01-29-16.091-AvastVBoxSVC.exe-4308.log
    2014-12-27 11:27 - 2014-12-27 11:27 - 00000197 _____ () C:\Windows\system32\2014-12-27-01-27-13.019-AvastVBoxSVC.exe-4576.log
    2014-12-26 18:57 - 2014-12-26 18:57 - 00000247 _____ () C:\Windows\system32\2014-12-26-08-57-49.055-aswFe.exe-1444.log
    2014-12-26 18:54 - 2014-12-26 18:57 - 00000247 _____ () C:\Windows\system32\2014-12-26-08-54-46.055-aswFe.exe-4628.log
    2014-12-26 18:54 - 2014-12-26 18:54 - 00000197 _____ () C:\Windows\system32\2014-12-26-08-54-43.011-AvastVBoxSVC.exe-5252.log
    2014-12-26 16:47 - 2014-12-26 16:47 - 00000197 _____ () C:\Windows\system32\2014-12-26-06-47-15.091-AvastVBoxSVC.exe-4332.log
    2014-12-26 13:23 - 2014-12-26 13:23 - 00000197 _____ () C:\Windows\system32\2014-12-26-03-23-09.023-AvastVBoxSVC.exe-4068.log
    2014-12-26 11:13 - 2014-12-26 11:14 - 00000197 _____ () C:\Windows\system32\2014-12-26-01-13-55.087-AvastVBoxSVC.exe-4496.log
    2014-12-25 16:20 - 2014-12-25 16:20 - 00000197 _____ () C:\Windows\system32\2014-12-25-06-20-28.057-AvastVBoxSVC.exe-4016.log
    2014-12-25 11:08 - 2014-12-25 11:09 - 00000197 _____ () C:\Windows\system32\2014-12-25-01-08-27.040-AvastVBoxSVC.exe-4748.log
    2014-12-24 21:50 - 2014-12-24 21:51 - 00000197 _____ () C:\Windows\system32\2014-12-24-11-50-50.043-AvastVBoxSVC.exe-2512.log
    2014-12-24 17:08 - 2014-12-24 17:08 - 00000197 _____ () C:\Windows\system32\2014-12-24-07-08-36.077-AvastVBoxSVC.exe-4784.log
    2014-12-24 13:37 - 2014-12-24 13:37 - 00000197 _____ () C:\Windows\system32\2014-12-24-03-37-39.091-AvastVBoxSVC.exe-3688.log
    2014-12-24 10:49 - 2014-12-24 10:49 - 00000197 _____ () C:\Windows\system32\2014-12-24-00-49-27.076-AvastVBoxSVC.exe-3656.log
    2014-12-23 16:20 - 2014-12-23 16:20 - 00000197 _____ () C:\Windows\system32\2014-12-23-06-20-31.020-AvastVBoxSVC.exe-3828.log
    2014-12-23 13:57 - 2014-12-23 13:57 - 00000197 _____ () C:\Windows\system32\2014-12-23-03-57-40.011-AvastVBoxSVC.exe-3856.log
    2014-12-23 10:48 - 2014-12-23 10:48 - 00000197 _____ () C:\Windows\system32\2014-12-23-00-48-06.048-AvastVBoxSVC.exe-3564.log
    2014-12-22 16:47 - 2014-12-22 16:47 - 00000197 _____ () C:\Windows\system32\2014-12-22-06-47-49.059-AvastVBoxSVC.exe-3772.log
    2014-12-22 12:25 - 2014-12-22 12:25 - 00000197 _____ () C:\Windows\system32\2014-12-22-02-25-51.062-AvastVBoxSVC.exe-3632.log
    2014-12-22 09:14 - 2014-12-22 09:14 - 00000197 _____ () C:\Windows\system32\2014-12-21-23-14-09.089-AvastVBoxSVC.exe-2076.log
    2014-12-21 22:23 - 2014-12-21 22:23 - 00000197 _____ () C:\Windows\system32\2014-12-21-12-23-44.029-AvastVBoxSVC.exe-3500.log
    2014-12-21 22:01 - 2014-12-21 22:01 - 00000197 _____ () C:\Windows\system32\2014-12-21-12-01-12.003-AvastVBoxSVC.exe-3428.log
    2014-12-21 21:51 - 2014-10-18 12:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-12-21 21:51 - 2014-10-18 11:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2014-12-21 21:50 - 2014-11-25 08:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-12-21 21:50 - 2014-11-25 07:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2014-12-21 21:50 - 2014-11-25 07:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-12-21 21:50 - 2014-11-25 07:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-12-21 21:50 - 2014-11-25 07:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-12-21 21:50 - 2014-11-25 07:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-12-21 21:50 - 2014-11-25 07:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-12-21 21:50 - 2014-11-25 07:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-12-21 21:50 - 2014-11-25 07:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-12-21 21:50 - 2014-11-25 07:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-12-21 21:50 - 2014-11-25 07:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-12-21 21:50 - 2014-11-25 07:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-12-21 21:50 - 2014-11-25 07:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-12-21 21:50 - 2014-11-25 07:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-12-21 21:50 - 2014-11-25 07:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-12-21 21:50 - 2014-11-25 07:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-12-21 21:50 - 2014-11-25 07:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-12-21 21:50 - 2014-11-25 07:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-12-21 21:50 - 2014-11-25 07:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-12-21 21:50 - 2014-11-25 07:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-12-21 21:50 - 2014-11-25 07:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-12-21 21:50 - 2014-11-25 07:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-12-21 21:50 - 2014-11-25 06:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2014-12-21 21:50 - 2014-11-25 06:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-12-21 21:50 - 2014-11-25 06:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-12-21 21:50 - 2014-11-25 06:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-12-21 21:50 - 2014-11-25 06:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-12-21 21:50 - 2014-11-25 06:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-12-21 21:50 - 2014-11-25 06:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-12-21 21:50 - 2014-11-25 06:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2014-12-21 21:50 - 2014-11-25 06:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-12-21 21:50 - 2014-11-25 06:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-12-21 21:50 - 2014-11-25 06:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-12-21 21:50 - 2014-11-25 06:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-12-21 21:50 - 2014-11-25 06:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-12-21 21:50 - 2014-11-25 06:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-12-21 21:50 - 2014-11-25 06:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2014-12-21 21:50 - 2014-11-25 06:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-12-21 21:50 - 2014-11-25 06:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-12-21 21:50 - 2014-11-25 06:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-12-21 21:50 - 2014-11-25 06:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-12-21 21:50 - 2014-11-25 06:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-12-21 21:50 - 2014-11-25 06:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2014-12-21 21:50 - 2014-11-25 06:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2014-12-21 21:50 - 2014-11-11 13:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-12-21 21:50 - 2014-11-11 12:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-12-21 21:50 - 2014-11-11 11:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2014-12-21 21:50 - 2014-11-08 13:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-12-21 21:50 - 2014-11-08 12:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-12-21 21:50 - 2014-10-30 12:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2014-12-21 21:50 - 2014-10-30 11:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
    2014-12-21 21:50 - 2014-10-03 12:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2014-12-21 21:50 - 2014-10-03 12:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2014-12-21 21:50 - 2014-10-03 12:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2014-12-21 21:50 - 2014-10-03 12:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2014-12-21 21:50 - 2014-10-03 12:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2014-12-21 21:50 - 2014-10-03 11:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2014-12-21 21:50 - 2014-10-03 11:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2014-12-21 21:50 - 2014-10-03 11:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2014-12-21 21:50 - 2014-10-03 11:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2014-12-21 21:50 - 2014-10-03 11:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2014-12-21 21:38 - 2014-12-21 21:38 - 00000197 _____ () C:\Windows\system32\2014-12-21-11-38-10.074-AvastVBoxSVC.exe-3840.log
    2014-12-21 21:36 - 2014-11-17 13:20 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-12 16:15 - 2013-10-04 17:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-12 16:15 - 2013-10-04 17:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-12 15:51 - 2009-07-14 15:13 - 00862872 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-12 15:36 - 2009-07-14 14:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-12 15:36 - 2009-07-14 14:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-12 15:35 - 2014-03-30 22:14 - 00000000 ____D () C:\Windows\Minidump
    2015-01-12 15:34 - 2013-11-29 20:55 - 01232167 ____N () C:\Windows\WindowsUpdate.log
    2015-01-12 15:31 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-12 15:30 - 2010-10-14 21:24 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
    2015-01-12 11:05 - 2012-03-20 12:45 - 00000000 ____D () C:\Users\Hans\AppData\Roaming\MailWasherFree
    2015-01-12 11:02 - 2013-06-03 20:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-01-11 18:16 - 2011-01-24 21:15 - 00000000 ____D () C:\Users\Hans\Desktop\Miscell
    2015-01-11 17:50 - 2014-08-30 22:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-10 22:06 - 2011-01-24 21:19 - 00000000 ____D () C:\Users\Hans\Desktop\Silverpeers
    2015-01-08 15:19 - 2010-10-14 12:46 - 00000000 ____D () C:\Users\Hans
    2015-01-08 15:17 - 2014-12-09 21:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-08 15:17 - 2014-08-04 12:23 - 00000000 ____D () C:\Users\DefaultAppPool
    2015-01-08 15:17 - 2013-07-31 13:59 - 00000000 ____D () C:\Windows\system32\BestPractices
    2015-01-08 15:17 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
    2015-01-08 15:17 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\inetsrv
    2015-01-08 15:17 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\registration
    2015-01-08 15:17 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\AppCompat
    2015-01-08 15:16 - 2013-07-31 13:59 - 00000000 ____D () C:\inetpub
    2015-01-08 15:16 - 2010-10-14 17:46 - 00000000 ____D () C:\Users\Hans\AppData\Roaming\Skype
    2015-01-07 13:11 - 2014-01-18 19:08 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-01-07 13:11 - 2014-01-18 19:08 - 00000000 ____D () C:\Program Files\CCleaner
    2015-01-03 19:52 - 2010-11-01 16:36 - 00000000 ___RD () C:\Users\Hans\Desktop\Briefcase (A)
    2015-01-02 23:32 - 2011-12-23 11:18 - 00000000 ____D () C:\Users\Hans\Desktop\Odds & Ends
    2014-12-27 15:11 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-12-25 16:57 - 2011-12-25 17:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-12-24 20:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
    2014-12-21 22:18 - 2014-09-13 13:59 - 00000000 ____D () C:\Users\Hans\AppData\Local\Adobe
    2014-12-21 22:18 - 2013-11-06 18:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-12-21 22:18 - 2013-11-06 18:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-21 21:56 - 2013-07-11 10:23 - 00000000 ____D () C:\Windows\system32\MRT
    2014-12-21 21:52 - 2010-10-15 10:37 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-12-21 21:30 - 2014-12-06 20:29 - 00000000 ____D () C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP (x64)
    2014-12-21 21:30 - 2011-12-21 11:40 - 00000000 ____D () C:\Windows\system32\Macromed
    2014-12-21 21:30 - 2010-10-14 21:35 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
    2014-12-21 21:30 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\servicing
    2014-12-21 21:30 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-12-18 18:18 - 2009-07-14 15:08 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
     
    Files to move or delete:
    ====================
    C:\Users\Hans\cnmss Canon MP560 series Printer (Local).dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-01-04 20:05
     
    ==================== End Of Log ============================
     
     
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015
    Ran by Hans at 2015-01-12 16:22:47
    Running from C:\Users\Hans\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Any Video Converter 5.6.4 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
    Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
    Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.56.01 - Broadcom Corporation)
    CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
    Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
    Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
    Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
    Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
    Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version:  - )
    eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Logitech G35 (HKLM\...\{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}) (Version: 1.1.178 - Logitech)
    Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
    Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
    Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
    Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
    LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
    MailWasher Free 6.5.4 (HKLM-x32\...\MailWasher Free_is1) (Version:  - FireTrust Limited)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
    Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
    MyFreeCodec (HKU\S-1-5-21-2843025847-2041325122-3153672473-1000\...\MyFreeCodec) (Version:  - )
    NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
    NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
    NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
    PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
    PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.4 - Sophos Limited)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    TuneUp Utilities 2014 (en-GB) (x32 Version: 14.0.1000.90 - TuneUp Software) Hidden
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Windows Driver Package - eMPIA Technology (USB28xxBGA) Media  (12/02/2009 5.2009.1202.0) (HKLM\...\9FB0FFCEBDD18CDE064ABAEB5BDA53CA8F892859) (Version: 12/02/2009 5.2009.1202.0 - eMPIA Technology)
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
     
    ==================== Restore Points  =========================
     
    15-10-2014 12:21:07 Windows Update
    22-10-2014 15:50:46 Scheduled Checkpoint
    24-10-2014 18:39:41 Restore Operation
    02-11-2014 12:42:43 Scheduled Checkpoint
    13-11-2014 17:48:01 Windows Update
    17-11-2014 13:18:16 avast! antivirus system restore point
    17-11-2014 13:20:56 Device Driver Package Install: Avast Network Service
    19-11-2014 19:28:06 Windows Update
    20-11-2014 16:36:56 after boot-scan
    28-11-2014 11:41:09 Scheduled Checkpoint
    30-11-2014 20:26:59 Windows Backup
    30-11-2014 21:32:59 Windows Backup
    10-12-2014 11:31:41 Windows Update
    12-12-2014 12:56:54 Windows Update
    21-12-2014 17:24:29 Restore Operation
    21-12-2014 17:30:18 avast! antivirus system restore point
    21-12-2014 17:32:18 Device Driver Package Install: Avast Network Service
    21-12-2014 17:36:48 Windows Update
    21-12-2014 19:57:30 Restore Operation
    21-12-2014 21:33:42 avast! antivirus system restore point
    21-12-2014 21:37:29 Device Driver Package Install: Avast Network Service
    21-12-2014 21:50:50 Windows Update
    30-12-2014 13:06:18 Scheduled Checkpoint
    06-01-2015 17:17:46 Scheduled Checkpoint
    08-01-2015 13:11:53 Windows Modules Installer
    08-01-2015 15:14:50 Restore Operation
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {03A71A88-5879-4AC5-92DE-CE2A3FF8B5C6} - System32\Tasks\{53E2B534-45DB-45B3-8E89-B96F2754EE69} => pcalua.exe -a "F:\HP SimpleSave Application\BackupServiceInstaller.exe" -d "F:\HP SimpleSave Application"
    Task: {1BEB59FD-B278-4525-AFC1-20D642BCB971} - System32\Tasks\{51E5AC9F-77C7-4B72-B57E-60057657C547} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
    Task: {21F4ABE3-BAB8-407A-8BFB-8D655A076C9B} - System32\Tasks\Malwarebytes Anti-Exploit => C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe
    Task: {37DAF3C0-9E0B-46BD-B7CB-9820EA561B7A} - System32\Tasks\{ED75701C-A014-497A-8F78-03768BB96A17} => pcalua.exe -a C:\Users\Hans\AppData\Roaming\SystemRequirementsLab\SystemRequirementsLab.exe -d C:\Users\Hans\AppData\Roaming\SystemRequirementsLab
    Task: {38ADAAF5-D095-4A5D-B493-FE11BCF02B61} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-04] (Google Inc.)
    Task: {47E78CC9-6B09-4CB0-933F-5DD0A80AE8AE} - System32\Tasks\{9D542CE4-1511-43B3-8653-6C60B23B53EB} => pcalua.exe -a "C:\Program Files (x86)\Safer Networking\RunAlyzer\RunAlyzer.exe" -d "C:\Program Files (x86)\Safer Networking\RunAlyzer"
    Task: {73DC2F5E-C0DC-40FF-A9E5-B45EFD3B6631} - System32\Tasks\{D98C31DF-10DB-4F6E-9287-66D65783852E} => C:\Users\Hans\Desktop\dotnetfx35setup.exe
    Task: {77865963-CF4D-460C-83AF-6951319987B2} - System32\Tasks\{37339C1A-C70A-4E36-8DCF-C54F64722B35} => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\vstudio.exe
    Task: {7B301766-332C-42D6-899B-ECF95321DB7C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
    Task: {8322BD2F-F6B0-450F-A6ED-80DF08F393E4} - System32\Tasks\{B3A2D171-5B78-4C8A-9CB6-B5226A76F5D6} => Firefox.exe http://ui.skype.com/ui/0/5.1.0.112/en/eula
    Task: {8864A2CE-260E-49E1-A94C-97A7875A3828} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-04] (Google Inc.)
    Task: {8D9CBCAB-CDD1-466D-BAF3-448970947081} - System32\Tasks\{7357AB4C-4C38-4598-9793-98201A9E58E9} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/en/eula
    Task: {8F7C4A14-BBBC-4E2F-A54C-A5F3AFEEC393} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {983FD6C9-766E-466F-BC38-5EA624C01567} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {AF66897A-513D-4F4F-B954-09DFABD60941} - System32\Tasks\{3083D7AA-AA87-4447-926C-FAB631DC243D} => pcalua.exe -a C:\Users\Hans\Desktop\jxpiinstall.exe -d C:\Users\Hans\Desktop
    Task: {B18A4530-E268-4B4B-9EC5-D5F8073E8E0C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-17] (AVAST Software)
    Task: {CEFB50A4-DCF8-496A-95A3-A6BC0E35FEDE} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
    Task: {D2FAB7D4-A9D9-482D-8220-3C03EFF28DDF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-13] (Piriform Ltd)
    Task: {D554C28B-EB18-41EE-AED6-727C1014701F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {E18C5B07-A443-4C55-B0F9-C630B34D99A0} - System32\Tasks\{5432ADC1-46B4-44E8-9305-C8FE06535391} => pcalua.exe -a C:\Windows\SysWOW64\DivXControlPanelApplet.cpl -c DivX Control Panel
    Task: {EB54E72B-42A1-4600-981D-BE17C9098324} - System32\Tasks\{72FE42EF-3651-4609-829B-635C4023A45B} => Firefox.exe 
    Task: {F94003CB-F2DD-4EA9-8E01-9F83B6EA7845} - System32\Tasks\{FD5FD4AB-3674-4AAE-8CBD-C5FB1898847C} => pcalua.exe -a C:\Users\Hans\Desktop\mproxy12.exe -d C:\Users\Hans\Desktop
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Malwarebytes Anti-Exploit.job => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2012-11-14 10:35 - 2014-07-03 04:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-11-17 13:19 - 2014-11-17 13:19 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
    2014-11-17 13:19 - 2014-11-17 13:19 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
    2011-11-11 14:07 - 2011-11-11 14:07 - 00265240 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    2011-08-12 12:19 - 2011-08-12 12:19 - 00680984 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    2015-01-12 11:03 - 2015-01-12 11:03 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011101\algo.dll
    2014-11-17 13:19 - 2014-11-17 13:19 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
    2014-08-29 18:08 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-08-29 18:08 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-08-29 18:08 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-08-29 18:08 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2014-08-29 18:08 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2011-08-12 12:18 - 2011-08-12 12:18 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
    2011-08-12 12:18 - 2011-08-12 12:18 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
    2011-08-12 12:18 - 2011-08-12 12:18 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
    2011-08-12 12:18 - 2011-08-12 12:18 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
    2011-08-12 12:18 - 2011-08-12 12:18 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
    2011-11-11 14:09 - 2011-11-11 14:09 - 00336408 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
    2014-11-17 13:20 - 2014-11-17 13:20 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-12-09 21:23 - 2014-12-09 21:23 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-2843025847-2041325122-3153672473-500 - Administrator - Disabled)
    Guest (S-1-5-21-2843025847-2041325122-3153672473-501 - Limited - Disabled)
    Hans (S-1-5-21-2843025847-2041325122-3153672473-1000 - Administrator - Enabled) => C:\Users\Hans
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (01/12/2015 03:34:53 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
    Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2843025847-2041325122-3153672473-1000}/">.
     
    Error: (01/12/2015 00:51:03 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
    Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2843025847-2041325122-3153672473-1000}/">.
     
    Error: (01/11/2015 01:25:36 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2843025847-2041325122-3153672473-1501.bak).  hr = 0x80070539, The security ID structure is invalid.
    .
     
     
    Operation:
       OnIdentify event
       Gathering Writer Data
     
    Context:
       Execution Context: Shadow Copy Optimization Writer
       Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
       Writer Name: Shadow Copy Optimization Writer
       Writer Instance ID: {55858924-666b-44a4-8fc3-566c62c9fe33}
     
    Error: (01/11/2015 01:25:11 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2843025847-2041325122-3153672473-1501.bak).  hr = 0x80070539, The security ID structure is invalid.
    .
     
     
    Operation:
       OnIdentify event
       Gathering Writer Data
     
    Context:
       Execution Context: Shadow Copy Optimization Writer
       Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
       Writer Name: Shadow Copy Optimization Writer
       Writer Instance ID: {55858924-666b-44a4-8fc3-566c62c9fe33}
     
    Error: (01/11/2015 01:34:23 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
    Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2843025847-2041325122-3153672473-1000}/">.
     
    Error: (01/09/2015 11:57:28 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
    Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2843025847-2041325122-3153672473-1000}/">.
     
    Error: (01/09/2015 02:58:10 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
    Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2843025847-2041325122-3153672473-1000}/">.
     
    Error: (01/09/2015 02:51:09 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
     
    Error: (01/09/2015 10:57:50 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
    Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2843025847-2041325122-3153672473-1000}/">.
     
    Error: (01/09/2015 10:57:21 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: The index cannot be initialized.
     
     
    Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
     
     
    System errors:
    =============
    Error: (01/12/2015 04:09:55 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
     
    Error: (01/12/2015 03:31:35 PM) (Source: SNMP) (EventID: 1500) (User: )
    Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
     
    Error: (01/12/2015 03:31:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: 
    %%1058
     
    Error: (01/12/2015 03:30:55 PM) (Source: BugCheck) (EventID: 1001) (User: )
    Description: 0x00000109 (0xa3a039d89a858544, 0xb3b7465eed03c2be, 0xfffff80000b93080, 0x0000000000000002)C:\Windows\MEMORY.DMP011215-32058-01
     
    Error: (01/12/2015 03:30:55 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 3:28:46 PM on ‎12/‎01/‎2015 was unexpected.
     
    Error: (01/12/2015 11:02:36 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
     
    Error: (01/12/2015 11:02:23 AM) (Source: SNMP) (EventID: 1500) (User: )
    Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
     
    Error: (01/12/2015 11:02:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: 
    %%1058
     
    Error: (01/11/2015 09:41:28 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
     
    Error: (01/11/2015 09:41:04 PM) (Source: SNMP) (EventID: 1500) (User: )
    Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
     
     
    Microsoft Office Sessions:
    =========================
     
    CodeIntegrity Errors:
    ===================================
      Date: 2014-05-13 21:37:05.280
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2014-05-13 21:37:05.218
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2014-05-10 17:57:09.912
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2014-05-10 17:57:09.862
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2014-05-10 17:54:28.895
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2014-05-10 17:54:28.848
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2014-05-10 17:53:55.901
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2014-05-10 17:53:55.854
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2014-05-10 17:52:17.122
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2014-05-10 17:52:17.075
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
    Percentage of memory in use: 45%
    Total physical RAM: 4084.6 MB
    Available physical RAM: 2243.67 MB
    Total Pagefile: 8167.38 MB
    Available Pagefile: 6101.91 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:471.97 GB) (Free:392.8 GB) NTFS
    Drive e: (New Volume) (Fixed) (Total:459.44 GB) (Free:446.55 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CF8AB8B9)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=472 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=459.4 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================
     

    Edited by ken545, 12 January 2015 - 06:36 AM.


    #4 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:05:26 AM

    Posted 12 January 2015 - 06:59 AM

    Morning,

     

    You have a lot of entries with File Missing , not sure whats going on with that. Also if you can just copy and paste the logs we ask for into the forum it would be great, I prefer that in lieu of attaching them

     

    Your Hosts file is missing or corrupt and your internet access is going through a bad proxy

     

    Lets set Firefox back to defaults

     

    •  
    • Open Firefox
    • Click on Help > Troubleshooting Information > Reset Firefox to its default state
     
     
     
    ================================================================
     
    I am attaching a Fixlist file, save it to your desktop where you have FRST, then open FRST and click on Fix, it will reboot your system and there will be a Fixlog file on your desktop, post it please
     
     
    ===========================================================
     
     

     
    -AdwCleaner-by Xplode
     
    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
     
    Do not click on any links in the top Advertisment.
     
    •  
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
     
     
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    •  
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
     
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
    •  
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
     
     
    MBAM203_zps0a230260.jpg
     
    •  
    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<------------
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished click on VIEW DETAILED LOG
    • When it opens click on COPY TO CLIPBOARD
    • Then paste the log back into this thread for review
    • Exit Malwarebytes
     
     
     
     
     
     

     

    Attached Files


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #5 hansh2

    hansh2
    • Topic Starter

    • Members
    • 9 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Brisbane, Australia
    • Local time:08:26 PM

    Posted 12 January 2015 - 10:27 AM

    Hi Ken545,

    Not sure what happened with missing files but grandson often comes over and plays with computer. I think he is quite good but can't vouch for it.

    I done what you have asked me to do and will paste the logs below. The ADWCleaner produced two logs instead of one, but both hereunder.

     

    Fixlog:

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2015
    Ran by Hans at 2015-01-12 23:51:17 Run:1
    Running from C:\Users\Hans\Desktop
    Loaded Profile: Hans (Available profiles: Hans & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2843025847-2041325122-3153672473-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyEnable: [S-1-5-21-2843025847-2041325122-3153672473-1000] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-2843025847-2041325122-3153672473-1000] => localhost:21320
    Toolbar: HKU\S-1-5-21-2843025847-2041325122-3153672473-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
    CHR HKLM-x32\...\Chrome\Extension: [jfemidifmoggeogcnblgoempfakkilmn] - C:\ProgramData\ADDICT-THING\jfemidifmoggeogcnblgoempfakkilmn.crx [Not Found]
    Task: {AF66897A-513D-4F4F-B954-09DFABD60941} - System32\Tasks\{3083D7AA-AA87-4447-926C-FAB631DC243D} => pcalua.exe -a C:\Users\Hans\Desktop\jxpiinstall.exe -d C:\Users\Hans\Desktop
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End

    *****************

    Processes closed successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-21-2843025847-2041325122-3153672473-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKU\S-1-5-21-2843025847-2041325122-3153672473-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
    HKU\S-1-5-21-2843025847-2041325122-3153672473-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
    HKU\S-1-5-21-2843025847-2041325122-3153672473-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
    HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfemidifmoggeogcnblgoempfakkilmn" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF66897A-513D-4F4F-B954-09DFABD60941}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF66897A-513D-4F4F-B954-09DFABD60941}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{3083D7AA-AA87-4447-926C-FAB631DC243D} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3083D7AA-AA87-4447-926C-FAB631DC243D}" => Key deleted successfully.

    =========  ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    Hosts was reset successfully.
    EmptyTemp: => Removed 108.7 MB temporary data.


    The system needed a reboot.

    =======================================================

     

    ADWClean SOJ:

     

    # AdwCleaner v4.107 - Report created 13/01/2015 at 00:04:46
    # Updated 07/01/2015 by Xplode
    # Database : 2015-01-11.2 [Live]
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : Hans - BLACKBEAUTY
    # Running from : C:\Users\Hans\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\Users\Hans\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\5p3f20df.default\Extensions\anttoolbar@ant.com
    Folder Deleted : C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\i0ijxc0k.default-1385691983497\Extensions\anttoolbar@ant.com
    Folder Deleted : C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\6ksyry1b.default-1392547607755\Extensions\clickclean@hotcleaner.com
    Folder Deleted : C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\i0ijxc0k.default-1385691983497\Extensions\clickclean@hotcleaner.com
    File Deleted : C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\bdw66q6o.default-1353056733701\user.js
    File Deleted : C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\i0ijxc0k.default-1385691983497\user.js

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Myfree Codec
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\Myfree Codec

    ***** [ Browsers ] *****

    -\\ Internet Explorer v0.0.0.0


    -\\ Mozilla Firefox v34.0.5 (x86 en-GB)


    *************************

    AdwCleaner[R0].txt - [2132 octets] - [13/01/2015 00:02:02]
    AdwCleaner[S0].txt - [1941 octets] - [13/01/2015 00:04:46]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2001 octets] ##########

     

    ADWClean ROJ:

     

    # AdwCleaner v4.107 - Report created 13/01/2015 at 00:02:02
    # Updated 07/01/2015 by Xplode
    # Database : 2015-01-11.2 [Live]
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : Hans - BLACKBEAUTY
    # Running from : C:\Users\Hans\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\bdw66q6o.default-1353056733701\user.js
    File Found : C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\i0ijxc0k.default-1385691983497\user.js
    Folder Found : C:\ProgramData\Premium
    Folder Found : C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\5p3f20df.default\Extensions\anttoolbar@ant.com
    Folder Found : C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\6ksyry1b.default-1392547607755\Extensions\clickclean@hotcleaner.com
    Folder Found : C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\i0ijxc0k.default-1385691983497\Extensions\anttoolbar@ant.com
    Folder Found : C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\i0ijxc0k.default-1385691983497\Extensions\clickclean@hotcleaner.com
    Folder Found : C:\Users\Hans\AppData\Roaming\Systweak

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Myfree Codec
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : [x64] HKCU\Software\Conduit
    Key Found : [x64] HKCU\Software\Myfree Codec
    Key Found : [x64] HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Conduit
    Key Found : HKLM\SOFTWARE\Myfree Codec
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v0.0.0.0


    -\\ Mozilla Firefox v34.0.5 (x86 en-GB)


    *************************

    AdwCleaner[R0].txt - [1976 octets] - [13/01/2015 00:02:02]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2036 octets] ##########

    =========================================================================================

     

    JRT:

     

    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 7 Ultimate x64
    Ran by Hans on Tue 13/01/2015 at  0:15:42.80
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\wininit.ini"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



    ~~~ FireFox

    Successfully deleted: [File] C:\user.js



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 13/01/2015 at  0:19:06.79
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ===============================================
     

    Malwarebytes:

     

    Sorry, couldn't get it to produce a textfile. Had to attach it.

     

    Attached File  Malwarebytes scan log.JPG   94.91KB   0 downloads

     

     

    Thanks for all your help so far. Just hope it makes sense. Best regards.....Hans


    Edited by hansh2, 12 January 2015 - 10:27 AM.


    #6 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:05:26 AM

    Posted 12 January 2015 - 10:31 AM

    See if you can get the Malwarebytes log like this

     

    1. Open up Malwarebytes 
    2. Go to the History Tab
    3. Click on Application Logs
    4. Click on the last Scan Log you just ran
    5. Click on View
    6. Then on the Bottom click on Copy to Clipboard
    7. Then paste it into this thread
     
     
    Either way, run a new scan with FRST, checkmark Additions and post both new logs please

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #7 hansh2

    hansh2
    • Topic Starter

    • Members
    • 9 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Brisbane, Australia
    • Local time:08:26 PM

    Posted 12 January 2015 - 09:58 PM

    Hi Ken545,

    I think I've got the Malwarebytes log this time. Here are the 3 logs as requested:

     

    <?xml version="1.0" encoding="UTF-16" ?>
    <mbam-log>
    <header>
    <date>2015/01/13 00:57:04 +1000</date>
    <logfile>mbam-log-2015-01-13 (00-56-59).xml</logfile>
    <isadmin>yes</isadmin>
    </header>
    <engine>
    <version>2.00.4.1028</version>
    <malware-database>v2015.01.12.05</malware-database>
    <rootkit-database>v2015.01.07.01</rootkit-database>
    <license>premium</license>
    <file-protection>enabled</file-protection>
    <web-protection>enabled</web-protection>
    <self-protection>disabled</self-protection>
    </engine>
    <system>
    <osversion>Windows 7 Service Pack 1</osversion>
    <arch>x64</arch>
    <username>Hans</username>
    <filesys>NTFS</filesys>
    </system>
    <summary>
    <type>threat</type>
    <result>completed</result>
    <objects>345971</objects>
    <time>572</time>
    <processes>0</processes>
    <modules>0</modules>
    <keys>0</keys>
    <values>0</values>
    <datas>0</datas>
    <folders>0</folders>
    <files>0</files>
    <sectors>0</sectors>
    </summary>
    <options>
    <memory>enabled</memory>
    <startup>enabled</startup>
    <filesystem>enabled</filesystem>
    <archives>enabled</archives>
    <rootkits>enabled</rootkits>
    <deeprootkit>disabled</deeprootkit>
    <heuristics>enabled</heuristics>
    <pup>enabled</pup>
    <pum>enabled</pum>
    </options>
    <items>
    </items>
    </mbam-log>

    ---------------------------------------------------------------------------------------------------------------- 

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015
    Ran by Hans (administrator) on BLACKBEAUTY on 13-01-2015 12:38:41
    Running from C:\Users\Hans\Desktop
    Loaded Profile: Hans (Available profiles: Hans & DefaultAppPool)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (ArcSoft, Inc.) C:\Users\Hans\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
    (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
    (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    (Logitech©) C:\Program Files (x86)\Logitech\G35\G35.exe
    () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    (Microsoft Corporation) C:\Windows\System32\snmp.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    () C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465832 2010-09-07] (Realtek Semiconductor)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-08-01] (Logitech, Inc.)
    HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
    HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-03-24] (CANON INC.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
    HKLM-x32\...\Run: [Logitech G35] => C:\Program Files (x86)\Logitech\G35\G35.exe [1811800 2010-10-05] (Logitech©)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-2843025847-2041325122-3153672473-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2843025847-2041325122-3153672473-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Toolbar: HKLM - No Name - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} -  No File
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Tcpip\Parameters: [DhcpNameServer] 192.168.20.1
    Tcpip\..\Interfaces\{CF4C99F7-24C8-434C-AC4C-2EF7084A2D7C}: [NameServer] 220.233.0.4,220.233.0.3

    FireFox:
    ========
    FF ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\l3735z31.default-1421070460893
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-23]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-03-08]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-05]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-17]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-17] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-17] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-17] (Avast Software)
    R2 BackupService; C:\Users\Hans\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-02] (ArcSoft, Inc.)
    R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-14] (Microsoft Corporation)
    R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation)
    R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
    R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-17] ()
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-17] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-17] (AVAST Software)
    R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-17] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-17] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-17] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-17] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-17] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-17] ()
    S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
    S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
    S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
    S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-13] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-17] (Avast Software)
    U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
    S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-13 12:38 - 2015-01-13 12:39 - 00014396 _____ () C:\Users\Hans\Desktop\FRST.txt
    2015-01-13 12:37 - 2015-01-13 12:37 - 00002496 _____ () C:\Users\Hans\Desktop\mbam-log-2015-01-13 (00-56-59).xml
    2015-01-13 11:03 - 2015-01-13 11:04 - 00000197 _____ () C:\Windows\system32\2015-01-13-01-03-54.014-AvastVBoxSVC.exe-4156.log
    2015-01-13 00:55 - 2015-01-13 00:55 - 00000197 _____ () C:\Windows\system32\2015-01-12-14-55-05.069-AvastVBoxSVC.exe-3928.log
    2015-01-13 00:15 - 2015-01-13 00:15 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-13 00:09 - 2015-01-13 00:09 - 00000197 _____ () C:\Windows\system32\2015-01-12-14-09-18.048-AvastVBoxSVC.exe-4780.log
    2015-01-13 00:01 - 2015-01-13 00:08 - 00000000 ____D () C:\AdwCleaner
    2015-01-12 23:57 - 2015-01-12 23:57 - 00000197 _____ () C:\Windows\system32\2015-01-12-13-57-02.085-AvastVBoxSVC.exe-3740.log
    2015-01-12 16:59 - 2015-01-13 12:37 - 00000000 ____D () C:\Users\Hans\Desktop\Bleeping Comp
    2015-01-12 16:21 - 2015-01-12 16:21 - 02124288 _____ (Farbar) C:\Users\Hans\Desktop\FRST64.exe
    2015-01-12 15:48 - 2015-01-13 12:38 - 00000000 ____D () C:\FRST
    2015-01-12 15:33 - 2015-01-12 15:33 - 00000197 _____ () C:\Windows\system32\2015-01-12-05-33-57.006-AvastVBoxSVC.exe-3648.log
    2015-01-12 11:03 - 2015-01-12 11:03 - 00000197 _____ () C:\Windows\system32\2015-01-12-01-03-19.001-AvastVBoxSVC.exe-4044.log
    2015-01-11 21:42 - 2015-01-11 21:43 - 00000197 _____ () C:\Windows\system32\2015-01-11-11-42-23.006-AvastVBoxSVC.exe-4716.log
    2015-01-11 13:34 - 2015-01-11 13:34 - 00000247 _____ () C:\Windows\system32\2015-01-11-03-34-32.027-aswFe.exe-4972.log
    2015-01-11 13:31 - 2015-01-11 13:34 - 00000247 _____ () C:\Windows\system32\2015-01-11-03-31-05.075-aswFe.exe-3144.log
    2015-01-11 13:31 - 2015-01-11 13:31 - 00000197 _____ () C:\Windows\system32\2015-01-11-03-31-01.019-AvastVBoxSVC.exe-1480.log
    2015-01-11 13:31 - 2015-01-11 13:31 - 00000000 ____D () C:\Users\Hans\Documents\ProcAlyzer Dumps
    2015-01-11 11:35 - 2015-01-11 11:36 - 00000197 _____ () C:\Windows\system32\2015-01-11-01-35-43.038-AvastVBoxSVC.exe-4680.log
    2015-01-10 17:23 - 2015-01-10 17:23 - 00000197 _____ () C:\Windows\system32\2015-01-10-07-23-00.055-AvastVBoxSVC.exe-3492.log
    2015-01-10 10:42 - 2015-01-10 10:43 - 00000197 _____ () C:\Windows\system32\2015-01-10-00-42-23.033-AvastVBoxSVC.exe-4064.log
    2015-01-09 23:09 - 2015-01-09 23:09 - 00000197 _____ () C:\Windows\system32\2015-01-09-13-09-02.005-AvastVBoxSVC.exe-4008.log
    2015-01-09 16:37 - 2015-01-09 16:37 - 00000197 _____ () C:\Windows\system32\2015-01-09-06-37-16.039-AvastVBoxSVC.exe-4656.log
    2015-01-09 14:16 - 2015-01-09 14:16 - 00000197 _____ () C:\Windows\system32\2015-01-09-04-16-27.008-AvastVBoxSVC.exe-4692.log
    2015-01-09 10:58 - 2015-01-09 10:58 - 00000197 _____ () C:\Windows\system32\2015-01-09-00-58-06.048-AvastVBoxSVC.exe-4820.log
    2015-01-08 15:21 - 2015-01-08 15:21 - 00000197 _____ () C:\Windows\system32\2015-01-08-05-21-42.075-AvastVBoxSVC.exe-3504.log
    2015-01-08 09:51 - 2015-01-08 09:51 - 00000197 _____ () C:\Windows\system32\2015-01-07-23-51-25.099-AvastVBoxSVC.exe-3692.log
    2015-01-07 16:41 - 2015-01-07 16:41 - 00000197 _____ () C:\Windows\system32\2015-01-07-06-41-45.050-AvastVBoxSVC.exe-3900.log
    2015-01-07 10:34 - 2015-01-07 10:34 - 00000197 _____ () C:\Windows\system32\2015-01-07-00-34-09.034-AvastVBoxSVC.exe-4580.log
    2015-01-06 12:55 - 2015-01-06 12:55 - 00000197 _____ () C:\Windows\system32\2015-01-06-02-55-36.047-AvastVBoxSVC.exe-3472.log
    2015-01-06 09:13 - 2015-01-06 09:14 - 00000197 _____ () C:\Windows\system32\2015-01-05-23-13-48.042-AvastVBoxSVC.exe-3632.log
    2015-01-05 16:24 - 2015-01-05 16:24 - 00000197 _____ () C:\Windows\system32\2015-01-05-06-24-01.027-AvastVBoxSVC.exe-3544.log
    2015-01-05 11:23 - 2015-01-05 11:24 - 00000197 _____ () C:\Windows\system32\2015-01-05-01-23-30.006-AvastVBoxSVC.exe-3732.log
    2015-01-04 21:40 - 2015-01-04 21:40 - 00000197 _____ () C:\Windows\system32\2015-01-04-11-40-40.099-AvastVBoxSVC.exe-4080.log
    2015-01-04 15:05 - 2015-01-04 15:06 - 00000197 _____ () C:\Windows\system32\2015-01-04-05-05-58.019-AvastVBoxSVC.exe-3844.log
    2015-01-04 11:36 - 2015-01-04 11:37 - 00000197 _____ () C:\Windows\system32\2015-01-04-01-36-57.045-AvastVBoxSVC.exe-4796.log
    2015-01-03 11:30 - 2015-01-03 11:31 - 00000197 _____ () C:\Windows\system32\2015-01-03-01-30-33.075-AvastVBoxSVC.exe-4672.log
    2015-01-02 20:44 - 2015-01-02 20:45 - 00000197 _____ () C:\Windows\system32\2015-01-02-10-44-45.038-AvastVBoxSVC.exe-3568.log
    2015-01-02 15:47 - 2015-01-02 15:47 - 00000197 _____ () C:\Windows\system32\2015-01-02-05-47-40.026-AvastVBoxSVC.exe-3464.log
    2015-01-02 09:41 - 2015-01-02 09:41 - 00000197 _____ () C:\Windows\system32\2015-01-01-23-41-05.076-AvastVBoxSVC.exe-3624.log
    2015-01-01 22:49 - 2015-01-01 22:49 - 00000197 _____ () C:\Windows\system32\2015-01-01-12-49-12.097-AvastVBoxSVC.exe-2184.log
    2015-01-01 16:17 - 2015-01-01 16:17 - 00000197 _____ () C:\Windows\system32\2015-01-01-06-17-38.011-AvastVBoxSVC.exe-4324.log
    2015-01-01 10:54 - 2015-01-01 10:55 - 00000197 _____ () C:\Windows\system32\2015-01-01-00-54-59.071-AvastVBoxSVC.exe-4848.log
    2014-12-31 16:22 - 2014-12-31 16:22 - 00000197 _____ () C:\Windows\system32\2014-12-31-06-22-43.043-AvastVBoxSVC.exe-3704.log
    2014-12-31 13:24 - 2014-12-31 13:24 - 00001424 _____ () C:\Users\Hans\Desktop\1) Glucose to 31-3-15.xlsx.lnk
    2014-12-31 11:07 - 2014-12-31 11:08 - 00000197 _____ () C:\Windows\system32\2014-12-31-01-07-52.093-AvastVBoxSVC.exe-4224.log
    2014-12-30 16:15 - 2014-12-30 16:15 - 00000197 _____ () C:\Windows\system32\2014-12-30-06-15-18.090-AvastVBoxSVC.exe-3388.log
    2014-12-30 11:30 - 2014-12-30 11:31 - 00000197 _____ () C:\Windows\system32\2014-12-30-01-30-56.077-AvastVBoxSVC.exe-3704.log
    2014-12-29 16:43 - 2014-12-29 16:44 - 00000197 _____ () C:\Windows\system32\2014-12-29-06-43-49.037-AvastVBoxSVC.exe-3900.log
    2014-12-29 11:32 - 2014-12-29 11:33 - 00000197 _____ () C:\Windows\system32\2014-12-29-01-32-21.064-AvastVBoxSVC.exe-3864.log
    2014-12-28 11:29 - 2014-12-28 11:29 - 00000197 _____ () C:\Windows\system32\2014-12-28-01-29-16.091-AvastVBoxSVC.exe-4308.log
    2014-12-27 11:27 - 2014-12-27 11:27 - 00000197 _____ () C:\Windows\system32\2014-12-27-01-27-13.019-AvastVBoxSVC.exe-4576.log
    2014-12-26 18:57 - 2014-12-26 18:57 - 00000247 _____ () C:\Windows\system32\2014-12-26-08-57-49.055-aswFe.exe-1444.log
    2014-12-26 18:54 - 2014-12-26 18:57 - 00000247 _____ () C:\Windows\system32\2014-12-26-08-54-46.055-aswFe.exe-4628.log
    2014-12-26 18:54 - 2014-12-26 18:54 - 00000197 _____ () C:\Windows\system32\2014-12-26-08-54-43.011-AvastVBoxSVC.exe-5252.log
    2014-12-26 16:47 - 2014-12-26 16:47 - 00000197 _____ () C:\Windows\system32\2014-12-26-06-47-15.091-AvastVBoxSVC.exe-4332.log
    2014-12-26 13:23 - 2014-12-26 13:23 - 00000197 _____ () C:\Windows\system32\2014-12-26-03-23-09.023-AvastVBoxSVC.exe-4068.log
    2014-12-26 11:13 - 2014-12-26 11:14 - 00000197 _____ () C:\Windows\system32\2014-12-26-01-13-55.087-AvastVBoxSVC.exe-4496.log
    2014-12-25 16:20 - 2014-12-25 16:20 - 00000197 _____ () C:\Windows\system32\2014-12-25-06-20-28.057-AvastVBoxSVC.exe-4016.log
    2014-12-25 11:08 - 2014-12-25 11:09 - 00000197 _____ () C:\Windows\system32\2014-12-25-01-08-27.040-AvastVBoxSVC.exe-4748.log
    2014-12-24 21:50 - 2014-12-24 21:51 - 00000197 _____ () C:\Windows\system32\2014-12-24-11-50-50.043-AvastVBoxSVC.exe-2512.log
    2014-12-24 17:08 - 2014-12-24 17:08 - 00000197 _____ () C:\Windows\system32\2014-12-24-07-08-36.077-AvastVBoxSVC.exe-4784.log
    2014-12-24 13:37 - 2014-12-24 13:37 - 00000197 _____ () C:\Windows\system32\2014-12-24-03-37-39.091-AvastVBoxSVC.exe-3688.log
    2014-12-24 10:49 - 2014-12-24 10:49 - 00000197 _____ () C:\Windows\system32\2014-12-24-00-49-27.076-AvastVBoxSVC.exe-3656.log
    2014-12-23 16:20 - 2014-12-23 16:20 - 00000197 _____ () C:\Windows\system32\2014-12-23-06-20-31.020-AvastVBoxSVC.exe-3828.log
    2014-12-23 13:57 - 2014-12-23 13:57 - 00000197 _____ () C:\Windows\system32\2014-12-23-03-57-40.011-AvastVBoxSVC.exe-3856.log
    2014-12-23 10:48 - 2014-12-23 10:48 - 00000197 _____ () C:\Windows\system32\2014-12-23-00-48-06.048-AvastVBoxSVC.exe-3564.log
    2014-12-22 16:47 - 2014-12-22 16:47 - 00000197 _____ () C:\Windows\system32\2014-12-22-06-47-49.059-AvastVBoxSVC.exe-3772.log
    2014-12-22 12:25 - 2014-12-22 12:25 - 00000197 _____ () C:\Windows\system32\2014-12-22-02-25-51.062-AvastVBoxSVC.exe-3632.log
    2014-12-22 09:14 - 2014-12-22 09:14 - 00000197 _____ () C:\Windows\system32\2014-12-21-23-14-09.089-AvastVBoxSVC.exe-2076.log
    2014-12-21 22:23 - 2014-12-21 22:23 - 00000197 _____ () C:\Windows\system32\2014-12-21-12-23-44.029-AvastVBoxSVC.exe-3500.log
    2014-12-21 22:01 - 2014-12-21 22:01 - 00000197 _____ () C:\Windows\system32\2014-12-21-12-01-12.003-AvastVBoxSVC.exe-3428.log
    2014-12-21 21:51 - 2014-10-18 12:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-12-21 21:51 - 2014-10-18 11:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2014-12-21 21:50 - 2014-11-25 08:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-12-21 21:50 - 2014-11-25 07:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2014-12-21 21:50 - 2014-11-25 07:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-12-21 21:50 - 2014-11-25 07:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-12-21 21:50 - 2014-11-25 07:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-12-21 21:50 - 2014-11-25 07:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-12-21 21:50 - 2014-11-25 07:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-12-21 21:50 - 2014-11-25 07:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-12-21 21:50 - 2014-11-25 07:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-12-21 21:50 - 2014-11-25 07:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-12-21 21:50 - 2014-11-25 07:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-12-21 21:50 - 2014-11-25 07:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-12-21 21:50 - 2014-11-25 07:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-12-21 21:50 - 2014-11-25 07:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-12-21 21:50 - 2014-11-25 07:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-12-21 21:50 - 2014-11-25 07:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-12-21 21:50 - 2014-11-25 07:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-12-21 21:50 - 2014-11-25 07:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-12-21 21:50 - 2014-11-25 07:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-12-21 21:50 - 2014-11-25 07:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-12-21 21:50 - 2014-11-25 07:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-12-21 21:50 - 2014-11-25 07:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-12-21 21:50 - 2014-11-25 06:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2014-12-21 21:50 - 2014-11-25 06:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-12-21 21:50 - 2014-11-25 06:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-12-21 21:50 - 2014-11-25 06:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-12-21 21:50 - 2014-11-25 06:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-12-21 21:50 - 2014-11-25 06:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-12-21 21:50 - 2014-11-25 06:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-12-21 21:50 - 2014-11-25 06:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2014-12-21 21:50 - 2014-11-25 06:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-12-21 21:50 - 2014-11-25 06:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-12-21 21:50 - 2014-11-25 06:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-12-21 21:50 - 2014-11-25 06:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-12-21 21:50 - 2014-11-25 06:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-12-21 21:50 - 2014-11-25 06:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-12-21 21:50 - 2014-11-25 06:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2014-12-21 21:50 - 2014-11-25 06:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-12-21 21:50 - 2014-11-25 06:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-12-21 21:50 - 2014-11-25 06:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-12-21 21:50 - 2014-11-25 06:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-12-21 21:50 - 2014-11-25 06:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-12-21 21:50 - 2014-11-25 06:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2014-12-21 21:50 - 2014-11-25 06:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2014-12-21 21:50 - 2014-11-11 13:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-12-21 21:50 - 2014-11-11 12:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-12-21 21:50 - 2014-11-11 11:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2014-12-21 21:50 - 2014-11-08 13:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-12-21 21:50 - 2014-11-08 12:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-12-21 21:50 - 2014-10-30 12:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2014-12-21 21:50 - 2014-10-30 11:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
    2014-12-21 21:50 - 2014-10-03 12:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2014-12-21 21:50 - 2014-10-03 12:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2014-12-21 21:50 - 2014-10-03 12:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2014-12-21 21:50 - 2014-10-03 12:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2014-12-21 21:50 - 2014-10-03 12:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2014-12-21 21:50 - 2014-10-03 11:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2014-12-21 21:50 - 2014-10-03 11:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2014-12-21 21:50 - 2014-10-03 11:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2014-12-21 21:50 - 2014-10-03 11:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2014-12-21 21:50 - 2014-10-03 11:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2014-12-21 21:38 - 2014-12-21 21:38 - 00000197 _____ () C:\Windows\system32\2014-12-21-11-38-10.074-AvastVBoxSVC.exe-3840.log
    2014-12-21 21:36 - 2014-11-17 13:20 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-13 12:28 - 2014-08-30 22:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-13 12:15 - 2013-10-04 17:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-13 11:08 - 2009-07-14 14:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-13 11:08 - 2009-07-14 14:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-13 11:07 - 2013-11-29 20:55 - 01277400 ____N () C:\Windows\WindowsUpdate.log
    2015-01-13 11:05 - 2012-03-20 12:45 - 00000000 ____D () C:\Users\Hans\AppData\Roaming\MailWasherFree
    2015-01-13 11:03 - 2013-10-04 17:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-13 11:02 - 2010-10-14 21:24 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
    2015-01-13 11:02 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-13 00:28 - 2014-03-30 13:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-01-13 00:07 - 2013-06-03 20:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-01-12 15:51 - 2009-07-14 15:13 - 00862872 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-12 15:35 - 2014-03-30 22:14 - 00000000 ____D () C:\Windows\Minidump
    2015-01-11 18:16 - 2011-01-24 21:15 - 00000000 ____D () C:\Users\Hans\Desktop\Miscell
    2015-01-10 22:06 - 2011-01-24 21:19 - 00000000 ____D () C:\Users\Hans\Desktop\Silverpeers
    2015-01-08 15:19 - 2010-10-14 12:46 - 00000000 ____D () C:\Users\Hans
    2015-01-08 15:17 - 2014-12-09 21:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-08 15:17 - 2014-08-04 12:23 - 00000000 ____D () C:\Users\DefaultAppPool
    2015-01-08 15:17 - 2013-07-31 13:59 - 00000000 ____D () C:\Windows\system32\BestPractices
    2015-01-08 15:17 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
    2015-01-08 15:17 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\inetsrv
    2015-01-08 15:17 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\registration
    2015-01-08 15:17 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\AppCompat
    2015-01-08 15:16 - 2013-07-31 13:59 - 00000000 ____D () C:\inetpub
    2015-01-08 15:16 - 2010-10-14 17:46 - 00000000 ____D () C:\Users\Hans\AppData\Roaming\Skype
    2015-01-07 13:11 - 2014-01-18 19:08 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-01-07 13:11 - 2014-01-18 19:08 - 00000000 ____D () C:\Program Files\CCleaner
    2015-01-03 19:52 - 2010-11-01 16:36 - 00000000 ___RD () C:\Users\Hans\Desktop\Briefcase (A)
    2015-01-02 23:32 - 2011-12-23 11:18 - 00000000 ____D () C:\Users\Hans\Desktop\Odds & Ends
    2014-12-27 15:11 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-12-25 16:57 - 2011-12-25 17:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-12-24 20:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
    2014-12-21 22:18 - 2014-09-13 13:59 - 00000000 ____D () C:\Users\Hans\AppData\Local\Adobe
    2014-12-21 22:18 - 2013-11-06 18:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-12-21 22:18 - 2013-11-06 18:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-21 21:56 - 2013-07-11 10:23 - 00000000 ____D () C:\Windows\system32\MRT
    2014-12-21 21:52 - 2010-10-15 10:37 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-12-21 21:30 - 2014-12-06 20:29 - 00000000 ____D () C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP (x64)
    2014-12-21 21:30 - 2011-12-21 11:40 - 00000000 ____D () C:\Windows\system32\Macromed
    2014-12-21 21:30 - 2010-10-14 21:35 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
    2014-12-21 21:30 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\servicing
    2014-12-21 21:30 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-12-18 18:18 - 2009-07-14 15:08 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

    Files to move or delete:
    ====================
    C:\Users\Hans\cnmss Canon MP560 series Printer (Local).dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-04 20:05

    ==================== End Of Log ============================

    ----------------------------------------------------------------------------------------------------------------------

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015
    Ran by Hans at 2015-01-13 12:39:20
    Running from C:\Users\Hans\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Any Video Converter 5.6.4 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
    Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
    Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.56.01 - Broadcom Corporation)
    CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
    Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
    Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
    Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
    Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
    Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version:  - )
    eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Logitech G35 (HKLM\...\{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}) (Version: 1.1.178 - Logitech)
    Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
    Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
    Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
    Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
    LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
    MailWasher Free 6.5.4 (HKLM-x32\...\MailWasher Free_is1) (Version:  - FireTrust Limited)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
    Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
    MyFreeCodec (HKU\S-1-5-21-2843025847-2041325122-3153672473-1000\...\MyFreeCodec) (Version:  - )
    NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
    NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
    NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
    PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
    PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.4 - Sophos Limited)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    TuneUp Utilities 2014 (en-GB) (x32 Version: 14.0.1000.90 - TuneUp Software) Hidden
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Windows Driver Package - eMPIA Technology (USB28xxBGA) Media  (12/02/2009 5.2009.1202.0) (HKLM\...\9FB0FFCEBDD18CDE064ABAEB5BDA53CA8F892859) (Version: 12/02/2009 5.2009.1202.0 - eMPIA Technology)
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points  =========================

    15-10-2014 12:21:07 Windows Update
    22-10-2014 15:50:46 Scheduled Checkpoint
    24-10-2014 18:39:41 Restore Operation
    02-11-2014 12:42:43 Scheduled Checkpoint
    13-11-2014 17:48:01 Windows Update
    17-11-2014 13:18:16 avast! antivirus system restore point
    17-11-2014 13:20:56 Device Driver Package Install: Avast Network Service
    19-11-2014 19:28:06 Windows Update
    20-11-2014 16:36:56 after boot-scan
    28-11-2014 11:41:09 Scheduled Checkpoint
    30-11-2014 20:26:59 Windows Backup
    30-11-2014 21:32:59 Windows Backup
    10-12-2014 11:31:41 Windows Update
    12-12-2014 12:56:54 Windows Update
    21-12-2014 17:24:29 Restore Operation
    21-12-2014 17:30:18 avast! antivirus system restore point
    21-12-2014 17:32:18 Device Driver Package Install: Avast Network Service
    21-12-2014 17:36:48 Windows Update
    21-12-2014 19:57:30 Restore Operation
    21-12-2014 21:33:42 avast! antivirus system restore point
    21-12-2014 21:37:29 Device Driver Package Install: Avast Network Service
    21-12-2014 21:50:50 Windows Update
    30-12-2014 13:06:18 Scheduled Checkpoint
    06-01-2015 17:17:46 Scheduled Checkpoint
    08-01-2015 13:11:53 Windows Modules Installer
    08-01-2015 15:14:50 Restore Operation

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-01-12 23:51 - 2015-01-12 23:51 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {03A71A88-5879-4AC5-92DE-CE2A3FF8B5C6} - System32\Tasks\{53E2B534-45DB-45B3-8E89-B96F2754EE69} => pcalua.exe -a "F:\HP SimpleSave Application\BackupServiceInstaller.exe" -d "F:\HP SimpleSave Application"
    Task: {1BEB59FD-B278-4525-AFC1-20D642BCB971} - System32\Tasks\{51E5AC9F-77C7-4B72-B57E-60057657C547} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
    Task: {21F4ABE3-BAB8-407A-8BFB-8D655A076C9B} - System32\Tasks\Malwarebytes Anti-Exploit => C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe
    Task: {37DAF3C0-9E0B-46BD-B7CB-9820EA561B7A} - System32\Tasks\{ED75701C-A014-497A-8F78-03768BB96A17} => pcalua.exe -a C:\Users\Hans\AppData\Roaming\SystemRequirementsLab\SystemRequirementsLab.exe -d C:\Users\Hans\AppData\Roaming\SystemRequirementsLab
    Task: {38ADAAF5-D095-4A5D-B493-FE11BCF02B61} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-04] (Google Inc.)
    Task: {47E78CC9-6B09-4CB0-933F-5DD0A80AE8AE} - System32\Tasks\{9D542CE4-1511-43B3-8653-6C60B23B53EB} => pcalua.exe -a "C:\Program Files (x86)\Safer Networking\RunAlyzer\RunAlyzer.exe" -d "C:\Program Files (x86)\Safer Networking\RunAlyzer"
    Task: {73DC2F5E-C0DC-40FF-A9E5-B45EFD3B6631} - System32\Tasks\{D98C31DF-10DB-4F6E-9287-66D65783852E} => C:\Users\Hans\Desktop\dotnetfx35setup.exe
    Task: {77865963-CF4D-460C-83AF-6951319987B2} - System32\Tasks\{37339C1A-C70A-4E36-8DCF-C54F64722B35} => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\vstudio.exe
    Task: {7B301766-332C-42D6-899B-ECF95321DB7C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
    Task: {8322BD2F-F6B0-450F-A6ED-80DF08F393E4} - System32\Tasks\{B3A2D171-5B78-4C8A-9CB6-B5226A76F5D6} => Firefox.exe http://ui.skype.com/ui/0/5.1.0.112/en/eula
    Task: {8864A2CE-260E-49E1-A94C-97A7875A3828} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-04] (Google Inc.)
    Task: {8D9CBCAB-CDD1-466D-BAF3-448970947081} - System32\Tasks\{7357AB4C-4C38-4598-9793-98201A9E58E9} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/en/eula
    Task: {8F7C4A14-BBBC-4E2F-A54C-A5F3AFEEC393} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {983FD6C9-766E-466F-BC38-5EA624C01567} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {B18A4530-E268-4B4B-9EC5-D5F8073E8E0C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-17] (AVAST Software)
    Task: {CEFB50A4-DCF8-496A-95A3-A6BC0E35FEDE} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
    Task: {D2FAB7D4-A9D9-482D-8220-3C03EFF28DDF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-13] (Piriform Ltd)
    Task: {D554C28B-EB18-41EE-AED6-727C1014701F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {E18C5B07-A443-4C55-B0F9-C630B34D99A0} - System32\Tasks\{5432ADC1-46B4-44E8-9305-C8FE06535391} => pcalua.exe -a C:\Windows\SysWOW64\DivXControlPanelApplet.cpl -c DivX Control Panel
    Task: {EB54E72B-42A1-4600-981D-BE17C9098324} - System32\Tasks\{72FE42EF-3651-4609-829B-635C4023A45B} => Firefox.exe
    Task: {F94003CB-F2DD-4EA9-8E01-9F83B6EA7845} - System32\Tasks\{FD5FD4AB-3674-4AAE-8CBD-C5FB1898847C} => pcalua.exe -a C:\Users\Hans\Desktop\mproxy12.exe -d C:\Users\Hans\Desktop
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Malwarebytes Anti-Exploit.job => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe

    ==================== Loaded Modules (whitelisted) =============

    2012-11-14 10:35 - 2014-07-03 04:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2011-11-11 14:07 - 2011-11-11 14:07 - 00265240 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    2011-08-12 12:19 - 2011-08-12 12:19 - 00680984 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    2014-11-17 13:19 - 2014-11-17 13:19 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
    2014-11-17 13:19 - 2014-11-17 13:19 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
    2015-01-12 19:33 - 2015-01-12 19:33 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011200\algo.dll
    2014-11-17 13:19 - 2014-11-17 13:19 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
    2015-01-13 11:03 - 2015-01-13 11:03 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011201\algo.dll
    2014-08-29 18:08 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-08-29 18:08 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-08-29 18:08 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-08-29 18:08 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2014-08-29 18:08 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2011-08-12 12:18 - 2011-08-12 12:18 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
    2011-08-12 12:18 - 2011-08-12 12:18 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
    2011-08-12 12:18 - 2011-08-12 12:18 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
    2011-08-12 12:18 - 2011-08-12 12:18 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
    2011-08-12 12:18 - 2011-08-12 12:18 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
    2011-11-11 14:09 - 2011-11-11 14:09 - 00336408 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
    2014-11-17 13:20 - 2014-11-17 13:20 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-12-09 21:23 - 2014-12-09 21:23 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2843025847-2041325122-3153672473-500 - Administrator - Disabled)
    Guest (S-1-5-21-2843025847-2041325122-3153672473-501 - Limited - Disabled)
    Hans (S-1-5-21-2843025847-2041325122-3153672473-1000 - Administrator - Enabled) => C:\Users\Hans

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/13/2015 00:18:42 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
    Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2843025847-2041325122-3153672473-1000}/">.

    Error: (01/13/2015 00:24:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 300

    Start Time: 01d02e7350686eec

    Termination Time: 16

    Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

    Report Id: a1d9a754-9a66-11e4-adc9-00224d4b5c5d


    System errors:
    =============
    Error: (01/13/2015 11:03:16 AM) (Source: SNMP) (EventID: 1500) (User: )
    Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

    Error: (01/13/2015 11:02:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
    %%1058

    Error: (01/13/2015 00:53:03 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

    Error: (01/13/2015 00:52:26 AM) (Source: SNMP) (EventID: 1500) (User: )
    Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

    Error: (01/13/2015 00:52:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
    %%1058


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
      Date: 2014-05-13 21:37:05.280
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-05-13 21:37:05.218
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-05-10 17:57:09.912
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-05-10 17:57:09.862
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-05-10 17:54:28.895
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-05-10 17:54:28.848
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-05-10 17:53:55.901
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-05-10 17:53:55.854
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-05-10 17:52:17.122
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-05-10 17:52:17.075
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
    Percentage of memory in use: 41%
    Total physical RAM: 4084.6 MB
    Available physical RAM: 2406.32 MB
    Total Pagefile: 8167.38 MB
    Available Pagefile: 6104.03 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:471.97 GB) (Free:392.65 GB) NTFS
    Drive e: (New Volume) (Fixed) (Total:459.44 GB) (Free:446.55 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CF8AB8B9)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=472 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=459.4 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

     

     

    Hope that throws some light on the subject.

    Ken, please note that I uninstalled "Chrome" sometime last year but I noticed some remnants are still showing up.

    Thanks again.......Hans



    #8 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:05:26 AM

    Posted 12 January 2015 - 10:50 PM

    Your logs look pretty healthy, that bad proxy server is gone and we reset your hosts file

     

    How is your system behaving now , any trouble with Malwarebytes finding a bad Firefox connection ?


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #9 hansh2

    hansh2
    • Topic Starter

    • Members
    • 9 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Brisbane, Australia
    • Local time:08:26 PM

    Posted 12 January 2015 - 11:25 PM

    Hi Ken545,

    Just ran Malwarebytes and the log is as clean as the one I sent you earlier.

    The computer is running like a charm but as requested I am only running Firefox without any plug-in or add-ons’.

    I think I should discard the old Firefox data and re-install the plug-in I need?

     

    Also, since I have uninstalled CHROME last year, should I delete the FOUR items shown on the FARBAR scan?

     

    I am absolutely delighted with your assistance and the results. Don't know how to repay the favours but will look at PayPal closely.

     

    Many, many thanks also for a quick response on the above two questions. Very kind regards....Hans 


    Edited by ken545, 13 January 2015 - 07:37 AM.
    Removed last name


    #10 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:05:26 AM

    Posted 13 January 2015 - 07:41 AM

    Morning  Hans

     

    I removed your last name for your last post, its not a good idea to post any personal info like full name, email address, phone numbers and things like that in the forums.

     

    As far as browsers, we all have our favorite. I used Firefox for years but there starting to slip in popularity lately, right now I use Chome almost 99% of the time, if you dont want it thats fine but if you would like to reinstall here is a link

     https://support.google.com/chrome/answer/95346?hl=en

     

    But if you dont want it let me know and we can remove those entries from FRST


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #11 hansh2

    hansh2
    • Topic Starter

    • Members
    • 9 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Brisbane, Australia
    • Local time:08:26 PM

    Posted 13 January 2015 - 09:04 AM

    Hi Ken and good morning to you,

    I appreciate your removal of my last name. Should have known that danger myself but was so elated with result that I overlooked it.

     

    I will leave the remnants of Chrome and have another look at using it in a day or two. Had lots of incompatible programs when using Chrome but that may have been sorted now.

    In the meantime I have deleted all the old Firefox data that was saved before using FRST, and have reinstalled some of the plugins I am using. All is fine and working well and another scan showed nothing at all.

    Also ran an Avast Bootscan and found nothing. Should be plain sailing from here on.

    Once again, I am grateful for your help and thank you very much. Have a brilliant day.....H. :clapping:


    Edited by hansh2, 13 January 2015 - 09:06 AM.


    #12 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:05:26 AM

    Posted 13 January 2015 - 09:16 AM

    Great :)

     

    Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
  •  
     
    ==========================================================
     
     
    Please download DelFix and save the file to your Desktop.
     
    DelFix_zps139e2ea1.jpg
     
  • Windows XP Double Click DelFix.exe to run the program. 
  • Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR 
  • Checkmark " Remove Disinfection Tools"
  • Click the Run button
  •  
    This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually
     
     
     
    ==========================================================
     
     
     
    How did I get infected in the first place ?    
    Read these links and find out how to prevent getting infected again.
  • Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
  •  
     
    Safe Surfn
    Ken

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #13 hansh2

    hansh2
    • Topic Starter

    • Members
    • 9 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Brisbane, Australia
    • Local time:08:26 PM

    Posted 13 January 2015 - 09:33 PM

    Hi Ken,

     

    Have done as requested and all uninstalled perfectly.

     

    Will read the suggested tutorials to avoid any future infections.

     

    Fantastic work and many thanks one more time.

     

    Hans :thumbup2:



    #14 hansh2

    hansh2
    • Topic Starter

    • Members
    • 9 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Brisbane, Australia
    • Local time:08:26 PM

    Posted 13 January 2015 - 09:38 PM

    Hi Ken,

     

    Have done as requested and all tools uninstalled perfectly.

    Many thanks once again. Your assistance was wonderful.

    Will read the tutorials to avoid future problems.

    Kindest regards....Hans :thumbup2:



    #15 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:05:26 AM

    Posted 13 January 2015 - 10:04 PM

    Your welcome my friend

     

    Take care

     

    Ken :)


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users