Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search.conduit.com tool bar disabling browsers


  • This topic is locked This topic is locked
178 replies to this topic

#1 daveyden

daveyden

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 17 April 2014 - 05:39 PM

Hello, my pc has picked up an unwanted tool bar,(search.conduit.com), from somewhere, (probably when downloading gnutella turbo), and it has disabled my chosen search engines, Chrome and I.E.

I've tried removal and clean up tools, but to no avail. I am hoping that the logs I am planning on submitting with this request may shed some light on the problem and enable some kind soul out there to point me in the right direction to fixing this annoying intrusion! Many thanks in advance...Attached File  attach.txt   1.88KB   4 downloadsAttached File  dds.txt   10.73KB   5 downloads



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:09 PM

Posted 19 April 2014 - 02:06 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
 
81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------
 
 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:09 PM

Posted 21 April 2014 - 07:59 PM

Still with me?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#4 daveyden

daveyden
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 22 April 2014 - 05:17 AM

Hi, I was advised to re-set browser settings in the CHROME menu, and this seems to have done the trick. If I'm being premature and the problem re-occurs I will follow your steps above and send the logs in the next 24 hrs. Thank you kindly for your support here, it's greatly appreciated.

                                                                                                                                   Regards, Daveyden



#5 daveyden

daveyden
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 22 April 2014 - 03:30 PM

Hi Jeff, are you still able to help? My browsers seem to be running alright, but when I do a full scan on my pc with spybot or avast, a great number, (1,000's!) of files are marked "virtumonde", which I have discovered on the forum's not very desirable. My anti-virus/spyware programs see it but don't report it as a threat. I bought this laptop (Asus x550c) with Windows 8, which I upgraded to 8.1...and I have trouble cutting/pasting, so if you can still help me, please be patient! My other laptop is a Dell Vostro 1000 basic, which shows exactly the same thing when I do a scan, yet the 2 machines have never been connected/synced. In fact Dell which runs Vista has been showing Virtumonde in the scan process for years, leading me to believe that it was quite normal to have it there. Again, would be very grateful if you could shed some light on this, also...is it safe to send logs/info to you?...I'm sure it must be but I'm worried about the bad guys getting too much info on my pc! Thanks...



#6 daveyden

daveyden
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 22 April 2014 - 04:32 PM

have run adw cleaner, got log file on notebook, but am unsure how to cut and paste it here,duh..I know!



#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:09 PM

Posted 22 April 2014 - 06:47 PM

but am unsure how to cut and paste it here,duh..I know!

 

No worries.   :)

 

Just open the text file made by AdwCleaner >> highlight all of the text within and then press the right button on your mouse >> select Copy >> start a new reply here and then right-click into the area you would normally reply in and select Paste.  All of the text from the AdwCleaner log should pop up in the reply.   :)


Edited by jeffce, 22 April 2014 - 06:48 PM.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#8 daveyden

daveyden
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 23 April 2014 - 06:55 AM

# AdwCleaner v3.201 - Report created 23/04/2014 at 12:50:28
# Updated 22/04/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Dave - DAVE-PC
# Running from : C:\Users\Dave\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook.lnk
File Found : C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Youtube.lnk
Folder Found C:\Program Files (x86)\myfree codec
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found : HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\Software\Myfree Codec
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=
Found [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=
Found [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=
Found [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=
Found [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=
Found [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=
Found [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=
Found [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=
Found [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [4003 octets] - [23/04/2014 12:50:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4063 octets] ##########


#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:09 PM

Posted 23 April 2014 - 06:56 AM

Good job!!   :)
 
81mYIKe.jpg  AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 

N4qAiMQ.jpgFRST
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 daveyden

daveyden
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 23 April 2014 - 07:05 AM

# AdwCleaner v3.201 - Report created 23/04/2014 at 13:01:11
# Updated 22/04/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Dave - DAVE-PC
# Running from : C:\Users\Dave\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\Program Files (x86)\myfree codec
File Deleted : C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook.lnk
File Deleted : C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Youtube.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Startup_urls] : 
Deleted [Startup_urls] : 
Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=
Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=
Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [4155 octets] - [23/04/2014 12:50:28]
AdwCleaner[S0].txt - [2866 octets] - [23/04/2014 13:01:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2926 octets] ##########


#11 daveyden

daveyden
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 23 April 2014 - 07:18 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Dave (administrator) on DAVE-PC on 23-04-2014 13:11:51
Running from C:\Users\Dave\Downloads
Windows 8.1 (X64) OS Language: English(UK)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-15] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5580752 2013-12-19] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1462308946-1636989493-4254834989-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-1462308946-1636989493-4254834989-1001\...\Run: [Google Update] => C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-16] (Google Inc.)
HKU\S-1-5-21-1462308946-1636989493-4254834989-1001\...\Run: [Google+ Auto Backup] => C:\Users\Dave\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3701064 2014-03-26] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 - C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Dave\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Dave\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=", "hxxp://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV="
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-15]
CHR Extension: (Google Drive) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-15]
CHR Extension: (YouTube) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-15]
CHR Extension: (Google Search) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-15]
CHR Extension: (AdBlock) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-15]
CHR Extension: (avast! Online Security) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-15]
CHR Extension: (Guitar Chords) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\megglpjmadjmghjegnallnhiknjnnjhh [2014-02-15]
CHR Extension: (Google Wallet) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-15]
CHR Extension: (Picasa) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-02-15]
CHR Extension: (Gmail) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-15]
 
==================== Services (Whitelisted) =================
 
R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-15] (AVAST Software)
R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3666392 2013-12-19] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2729432 2013-12-19] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-12-19] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-15] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-15] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-23] (ASUS Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-02-15] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-02-15] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-23 13:11 - 2014-04-23 13:12 - 00016174 _____ () C:\Users\Dave\Downloads\FRST.txt
2014-04-23 13:09 - 2014-04-23 13:11 - 00000000 ____D () C:\FRST
2014-04-23 13:09 - 2014-04-23 13:09 - 02061312 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe
2014-04-23 12:49 - 2014-04-23 13:01 - 00000000 ____D () C:\AdwCleaner
2014-04-23 12:47 - 2014-04-23 12:47 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Mozilla
2014-04-23 12:46 - 2014-04-23 12:46 - 01345299 _____ () C:\Users\Dave\Downloads\AdwCleaner.exe
2014-04-21 12:53 - 2014-04-21 12:53 - 00066710 _____ () C:\Users\Dave\Downloads\Extras.Txt
2014-04-21 12:52 - 2014-04-21 12:52 - 00113524 _____ () C:\Users\Dave\Downloads\OTL.Txt
2014-04-21 12:40 - 2014-04-21 12:40 - 00602112 _____ (OldTimer Tools) C:\Users\Dave\Downloads\OTL.exe
2014-04-20 19:44 - 2014-04-20 21:37 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 19:44 - 2014-04-20 19:44 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-20 19:44 - 2014-04-20 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-20 19:44 - 2014-04-20 19:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-20 19:44 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-20 19:44 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-20 19:44 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-15 10:27 - 2014-04-15 10:27 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-04-15 10:27 - 2014-04-15 10:27 - 00001984 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-12 15:23 - 2014-04-15 10:32 - 00000914 _____ () C:\WINDOWS\PFRO.log
2014-04-10 13:06 - 2014-02-15 16:31 - 00450712 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140410-130618.backup
2014-04-09 12:30 - 2014-03-31 02:16 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-09 12:30 - 2014-03-31 00:57 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-04-09 12:30 - 2014-03-10 11:35 - 02008408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-04-09 12:30 - 2014-03-10 11:35 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2014-04-09 12:30 - 2014-03-06 10:19 - 01287576 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-04-09 12:30 - 2014-03-06 10:02 - 01109424 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-04-09 12:30 - 2014-03-06 07:17 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-04-09 12:30 - 2014-03-06 07:10 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-04-09 12:28 - 2014-04-09 12:28 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-04-09 12:28 - 2014-04-09 12:28 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-06 15:18 - 2014-04-06 15:37 - 00002517 _____ () C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Registering.lnk
2014-04-05 14:40 - 2014-04-23 13:05 - 01139564 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-05 13:14 - 2014-04-05 13:14 - 04787368 _____ (Piriform Ltd) C:\Users\Dave\Downloads\ccsetup412.exe
2014-04-02 20:21 - 2014-02-22 13:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-04-02 20:21 - 2014-02-22 12:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-03-27 21:13 - 2014-03-27 21:56 - 00002433 _____ () C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitter.lnk
 
==================== One Month Modified Files and Folders =======
 
2014-04-23 13:12 - 2014-04-23 13:11 - 00016174 _____ () C:\Users\Dave\Downloads\FRST.txt
2014-04-23 13:11 - 2014-04-23 13:09 - 00000000 ____D () C:\FRST
2014-04-23 13:10 - 2014-02-16 15:57 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CF72C303-7D4A-4834-82A8-3DBAE4AD7C85}
2014-04-23 13:09 - 2014-04-23 13:09 - 02061312 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe
2014-04-23 13:07 - 2014-02-15 00:05 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1462308946-1636989493-4254834989-1001
2014-04-23 13:07 - 2014-02-15 00:03 - 00000074 _____ () C:\Users\Dave\AppData\Roaming\sp_data.sys
2014-04-23 13:07 - 2013-11-14 13:45 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-23 13:05 - 2014-04-05 14:40 - 01139564 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-23 13:05 - 2014-02-15 02:55 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-23 13:05 - 2013-12-04 15:54 - 00003268 _____ () C:\WINDOWS\System32\Tasks\AsusVibeSchedule
2014-04-23 13:05 - 2013-12-04 15:54 - 00002988 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2014-04-23 13:05 - 2013-12-04 15:53 - 00003004 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU
2014-04-23 13:05 - 2013-12-04 15:52 - 00003056 _____ () C:\WINDOWS\System32\Tasks\ASUS P4G
2014-04-23 13:05 - 2013-12-04 15:52 - 00003028 _____ () C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2014-04-23 13:05 - 2013-12-04 15:51 - 00003114 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update
2014-04-23 13:05 - 2013-12-04 15:45 - 00003540 _____ () C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2014-04-23 13:02 - 2014-02-15 06:18 - 00000000 __RDO () C:\Users\Dave\SkyDrive
2014-04-23 13:02 - 2014-02-15 02:55 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-23 13:02 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-23 13:01 - 2014-04-23 12:49 - 00000000 ____D () C:\AdwCleaner
2014-04-23 13:01 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-23 13:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-23 12:47 - 2014-04-23 12:47 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Mozilla
2014-04-23 12:47 - 2014-02-16 17:37 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1462308946-1636989493-4254834989-1001UA.job
2014-04-23 12:46 - 2014-04-23 12:46 - 01345299 _____ () C:\Users\Dave\Downloads\AdwCleaner.exe
2014-04-22 18:03 - 2014-01-31 21:15 - 00000000 ____D () C:\Users\Dave\Documents\888poker
2014-04-21 12:53 - 2014-04-21 12:53 - 00066710 _____ () C:\Users\Dave\Downloads\Extras.Txt
2014-04-21 12:52 - 2014-04-21 12:52 - 00113524 _____ () C:\Users\Dave\Downloads\OTL.Txt
2014-04-21 12:40 - 2014-04-21 12:40 - 00602112 _____ (OldTimer Tools) C:\Users\Dave\Downloads\OTL.exe
2014-04-20 21:37 - 2014-04-20 19:44 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 19:44 - 2014-04-20 19:44 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-20 19:44 - 2014-04-20 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-20 19:44 - 2014-04-20 19:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-19 11:59 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-15 17:47 - 2014-02-16 17:37 - 00000868 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1462308946-1636989493-4254834989-1001Core.job
2014-04-15 10:32 - 2014-04-12 15:23 - 00000914 _____ () C:\WINDOWS\PFRO.log
2014-04-15 10:27 - 2014-04-15 10:27 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-04-15 10:27 - 2014-04-15 10:27 - 00001984 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-15 10:27 - 2014-02-15 06:34 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-04-15 10:27 - 2014-02-15 06:34 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-04-15 10:27 - 2014-02-15 06:34 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-04-15 10:27 - 2014-02-15 06:34 - 00208928 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-04-15 10:27 - 2014-02-15 06:34 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-04-15 10:27 - 2014-02-15 06:34 - 00084816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-04-15 10:27 - 2014-02-15 06:34 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-04-15 10:27 - 2014-02-15 06:34 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-04-15 10:27 - 2014-02-15 06:34 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-04-14 15:54 - 2014-02-15 01:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-14 15:52 - 2014-02-15 01:21 - 90655440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-10 13:04 - 2014-02-15 06:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-09 12:28 - 2014-04-09 12:28 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-04-09 12:28 - 2014-04-09 12:28 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-06 15:37 - 2014-04-06 15:18 - 00002517 _____ () C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Registering.lnk
2014-04-05 13:14 - 2014-04-05 13:14 - 04787368 _____ (Piriform Ltd) C:\Users\Dave\Downloads\ccsetup412.exe
2014-04-05 13:14 - 2014-02-16 15:39 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-03 09:51 - 2014-04-20 19:44 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-20 19:44 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-20 19:44 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-31 22:23 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-31 22:23 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 02:16 - 2014-04-09 12:30 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-31 00:57 - 2014-04-09 12:30 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-29 19:00 - 2014-02-15 02:55 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 19:00 - 2014-02-15 02:55 - 00003646 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 18:42 - 2014-02-16 17:37 - 00003864 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1462308946-1636989493-4254834989-1001UA
2014-03-28 18:42 - 2014-02-16 17:37 - 00003484 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1462308946-1636989493-4254834989-1001Core
2014-03-27 21:56 - 2014-03-27 21:13 - 00002433 _____ () C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitter.lnk
2014-03-24 18:52 - 2014-03-04 15:52 - 00004608 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\ProgramData\uninstall3214993.exe
 
 
Some content of TEMP:
====================
C:\Users\Dave\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-15 10:53
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by Dave at 2014-04-23 13:12:55
Running from C:\Users\Dave\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
888poker (HKLM-x32\...\888poker) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
Belkin Wireless USB Adapter Setup (HKLM-x32\...\{4EE9A620-46A0-4BCF-82AC-950D2BBED982}) (Version: 2.20 - Belkin)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{6080787C-8D8A-3334-B79E-FFDC020FA0A1}) (Version: 5.3.0.18358 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PKR (HKLM-x32\...\PKR) (Version:  - PKR Ltd)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.7.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.27030 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.37 - Safer-Networking Ltd.)
Windows Driver Package - ASUS (ATP) Mouse  (09/17/2013 1.0.0.186) (HKLM\...\D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A) (Version: 09/17/2013 1.0.0.186 - ASUS)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
 
==================== Restore Points  =========================
 
03-04-2014 16:59:24 Windows Update
10-04-2014 10:26:56 Windows Modules Installer
10-04-2014 10:27:51 Windows Modules Installer
13-04-2014 12:14:06 Windows Update
15-04-2014 09:26:20 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
2013-08-22 14:25 - 2014-04-10 13:06 - 00450770 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0BA4A515-7ADA-4E9E-8D20-37F5287B6FC8} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {1FC6EA40-6AAE-4D1F-B82B-A2E36F144B43} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-04-14] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31D2AF79-9948-4EFD-BC66-26EF7B6D2D29} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3E07E054-8C83-4A5B-89DA-51AFBDF9993B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {61FB8580-3E4C-4DB2-8E77-ED9A4597E1C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15] (Google Inc.)
Task: {69A5F387-A787-44FF-8EF4-F229C8424CF7} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-23] (AsusTek)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6E9CF1DA-0D3A-4C4B-8D40-342B85BDA2DB} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {8679525B-2488-4684-B7EC-04388D92007F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8C67FE2F-A40E-4197-9E1F-91B2B1E29FDF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9F96744D-D4AF-4BFB-84FF-4D615EA29328} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1462308946-1636989493-4254834989-1001UA => C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A5EA3904-D039-446D-AF35-B10C9EE06441} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-15] (AVAST Software)
Task: {ACEF6A4B-F7FA-4095-85EF-42A3DDCC316F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {B1384E7B-C60C-480C-81F5-7C4FFA441A98} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1462308946-1636989493-4254834989-1001Core => C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: {B19C2351-F87E-437E-89F2-CB85F4B87E21} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {CEE01EB8-F004-495F-8133-F4FE56EF902B} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-16] (ASUSTeK Computer Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D4A878EA-5F4E-4B2A-AADB-238734500403} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15] (Google Inc.)
Task: {D661045B-58D2-482E-9BD3-32F2E6AC8251} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E57FDE32-5B04-4B50-989B-756530B7BE06} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] ()
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1462308946-1636989493-4254834989-1001Core.job => C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1462308946-1636989493-4254834989-1001UA.job => C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-19 07:10 - 2012-12-19 07:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-04-23 12:52 - 2014-04-23 12:52 - 02215936 _____ () C:\Program Files\AVAST Software\Avast\defs\14042300\algo.dll
2014-02-15 18:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-15 18:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-02-15 06:34 - 2014-02-15 06:34 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-12-04 15:39 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-08-19 18:16 - 2013-08-19 18:16 - 00015440 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-08-16 11:03 - 2013-08-16 11:03 - 00023040 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-04-10 01:07 - 2014-04-02 02:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-10 01:07 - 2014-04-02 02:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-10 01:07 - 2014-04-02 02:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-10 01:07 - 2014-04-02 02:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-10 01:07 - 2014-04-02 02:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-10 01:07 - 2014-04-02 02:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Dave\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Dave\SkyDrive.old:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX3
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/23/2014 01:01:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DAVE-PC)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/23/2014 01:01:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DAVE-PC)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/23/2014 01:01:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DAVE-PC)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/23/2014 00:32:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DAVE-PC)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/23/2014 00:32:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DAVE-PC)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/23/2014 00:32:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DAVE-PC)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/23/2014 01:30:14 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20461 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a48
 
Start Time: 01cf5c255d377491
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 6857463e-ca7e-11e3-be7c-bcee7b1d7867
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (04/23/2014 01:30:13 AM) (Source: Application Hang) (User: )
Description: The program wwahost.exe version 6.3.9600.16431 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 10dc
 
Start Time: 01cf5e69d11d1369
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\syswow64\wwahost.exe
 
Report Id: 659cdf4c-ca7e-11e3-be7c-bcee7b1d7867
 
Faulting package full name: Microsoft.SkypeApp_2.7.0.1002_x86__kzf8qxf38zg5c
 
Faulting package-relative application ID: App
 
Error: (04/22/2014 01:32:09 AM) (Source: Application Hang) (User: )
Description: The program wwahost.exe version 6.3.9600.16431 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 900
 
Start Time: 01cf5da0e9cff002
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\syswow64\wwahost.exe
 
Report Id: 84928890-c9b5-11e3-be7c-bcee7b1d7867
 
Faulting package full name: Microsoft.SkypeApp_2.7.0.1002_x86__kzf8qxf38zg5c
 
Faulting package-relative application ID: App
 
Error: (04/20/2014 10:21:23 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16518 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1718
 
Start Time: 01cf5cde4908e857
 
Termination Time: 31
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: b6e39ecf-c8d1-11e3-be7c-bcee7b1d7867
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (04/23/2014 00:24:23 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/22/2014 09:31:21 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
 
Error: (04/22/2014 06:43:38 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
 
Error: (04/22/2014 02:21:33 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
 
Error: (04/22/2014 11:09:58 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/21/2014 09:33:17 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
 
Error: (04/21/2014 06:52:33 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
 
Error: (04/21/2014 05:10:51 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
 
Error: (04/21/2014 01:37:38 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
 
Error: (04/21/2014 00:34:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (04/23/2014 01:01:12 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DAVE-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023170
 
Error: (04/23/2014 01:01:12 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DAVE-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023170
 
Error: (04/23/2014 01:01:12 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DAVE-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023170
 
Error: (04/23/2014 00:32:23 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DAVE-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174
 
Error: (04/23/2014 00:32:23 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DAVE-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174
 
Error: (04/23/2014 00:32:23 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DAVE-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174
 
Error: (04/23/2014 01:30:14 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20461a4801cf5c255d3774914294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe6857463e-ca7e-11e3-be7c-bcee7b1d7867microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (04/23/2014 01:30:13 AM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.1643110dc01cf5e69d11d13694294967295C:\WINDOWS\syswow64\wwahost.exe659cdf4c-ca7e-11e3-be7c-bcee7b1d7867Microsoft.SkypeApp_2.7.0.1002_x86__kzf8qxf38zg5cApp
 
Error: (04/22/2014 01:32:09 AM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.1643190001cf5da0e9cff0024294967295C:\WINDOWS\syswow64\wwahost.exe84928890-c9b5-11e3-be7c-bcee7b1d7867Microsoft.SkypeApp_2.7.0.1002_x86__kzf8qxf38zg5cApp
 
Error: (04/20/2014 10:21:23 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.16518171801cf5cde4908e85731C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEb6e39ecf-c8d1-11e3-be7c-bcee7b1d7867
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 26%
Total physical RAM: 6029.73 MB
Available physical RAM: 4415.6 MB
Total Pagefile: 6989.73 MB
Available Pagefile: 5245.57 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:372.26 GB) (Free:331.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:537.8 GB) (Free:536.96 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 568814A2)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#12 daveyden

daveyden
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 23 April 2014 - 07:20 AM

Hope that was right jeff, will wait for further instructions, dave



#13 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:09 PM

Posted 23 April 2014 - 06:47 PM

Yes you did just fine.   :)
 
I did notice that your Google Chrome has some malware in it though.  Google Chrome is a bit tricky and the best course for fixing that is just uninstalling it and then reinstalling it.  Be sure to save any Bookmarks that you have before doing this though.  
-------------------
 
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the Desktop as fixlist.txt 
 

2014-03-24 18:52 - 2014-03-04 15:52 - 00004608 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\ProgramData\uninstall3214993.exe
C:\Users\Dave\AppData\Local\Temp\Quarantine.exe

 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply.
----------

 

Post the new FRST Fixlog.txt and also let me know how your system is running now.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#14 daveyden

daveyden
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 24 April 2014 - 05:26 AM

Thanks jeff I'm not at my infected P.C just now, will follow your instructions later and let you know how it goes...also, can you work out why a lot of the scans I do have 1'000's of files with virtumonde or smitfraud showing?  



#15 daveyden

daveyden
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 24 April 2014 - 06:05 AM

I am having trouble highlighting the text you sent, I am using Windows 8.1 and a lot of stuff I used to do with Vista just doesn't seem to work now! I will look at the Windows 8 information site, or perhaps you could suggest a way to get around this? Dave






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users