1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Help required major malware infection!

Discussion in 'Malware Removal Help' started by Hubbell Walker, Apr 6, 2014.

  1. Hubbell Walker

    Hubbell Walker

    Joined:
    Apr 6, 2014
    Messages:
    3
    Operating System:
    Windows 8
    Hi,

    My wife's laptop appears to have a serious Malware infection. It became infected after the first week since she bought. I installed AVG antivirus but it appears to have not helped. The Malware consists of a search engine called my search dial, and then another program which opens random windows like 888 poker and a video website. There is a also a random advert bar which appears at the bottom of the web browser. I've followed the advice given in the Malware removal thread and I've posted the logs below. Any help with this will be greatly appreciated.




    Malwarebytes

    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 06/04/2014
    Scan Time: 10:39:05
    Logfile: log 1.txt
    Administrator: Yes
    Version: 2.00.1.1004
    Malware Database: v2014.04.06.04
    Rootkit Database: v2014.03.27.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled
    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: cher
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 251996
    Time Elapsed: 22 min, 21 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled
    Processes: 4
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe, 2312, , [b5677cab42390234b484d473e21fc23e]
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe, 3024, , [4fcda87f90ebc472b0887bcca75a7f81]
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\FilterApp_C64.exe, 4980, , [f329d6519be0280e623e1a5411f1d22e]
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\XTLSApp.exe, 3840, , [f329d6519be0280e623e1a5411f1d22e]
    Modules: 1
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\XTLS.dll, , [f329d6519be0280e623e1a5411f1d22e],
    Registry Keys: 24
    PUP.Optional.JumpFlip.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Jump Flip, , [b5677cab42390234b484d473e21fc23e],
    PUP.Optional.JumpFlip.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Jump Flip, , [4fcda87f90ebc472b0887bcca75a7f81],
    PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [c5570f18a0dbf14537d594ae6d95bc44],
    PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [c5570f18a0dbf14537d594ae6d95bc44],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, , [0f0db7700576d85e10e858e946bc27d9],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, , [0f0db7700576d85e10e858e946bc27d9],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, , [0f0db7700576d85e10e858e946bc27d9],
    PUP.Optional.JumpFlip.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Jump Flip, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, , [928a25023744de58929390e1ad5535cb],
    PUP.Optional.JumpFlip.A, HKLM\SOFTWARE\WOW6432NODE\Jump Flip, , [c9534bdc2d4ee3532b78ed8151b1cf31],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, , [21fb1116c6b502344adbcca562a0d32d],
    PUP.Optional.Wajam.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WajamUpdater, , [97852106d3a875c19348d6b6877c01ff],
    PUP.Optional.JumpFlip.A, HKU\S-1-5-21-2792565551-3794414492-4264910988-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Jump Flip, , [8993e740b0cb67cf6d35323c13ef7d83],
    PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2792565551-3794414492-4264910988-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, , [31ebb275c1bab77f081c7df4ad55c13f],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-2792565551-3794414492-4264910988-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [ee2ee047d8a385b1049b72fc3bc7be42],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-2792565551-3794414492-4264910988-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [091358cf8af1a492c11cdca819ea46ba],
    PUP.Optional.Wajam.A, HKU\S-1-5-21-2792565551-3794414492-4264910988-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM, , [4bd19097d2a954e2b6831d6b2dd631cf],
    Registry Values: 2
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-2792565551-3794414492-4264910988-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X2O1C0R2R1R, , [091358cf8af1a492c11cdca819ea46ba]
    PUP.Optional.Wajam.A, HKU\S-1-5-21-2792565551-3794414492-4264910988-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM|affiliate_id, 5927, , [4bd19097d2a954e2b6831d6b2dd631cf]
    Registry Data: 3
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&...EtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=305087029&ir=, Good: (http://www.google.com), Bad: (http://start.mysearchdial.com/?f=1&...tFtCtAyBzytN1L1CzutCyD1B1P1R&cr=305087029&ir=),,[c35958cfe49774c2d913d63e53b1bd43]
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://start.mysearchdial.com/?f=2&...EtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=305087029&ir=, Good: (www.google.com), Bad: (http://start.mysearchdial.com/?f=2&...tFtCtAyBzytN1L1CzutCyD1B1P1R&cr=305087029&ir=),,[45d793944c2f92a45844e12a996b6d93]
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&...EtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=305087029&ir=, Good: (http://www.google.com), Bad: (http://start.mysearchdial.com/?f=1&...tFtCtAyBzytN1L1CzutCyD1B1P1R&cr=305087029&ir=),,[e3399c8b9be02b0bde0e001421e3e818]
    Folders: 12
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\plugins, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\TEMP, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.Wajam.A, C:\Users\cher\AppData\Local\Wajam, , [3ddf58cff7847abc3c0e7ade46bcfa06],
    PUP.Optional.Wajam.A, C:\Users\cher\AppData\Local\Wajam\Chrome, , [3ddf58cff7847abc3c0e7ade46bcfa06],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk, , [a775cb5c007b989ee79d4e0bf90901ff],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0, , [a775cb5c007b989ee79d4e0bf90901ff],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\icons, , [a775cb5c007b989ee79d4e0bf90901ff],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\scripts, , [a775cb5c007b989ee79d4e0bf90901ff],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp, , [b963c95e3c3f42f44b3a5cfd4fb344bc],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0, , [b963c95e3c3f42f44b3a5cfd4fb344bc],
    Files: 46
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe, , [b5677cab42390234b484d473e21fc23e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe, , [4fcda87f90ebc472b0887bcca75a7f81],
    PUP.Optional.Wajam, C:\Users\cher\AppData\Local\Temp\WajamC.exe, , [de3e1116f2895bdb96ccf02e08f8ce32],
    PUP.Optional.Wajam, C:\Users\cher\AppData\Local\Temp\wajam_download.exe, , [ea328c9b641792a4fa68d846b34d8d73],
    PUP.Optional.Somoto, C:\Users\cher\AppData\Local\Temp\bitool.dll, , [83991b0c3b405ed8621a9c589c6538c8],
    PUP.Optional.Somoto.A, C:\Users\cher\AppData\Local\Temp\nsm1370.tmp, , [a7759196f982d56171ed0e026b9632ce],
    PUP.Optional.JumpFlip.A, C:\Users\cher\AppData\Local\Temp\is1275519350\165076499_stp\JumpFlipSetup.exe, , [ed2fd1561b60c0763783792f12f1a858],
    PUP.Optional.RegCleanPro, C:\Users\cher\AppData\Local\Temp\is1275519350\165076567_stp\rcpsetup_adppi14_adppi14.exe, , [6eae2bfca9d2290dfa8f1c1827d93cc4],
    PUP.Optional.OpenCandy, C:\Users\cher\Downloads\DAEMONToolsUltra200-0159.exe, , [af6dc265abd06acc952653e524e0a15f],
    PUP.Optional.Spigot.A, C:\Users\cher\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe, , [bb617daa5f1ca096ba8d33eaa0617d83],
    PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, , [3ae2d7503546a29467f02a3e35cd4db3],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\JumpFlip.ico, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\JumpFlipUninstall.exe, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\sqlite3.exe, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\updateJumpFlip.InstallState, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\7za.exe, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\BrowserAdapterS.7z, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\FilterApp_C64.exe, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\JumpFlip.BrowserFilter.Helper.dll, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\JumpFlip.BrowserFilter.Helper.dll.old.24f0b5a2-669c-4a28-91cf-32e26a767176, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\JumpFlipBrowserFilter.exe, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\sqlite3.dll, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.InstallState, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\XTLS.dll, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\XTLSApp.dll, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\XTLSApp.exe, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\plugins\JumpFlip.Bromon.dll, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\plugins\JumpFlip.BrowserAdapterS.dll, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\plugins\JumpFlip.CompatibilityChecker.dll, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\plugins\JumpFlip.IEUpdate.dll, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.JumpFlip.A, C:\Program Files (x86)\Jump Flip\bin\plugins\JumpFlip.PurBrowse.dll, , [f329d6519be0280e623e1a5411f1d22e],
    PUP.Optional.MySearchDial.A, C:\Users\cher\AppData\Local\mysearchdial-speeddial.crx, , [0d0f68bf7dfe4aec7330d19ee81aaa56],
    PUP.Optional.Wajam.A, C:\Users\cher\AppData\Local\Wajam\Chrome\wajam.crx, , [3ddf58cff7847abc3c0e7ade46bcfa06],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\background.html, , [a775cb5c007b989ee79d4e0bf90901ff],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\config.json, , [a775cb5c007b989ee79d4e0bf90901ff],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\manifest.json, , [a775cb5c007b989ee79d4e0bf90901ff],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\icons\ss-128.png, , [a775cb5c007b989ee79d4e0bf90901ff],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\icons\ss-48.png, , [a775cb5c007b989ee79d4e0bf90901ff],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\scripts\background.js, , [a775cb5c007b989ee79d4e0bf90901ff],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\scripts\loader_1036.js, , [a775cb5c007b989ee79d4e0bf90901ff],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\scripts\utils.js, , [a775cb5c007b989ee79d4e0bf90901ff],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\amazon-128.png, , [b963c95e3c3f42f44b3a5cfd4fb344bc],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\amazon-19.png, , [b963c95e3c3f42f44b3a5cfd4fb344bc],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\amazon-48.png, , [b963c95e3c3f42f44b3a5cfd4fb344bc],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\background.js, , [b963c95e3c3f42f44b3a5cfd4fb344bc],
    PUP.Optional.SlickSavings.A, C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\manifest.json, , [b963c95e3c3f42f44b3a5cfd4fb344bc],
    Physical Sectors: 0
    (No malicious items detected)

    (end)







    Farbar Recovery

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
    Ran by cher (administrator) on CHER on 06-04-2014 11:39:39
    Running from C:\Users\cher\Downloads
    Windows 8 (X64) OS Language: English(UK)
    Internet Explorer Version 10
    Boot Mode: Normal
    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
    (Microsoft Corporation) C:\Windows\system32\WLANExt.exe
    (ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    (Microsoft Corporation) C:\Windows\system32\dashost.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Intel Corporation) C:\Windows\system32\hkcmd.exe
    (Intel Corporation) C:\Windows\system32\igfxtray.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe
    (Intel Corporation) C:\Windows\system32\igfxpers.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    (Microsoft Corporation) C:\Windows\system32\msiexec.exe

    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
    HKLM-x32\...\Run: [ATUninstallIcon] - "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [ATLauncher] - "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createshortcuts:1
    HKLM-x32\...\Run: [IObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1566528 2014-01-15] (IObit)
    HKLM-x32\...\Run: [] - [X]
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2792565551-3794414492-4264910988-1001\...\Run: [AVG-Secure-Search-Update_1113a] - C:\Users\cher\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=f4d6cc185a4247d39d3cb95e6ff618f3-9b8cfdfe45246e743fe52e6c8939dcc5ae6aac78 /CMPID=1113a
    HKU\S-1-5-21-2792565551-3794414492-4264910988-1001\...\MountPoints2: {aa4da198-2ad1-11e3-be79-68172912f100} - "F:\SETUP.EXE"
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...EtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=305087029&ir=
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...EtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=305087029&ir=
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...EtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=305087029&ir=
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...EtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=305087029&ir=
    SearchScopes: HKCU - {A0A67264-14D2-4F6F-9837-821FC633011B} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
    BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Ads Removal - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
    Chrome:
    =======
    CHR HomePage: hxxp://www.google.co.uk/?gws_rd=cr&ei=iqnjUumUCqeV0QW8-YDQBQ
    CHR DefaultSearchKeyword: google.co.uk
    CHR Extension: (Google Docs) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-01]
    CHR Extension: (Google Drive) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-01]
    CHR Extension: (YouTube) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-01]
    CHR Extension: (Google Search) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-01]
    CHR Extension: (Ads Removal) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-01-24]
    CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-01-24]
    CHR Extension: (Google Wallet) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
    CHR Extension: (Gmail) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-01]
    CHR HKLM-x32\...\Chrome\Extension: [debmkdhphjfcbaomiknnceliiclnpmfg] - C:\Program Files (x86)\Jump Flip\debmkdhphjfcbaomiknnceliiclnpmfg.crx [2013-10-01]
    ==================== Services (Whitelisted) =================
    R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
    R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [341824 2014-01-03] (IObit)
    R3 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
    R3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
    R3 WakeupService; C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe [42336 2012-11-16] (ASUSTek Computer Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
    R3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
    S3 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
    ==================== Drivers (Whitelisted) ====================
    R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation)
    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
    R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
    R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
    R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-06] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
    R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
    R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
    R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
    R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
    R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-17] (StdLib)
    R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
    U0 msahci;
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2014-04-06 11:39 - 2014-04-06 11:39 - 00016547 _____ () C:\Users\cher\Downloads\FRST.txt
    2014-04-06 11:38 - 2014-04-06 11:38 - 02157056 _____ (Farbar) C:\Users\cher\Downloads\FRST64.exe
    2014-04-06 11:17 - 2014-04-06 11:20 - 00000000 ____D () C:\AdwCleaner
    2014-04-06 11:08 - 2014-04-06 11:39 - 00000000 ____D () C:\FRST
    2014-04-06 10:14 - 2014-04-06 11:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-04-06 10:12 - 2014-04-06 10:12 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-04-06 10:12 - 2014-04-06 10:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-06 10:12 - 2014-04-06 10:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-06 10:12 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-04-06 10:12 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-04-06 10:12 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-04-02 15:44 - 2014-04-02 15:44 - 00000000 ____D () C:\Users\cher\Desktop\860OKMZO
    2014-04-02 15:43 - 2014-04-02 15:55 - 00000000 ____D () C:\Users\cher\Desktop\Iphone photos
    2014-04-02 09:49 - 2014-04-02 09:49 - 00422160 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-03-28 14:10 - 2014-03-28 14:10 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
    2014-03-28 14:10 - 2014-03-28 14:10 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
    2014-03-17 10:34 - 2014-03-17 10:34 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
    2014-03-13 13:00 - 2014-03-13 13:00 - 00024840 ____H () C:\Users\cher\Desktop\~WRL0643.tmp
    2014-03-13 10:58 - 2014-02-23 09:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-03-13 10:57 - 2014-02-23 09:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-03-13 10:57 - 2014-02-23 09:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-03-13 10:57 - 2014-02-23 09:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
    2014-03-13 10:57 - 2014-02-23 09:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
    2014-03-13 10:57 - 2014-02-23 09:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-03-13 10:57 - 2014-02-23 09:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-03-13 10:57 - 2014-02-23 09:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-03-13 10:57 - 2014-02-23 07:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-03-13 10:57 - 2014-02-23 07:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-03-13 10:57 - 2014-02-23 07:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-03-13 10:57 - 2014-02-23 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-03-13 10:57 - 2014-02-23 07:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-03-13 10:57 - 2014-02-23 05:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
    2014-03-13 10:57 - 2014-02-08 05:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-03-13 10:57 - 2013-10-25 08:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
    2014-03-13 10:57 - 2013-10-24 23:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
    2014-03-13 10:52 - 2013-12-07 07:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-03-13 10:52 - 2013-12-07 06:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-03-13 10:51 - 2014-02-06 00:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-03-13 10:51 - 2014-02-06 00:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-03-13 10:51 - 2014-01-31 01:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-03-13 10:51 - 2014-01-31 01:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    ==================== One Month Modified Files and Folders =======
    2014-04-06 11:39 - 2014-04-06 11:39 - 00016547 _____ () C:\Users\cher\Downloads\FRST.txt
    2014-04-06 11:39 - 2014-04-06 11:08 - 00000000 ____D () C:\FRST
    2014-04-06 11:38 - 2014-04-06 11:38 - 02157056 _____ (Farbar) C:\Users\cher\Downloads\FRST64.exe
    2014-04-06 11:27 - 2013-10-01 19:20 - 00000062 _____ () C:\Users\cher\AppData\Roaming\sp_data.sys
    2014-04-06 11:27 - 2013-05-25 08:37 - 00003028 _____ () C:\Windows\System32\Tasks\ASUS USB Charger Plus
    2014-04-06 11:27 - 2013-05-25 08:26 - 00003542 _____ () C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)
    2014-04-06 11:27 - 2012-07-26 08:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-04-06 11:26 - 2013-05-25 08:45 - 00003260 _____ () C:\Windows\System32\Tasks\ASUS Patch for Touch Panel
    2014-04-06 11:26 - 2013-05-25 08:39 - 00003056 _____ () C:\Windows\System32\Tasks\ASUS P4G
    2014-04-06 11:26 - 2013-05-25 08:39 - 00003004 _____ () C:\Windows\System32\Tasks\ASUS Splendid ColorU
    2014-04-06 11:26 - 2013-05-25 08:39 - 00002988 _____ () C:\Windows\System32\Tasks\ASUS Splendid ACMON
    2014-04-06 11:26 - 2013-05-25 08:37 - 00003114 _____ () C:\Windows\System32\Tasks\ASUS Live Update
    2014-04-06 11:23 - 2014-04-06 10:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-04-06 11:23 - 2013-12-13 22:29 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
    2014-04-06 11:23 - 2013-10-01 19:29 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-04-06 11:22 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-04-06 11:21 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
    2014-04-06 11:20 - 2014-04-06 11:17 - 00000000 ____D () C:\AdwCleaner
    2014-04-06 11:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
    2014-04-06 11:00 - 2013-10-01 19:29 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-04-06 10:42 - 2012-08-02 14:24 - 00046240 _____ () C:\Windows\PFRO.log
    2014-04-06 10:42 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\System
    2014-04-06 10:41 - 2012-07-26 06:26 - 00000399 _____ () C:\Windows\win.ini
    2014-04-06 10:12 - 2014-04-06 10:12 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-04-06 10:12 - 2014-04-06 10:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-06 10:12 - 2014-04-06 10:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-06 09:58 - 2013-12-13 22:43 - 00000000 ____D () C:\ProgramData\MFAData
    2014-04-06 09:56 - 2014-02-24 16:12 - 00004936 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CHER-cher Cher
    2014-04-06 09:55 - 2013-12-09 11:04 - 00000000 ____D () C:\Users\cher\Desktop\Dreammaker
    2014-04-04 17:06 - 2014-01-07 17:00 - 00000000 ____D () C:\Users\cher\AppData\Roaming\FileZilla
    2014-04-04 15:43 - 2013-10-01 19:12 - 00000000 ____D () C:\Users\cher\AppData\Local\Packages
    2014-04-04 09:04 - 2013-10-08 19:25 - 00074752 ___SH () C:\Users\cher\Desktop\Thumbs.db
    2014-04-04 09:02 - 2012-11-27 05:11 - 00000000 ____D () C:\Program Files\mcafee
    2014-04-04 09:02 - 2012-11-27 05:11 - 00000000 ____D () C:\Program Files\Common Files\mcafee
    2014-04-03 09:51 - 2014-04-06 10:12 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-04-03 09:51 - 2014-04-06 10:12 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-04-03 09:50 - 2014-04-06 10:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-04-02 22:06 - 2013-11-11 14:48 - 00130048 _____ () C:\Users\cher\Desktop\Cher Bears Nursery finance.xls
    2014-04-02 15:55 - 2014-04-02 15:43 - 00000000 ____D () C:\Users\cher\Desktop\Iphone photos
    2014-04-02 15:44 - 2014-04-02 15:44 - 00000000 ____D () C:\Users\cher\Desktop\860OKMZO
    2014-04-02 09:53 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2014-04-02 09:49 - 2014-04-02 09:49 - 00422160 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-03-31 10:55 - 2013-10-01 19:29 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-03-31 10:55 - 2013-10-01 19:29 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-03-28 14:10 - 2014-03-28 14:10 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
    2014-03-28 14:10 - 2014-03-28 14:10 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
    2014-03-26 09:02 - 2013-10-25 15:56 - 00000000 ____D () C:\Users\cher\AppData\Local\Windows Live
    2014-03-17 10:34 - 2014-03-17 10:34 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
    2014-03-14 22:22 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
    2014-03-14 17:37 - 2013-10-01 19:13 - 00000000 ___RD () C:\Users\cher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-03-14 17:37 - 2013-10-01 19:13 - 00000000 ___RD () C:\Users\cher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-03-14 17:33 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
    2014-03-14 17:33 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-03-14 17:33 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-03-14 17:33 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-03-14 17:33 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-03-13 23:19 - 2013-10-01 19:12 - 01700383 _____ () C:\Windows\WindowsUpdate.log
    2014-03-13 13:00 - 2014-03-13 13:00 - 00024840 ____H () C:\Users\cher\Desktop\~WRL0643.tmp
    2014-03-12 12:17 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
    Files to move or delete:
    ====================
    C:\ProgramData\SetStretch.exe
    C:\ProgramData\SetStretch.VBS

    Some content of TEMP:
    ====================
    C:\Users\cher\AppData\Local\Temp\40196uninstall.exe
    C:\Users\cher\AppData\Local\Temp\BackupSetup.exe
    C:\Users\cher\AppData\Local\Temp\ose00000.exe
    C:\Users\cher\AppData\Local\Temp\PidGenX.dll
    C:\Users\cher\AppData\Local\Temp\Quarantine.exe
    C:\Users\cher\AppData\Local\Temp\Sqlite3.dll
    C:\Users\cher\AppData\Local\Temp\vcredist_x64.exe
    C:\Users\cher\AppData\Local\Temp\{EE15AECD-6666-4A26-B6A2-96FC7853C7C7}-33.0.1750.117_32.0.1700.107_chrome_updater.exe

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2014-03-28 14:40
    ==================== End Of Log ============================



    # AdwCleaner v3.023 - Report created 06/04/2014 at 11:20:29
    # Updated 01/04/2014 by Xplode
    # Operating System : Windows 8 (64 bits)
    # Username : cher - CHER
    # Running from : C:\Users\cher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WFHW0DNG\AdwCleaner.exe
    # Option : Clean
    ***** [ Services ] *****
    Service Deleted : Application Updater
    ***** [ Files / Folders ] *****
    Folder Deleted : C:\Program Files (x86)\Application Updater
    Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar
    Folder Deleted : C:\Program Files (x86)\MyPC Backup
    Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
    Folder Deleted : C:\Users\cher\AppData\LocalLow\Mysearchdial
    Folder Deleted : C:\Users\cher\AppData\LocalLow\Search Settings
    Folder Deleted : C:\Users\cher\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : HKCU\Software\AVG SafeGuard toolbar
    Key Deleted : HKCU\Software\BI
    Key Deleted : HKCU\Software\Search Settings
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKLM\Software\Application Updater
    Key Deleted : HKLM\Software\AVG SafeGuard toolbar
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\Search Settings
    Key Deleted : HKLM\Software\systweak
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
    ***** [ Browsers ] *****
    -\\ Internet Explorer v10.0.9200.16843

    -\\ Google Chrome v33.0.1750.154
    [ File : C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    *************************
    AdwCleaner[R0].txt - [4195 octets] - [06/04/2014 11:18:06]
    AdwCleaner[S0].txt - [3903 octets] - [06/04/2014 11:20:29]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3963 octets] ##########
     
  2. allheart55 (Cindy E)

    allheart55 (Cindy E) Administrator Administrator

    Joined:
    Jun 11, 2009
    Messages:
    10,495
    Location:
    Pennsylvania
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    ASUS M4A77TD AM3 AMD 770 ATX AMD
    CPU:
    AMD Phenom II X6 1090T-Thuban 3.2GHz
    Memory:
    Crucial-DDR3 SDRAM 1333-8GB
    Hard Drive:
    WD Caviar Black SE HDD 640 GB - WD Caviar Black SE HDD 500 GB
    Graphics Card:
    Sapphire Radeon HD-7870 2GB
    Power Supply:
    CORSAIR CMPSU-750W
    Hello Hubbell Walker and Welcome to Computer Help Forums,

    I have notified our malware removal specialists and one of them will be along to assist you shortly.
     
  3. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Hubbell Walker

    The FRST report is showing that we still have some entries to fix.
    Unfortunately you only posted the main FRST report, i still need the Addition.txt report to complete a fix.
    The Addition.txt will have been saved in the same location that FRST was run from:
    Once i have this report i can complete my fix.

    Thanks
     
  4. Hubbell Walker

    Hubbell Walker

    Joined:
    Apr 6, 2014
    Messages:
    3
    Operating System:
    Windows 8
    Hi

    When I ran the third Xplode tool and he PC rebooted I lost the first FRST report which I had pasted into this thread. So I re run a scan and then copied that report. I've now located the first FRST report and the additional report which I obtained when I ran the first scan. So below I've pasted this first FRST report and the additional report is below it. I really appreciate your help!

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
    Ran by cher (administrator) on CHER on 06-04-2014 11:10:55
    Running from C:\Users\cher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YKO0X65
    Windows 8 (X64) OS Language: English(UK)
    Internet Explorer Version 10
    Boot Mode: Normal
    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
    (Microsoft Corporation) C:\Windows\system32\WLANExt.exe
    (ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    (Microsoft Corporation) C:\Windows\system32\dashost.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    (Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Intel Corporation) C:\Windows\system32\hkcmd.exe
    (Intel Corporation) C:\Windows\system32\igfxtray.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe
    () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
    (Intel Corporation) C:\Windows\system32\igfxpers.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Microsoft Corporation) C:\Windows\system32\msiexec.exe

    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
    HKLM-x32\...\Run: [ATUninstallIcon] - "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [ATLauncher] - "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createshortcuts:1
    HKLM-x32\...\Run: [IObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1566528 2014-01-15] (IObit)
    HKLM-x32\...\Run: [] - [X]
    HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1393984 2014-03-17] (Spigot, Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2792565551-3794414492-4264910988-1001\...\Run: [AVG-Secure-Search-Update_1113a] - C:\Users\cher\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=f4d6cc185a4247d39d3cb95e6ff618f3-9b8cfdfe45246e743fe52e6c8939dcc5ae6aac78 /CMPID=1113a
    HKU\S-1-5-21-2792565551-3794414492-4264910988-1001\...\MountPoints2: {aa4da198-2ad1-11e3-be79-68172912f100} - "F:\SETUP.EXE"
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
    URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.9\iobitappsToolbarIE64.dll (Spigot, Inc.)
    URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.9\iobitappsToolbarIE.dll (Spigot, Inc.)
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...EtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=305087029&ir=
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...EtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=305087029&ir=
    SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
    SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...EtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=305087029&ir=
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...EtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=305087029&ir=
    SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
    SearchScopes: HKCU - {A0A67264-14D2-4F6F-9837-821FC633011B} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
    BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.9\iobitappsToolbarIE.dll (Spigot, Inc.)
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Ads Removal - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.9\iobitappsToolbarIE64.dll (Spigot, Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.9\iobitappsToolbarIE.dll (Spigot, Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
    Chrome:
    =======
    CHR HomePage: hxxp://www.google.co.uk/?gws_rd=cr&ei=iqnjUumUCqeV0QW8-YDQBQ
    CHR DefaultSearchKeyword: google.co.uk
    CHR Extension: (Google Docs) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-01]
    CHR Extension: (Google Drive) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-01]
    CHR Extension: (YouTube) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-01]
    CHR Extension: (Google Search) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-01]
    CHR Extension: (Ads Removal) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-01-24]
    CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-01-24]
    CHR Extension: (Google Wallet) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
    CHR Extension: (Gmail) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-01]
    CHR HKLM-x32\...\Chrome\Extension: [debmkdhphjfcbaomiknnceliiclnpmfg] - C:\Program Files (x86)\Jump Flip\debmkdhphjfcbaomiknnceliiclnpmfg.crx [2013-10-01]
    CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
    CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
    CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
    CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
    ==================== Services (Whitelisted) =================
    R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
    R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [341824 2014-01-03] (IObit)
    R3 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
    R3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
    R3 WakeupService; C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe [42336 2012-11-16] (ASUSTek Computer Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
    R3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
    S3 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
    ==================== Drivers (Whitelisted) ====================
    R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation)
    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
    R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
    R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
    R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-06] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
    R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
    R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
    R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
    R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
    R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-17] (StdLib)
    R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
    U0 msahci;
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2014-04-06 11:08 - 2014-04-06 11:10 - 00000000 ____D () C:\FRST
    2014-04-06 10:14 - 2014-04-06 10:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-04-06 10:12 - 2014-04-06 10:12 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-04-06 10:12 - 2014-04-06 10:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-06 10:12 - 2014-04-06 10:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-06 10:12 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-04-06 10:12 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-04-06 10:12 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-04-02 15:44 - 2014-04-02 15:44 - 00000000 ____D () C:\Users\cher\Desktop\860OKMZO
    2014-04-02 15:43 - 2014-04-02 15:55 - 00000000 ____D () C:\Users\cher\Desktop\Iphone photos
    2014-04-02 09:49 - 2014-04-02 09:49 - 00422160 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-03-28 14:10 - 2014-03-28 14:10 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
    2014-03-28 14:10 - 2014-03-28 14:10 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
    2014-03-24 16:40 - 2014-03-24 16:40 - 00000000 ____D () C:\Program Files (x86)\IObit Apps Toolbar
    2014-03-24 16:40 - 2014-03-24 16:40 - 00000000 ____D () C:\Program Files (x86)\Application Updater
    2014-03-17 10:34 - 2014-03-17 10:34 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
    2014-03-13 13:00 - 2014-03-13 13:00 - 00024840 ____H () C:\Users\cher\Desktop\~WRL0643.tmp
    2014-03-13 10:58 - 2014-02-23 09:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-03-13 10:57 - 2014-02-23 09:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-03-13 10:57 - 2014-02-23 09:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-03-13 10:57 - 2014-02-23 09:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
    2014-03-13 10:57 - 2014-02-23 09:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
    2014-03-13 10:57 - 2014-02-23 09:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-03-13 10:57 - 2014-02-23 09:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-03-13 10:57 - 2014-02-23 09:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-03-13 10:57 - 2014-02-23 07:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-03-13 10:57 - 2014-02-23 07:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-03-13 10:57 - 2014-02-23 07:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-03-13 10:57 - 2014-02-23 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-03-13 10:57 - 2014-02-23 07:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-03-13 10:57 - 2014-02-23 05:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
    2014-03-13 10:57 - 2014-02-08 05:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-03-13 10:57 - 2013-10-25 08:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
    2014-03-13 10:57 - 2013-10-24 23:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
    2014-03-13 10:52 - 2013-12-07 07:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-03-13 10:52 - 2013-12-07 06:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-03-13 10:51 - 2014-02-06 00:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-03-13 10:51 - 2014-02-06 00:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-03-13 10:51 - 2014-01-31 01:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-03-13 10:51 - 2014-01-31 01:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    ==================== One Month Modified Files and Folders =======
    2014-04-06 11:10 - 2014-04-06 11:08 - 00000000 ____D () C:\FRST
    2014-04-06 11:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
    2014-04-06 11:00 - 2013-10-01 19:29 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-04-06 11:00 - 2013-10-01 19:29 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-04-06 10:49 - 2013-10-01 19:20 - 00000062 _____ () C:\Users\cher\AppData\Roaming\sp_data.sys
    2014-04-06 10:49 - 2013-05-25 08:45 - 00003260 _____ () C:\Windows\System32\Tasks\ASUS Patch for Touch Panel
    2014-04-06 10:49 - 2013-05-25 08:39 - 00003056 _____ () C:\Windows\System32\Tasks\ASUS P4G
    2014-04-06 10:49 - 2013-05-25 08:39 - 00003004 _____ () C:\Windows\System32\Tasks\ASUS Splendid ColorU
    2014-04-06 10:49 - 2013-05-25 08:39 - 00002988 _____ () C:\Windows\System32\Tasks\ASUS Splendid ACMON
    2014-04-06 10:49 - 2013-05-25 08:37 - 00003114 _____ () C:\Windows\System32\Tasks\ASUS Live Update
    2014-04-06 10:49 - 2013-05-25 08:37 - 00003028 _____ () C:\Windows\System32\Tasks\ASUS USB Charger Plus
    2014-04-06 10:49 - 2013-05-25 08:26 - 00003542 _____ () C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)
    2014-04-06 10:47 - 2013-12-13 22:29 - 00003754 _____ () C:\Windows\System32\Tasks\AutoKMS
    2014-04-06 10:47 - 2012-07-26 08:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-04-06 10:46 - 2014-04-06 10:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-04-06 10:42 - 2012-08-02 14:24 - 00046240 _____ () C:\Windows\PFRO.log
    2014-04-06 10:42 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\System
    2014-04-06 10:42 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-04-06 10:41 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
    2014-04-06 10:41 - 2012-07-26 06:26 - 00000399 _____ () C:\Windows\win.ini
    2014-04-06 10:12 - 2014-04-06 10:12 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-04-06 10:12 - 2014-04-06 10:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-06 10:12 - 2014-04-06 10:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-06 09:58 - 2013-12-13 22:43 - 00000000 ____D () C:\ProgramData\MFAData
    2014-04-06 09:56 - 2014-02-24 16:12 - 00004936 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CHER-cher Cher
    2014-04-06 09:55 - 2013-12-09 11:04 - 00000000 ____D () C:\Users\cher\Desktop\Dreammaker
    2014-04-04 17:06 - 2014-01-07 17:00 - 00000000 ____D () C:\Users\cher\AppData\Roaming\FileZilla
    2014-04-04 15:43 - 2013-10-01 19:12 - 00000000 ____D () C:\Users\cher\AppData\Local\Packages
    2014-04-04 09:04 - 2013-10-08 19:25 - 00074752 ___SH () C:\Users\cher\Desktop\Thumbs.db
    2014-04-04 09:02 - 2012-11-27 05:11 - 00000000 ____D () C:\Program Files\mcafee
    2014-04-04 09:02 - 2012-11-27 05:11 - 00000000 ____D () C:\Program Files\Common Files\mcafee
    2014-04-03 09:51 - 2014-04-06 10:12 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-04-03 09:51 - 2014-04-06 10:12 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-04-03 09:50 - 2014-04-06 10:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-04-02 22:06 - 2013-11-11 14:48 - 00130048 _____ () C:\Users\cher\Desktop\Cher Bears Nursery finance.xls
    2014-04-02 15:55 - 2014-04-02 15:43 - 00000000 ____D () C:\Users\cher\Desktop\Iphone photos
    2014-04-02 15:44 - 2014-04-02 15:44 - 00000000 ____D () C:\Users\cher\Desktop\860OKMZO
    2014-04-02 09:53 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2014-04-02 09:49 - 2014-04-02 09:49 - 00422160 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-03-31 10:55 - 2013-10-01 19:29 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-03-31 10:55 - 2013-10-01 19:29 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-03-28 14:10 - 2014-03-28 14:10 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
    2014-03-28 14:10 - 2014-03-28 14:10 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
    2014-03-26 09:02 - 2013-10-25 15:56 - 00000000 ____D () C:\Users\cher\AppData\Local\Windows Live
    2014-03-24 16:40 - 2014-03-24 16:40 - 00000000 ____D () C:\Program Files (x86)\IObit Apps Toolbar
    2014-03-24 16:40 - 2014-03-24 16:40 - 00000000 ____D () C:\Program Files (x86)\Application Updater
    2014-03-17 10:34 - 2014-03-17 10:34 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
    2014-03-14 22:22 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
    2014-03-14 17:37 - 2013-10-01 19:13 - 00000000 ___RD () C:\Users\cher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-03-14 17:37 - 2013-10-01 19:13 - 00000000 ___RD () C:\Users\cher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-03-14 17:33 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
    2014-03-14 17:33 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-03-14 17:33 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-03-14 17:33 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-03-14 17:33 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-03-13 23:19 - 2013-10-01 19:12 - 01700383 _____ () C:\Windows\WindowsUpdate.log
    2014-03-13 13:00 - 2014-03-13 13:00 - 00024840 ____H () C:\Users\cher\Desktop\~WRL0643.tmp
    2014-03-12 12:17 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
    Files to move or delete:
    ====================
    C:\ProgramData\SetStretch.exe
    C:\ProgramData\SetStretch.VBS

    Some content of TEMP:
    ====================
    C:\Users\cher\AppData\Local\Temp\40196uninstall.exe
    C:\Users\cher\AppData\Local\Temp\BackupSetup.exe
    C:\Users\cher\AppData\Local\Temp\ose00000.exe
    C:\Users\cher\AppData\Local\Temp\PidGenX.dll
    C:\Users\cher\AppData\Local\Temp\Sqlite3.dll
    C:\Users\cher\AppData\Local\Temp\vcredist_x64.exe
    C:\Users\cher\AppData\Local\Temp\{EE15AECD-6666-4A26-B6A2-96FC7853C7C7}-33.0.1750.117_32.0.1700.107_chrome_updater.exe

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2014-03-28 14:40
    ==================== End Of Log ============================






    ADDITIONAL REPORT

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
    Ran by cher at 2014-04-06 11:12:10
    Running from C:\Users\cher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YKO0X65
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
    AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
    ==================== Installed Programs ======================
    ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.22 - ASUS)
    Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
    ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
    ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
    ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.0 - ASUS)
    ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.36 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS)
    ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
    ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
    AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies)
    AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
    AVG 2014 (Version: 14.0.4355 - AVG Technologies) Hidden
    Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version: - ) <==== ATTENTION
    Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version: - )
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24646B1D-EC21-45E5-A1F3-AFFB75A964A6}) (Version: - Microsoft)
    FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
    Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{AD0F3D6D-202A-4BAB-8838-0134531FD3AF}) (Version: 15.5.6.0460 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
    Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
    IObit Apps Toolbar v8.9 (HKLM-x32\...\{EE68B04B-ABF4-4E83-87FF-42AF4C3F1D5B}) (Version: 8.9 - Spigot, Inc.) <==== ATTENTION
    IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.3 - IObit)
    iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
    Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
    Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6793 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
    Recover My Files 5 (HKLM-x32\...\Recover My Files 5) (Version: 5 - eSportsKosova)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Update for Microsoft Access 2013 (KB2752093) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9278844A-389D-408B-9232-2CD960C8EF04}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2817621) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2F2717FB-5567-491F-B493-B6556DB4FFCB}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2817621) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2F2717FB-5567-491F-B493-B6556DB4FFCB}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2817621) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{CA571833-CF9C-4B1E-B6E2-07211664180E}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2727096) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34F41F42-15EC-4FB5-A6C7-464F4BB5D798}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2727096) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34F41F42-15EC-4FB5-A6C7-464F4BB5D798}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C74BC9C1-46D0-4406-A003-119C5F2BC240}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{068372FB-7EAF-463F-8074-77AB35BB13E6}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8449754F-577E-4EC3-B9D4-108395B1680E}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D8B3D175-48B8-413F-8484-4D81E744B51C}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8587E5B1-6279-4396-B9AC-20B334F4FF88}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2767851) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A98FE317-A670-47B8-9510-C115D933282A}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2767860) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0C0A2F4A-757C-4F10-935F-508E1A2D4719}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817311) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{42811B49-8137-4B2E-ADB4-A6D865E8B3F9}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817311) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{AFFDED46-E98E-4E83-8C5B-72F8C55E514C}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817311) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{3D4FD1D7-D550-498D-A741-8BEBAB5BA305}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817491) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C74677D5-FA4D-47D5-B769-1866C6D81214}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817493) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9DC0AE49-CE9F-4472-AB12-C3A6A666F2D1}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817493) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9DC0AE49-CE9F-4472-AB12-C3A6A666F2D1}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817624) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2F791A9F-ADB1-45BA-99D0-786B0952CC38}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817624) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2F791A9F-ADB1-45BA-99D0-786B0952CC38}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F33ABF6A-3007-47E8-8E38-506A18E54641}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817632) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{911BA216-ED30-4456-B889-73E4E49ED5D0}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817632) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{911BA216-ED30-4456-B889-73E4E49ED5D0}) (Version: - Microsoft)
    Update for Microsoft OneNote 2013 (KB2817467) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{ED00DC05-D24B-4847-B49B-7EF42A01D4D5}) (Version: - Microsoft)
    Update for Microsoft OneNote 2013 (KB2817467) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{ED00DC05-D24B-4847-B49B-7EF42A01D4D5}) (Version: - Microsoft)
    Update for Microsoft Outlook 2013 (KB2817629) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8557CF2E-CD50-418A-A533-751E6C8B8C28}) (Version: - Microsoft)
    Update for Microsoft Outlook 2013 (KB2817629) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6562E5D7-895A-4FC0-B907-72E42D79703A}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E158EB9F-E6CC-49E2-A098-2C6DF0D6B42B}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2013 (KB2810006) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CFC7B54A-AB18-487B-A035-7094E2F24AF1}) (Version: - Microsoft)
    Update for Microsoft SkyDrive Pro (KB2817622) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D4E8E649-C12B-4170-8A32-2D387CD5CED1}) (Version: - Microsoft)
    Update for Microsoft SkyDrive Pro (KB2817622) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5A59CF80-AA55-492B-900E-86793BCF013A}) (Version: - Microsoft)
    Update for Microsoft SkyDrive Pro (KB2817622) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D4E8E649-C12B-4170-8A32-2D387CD5CED1}) (Version: - Microsoft)
    Update for Microsoft SkyDrive Pro (KB2817622) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5A59CF80-AA55-492B-900E-86793BCF013A}) (Version: - Microsoft)
    Update for Microsoft Visio 2013 (KB2810008) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{54960E56-266C-417A-85F5-4769614C2694}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D1F1940B-94DF-4DCB-BF82-9530D7FBB1BF}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2817308) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A515EA5A-200F-498A-84DD-886D542A5281}) (Version: - Microsoft)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Windows Driver Package - ASUS (ATP) Mouse (11/09/2012 1.0.0.153) (HKLM\...\5AB9160B769DD2E134ADCB8010377DECA2479378) (Version: 11/09/2012 1.0.0.153 - ASUS)
    Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
    ==================== Restore Points =========================
    18-03-2014 13:58:22 Scheduled Checkpoint
    27-03-2014 11:35:46 Scheduled Checkpoint
    ==================== Hosts content: ==========================
    2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
    ==================== Scheduled Tasks (whitelisted) =============
    Task: {0991B92E-CB11-4FBB-924E-0FE522409861} - System32\Tasks\ASUS VivoBook => C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe [2012-11-21] (ASUSTeK Computer Inc.)
    Task: {0BD05AA1-11B0-4FB4-A6BD-5A856CCB6C8A} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-29] (ASUS)
    Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {23EA0B85-3F60-4038-9811-7E8537BCA152} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
    Task: {2430A1A1-66AD-4EB8-8E94-A5168734C94B} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
    Task: {24BFAAB9-BC29-465F-B924-D4BB277AA841} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-29] ()
    Task: {3C708CED-76CE-4FE8-866F-14A630F4E170} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CHER-cher Cher => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
    Task: {566AEA36-7882-4C5A-8C35-CCF173011F9A} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
    Task: {627254C9-776A-4F1D-95D3-1E04CCA8D35B} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
    Task: {630D007F-8E1A-45F7-BFD7-195CC698F70F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01] (Google Inc.)
    Task: {67BD01A4-0CD3-4111-8078-39C6A4764254} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-12-13] ()
    Task: {86734DA5-2C44-4B2A-A6A3-F378F346F3D9} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
    Task: {9791D852-C4ED-4354-B778-EE2C60D585D5} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
    Task: {A0F29767-A192-43C3-A8FF-13B98464D9F3} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
    Task: {A2476F7E-CC07-45E3-900A-5A76D40D8C56} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
    Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {B2AFE23A-A550-4B56-9320-716FCA5FD460} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {BC167D27-E47F-4250-8646-8F6DE50C5B55} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
    Task: {BC9B57D1-9251-4DE8-B1A5-1F5401CF8A68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01] (Google Inc.)
    Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {EB0BBEBD-8966-4971-A8D2-0FA60DCD51EC} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-11-20] (AsusTek)
    Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {F76DD862-60BA-48CF-9EB8-DC857102C5C4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    ==================== Loaded Modules (whitelisted) =============
    2011-06-17 08:49 - 2011-06-17 08:49 - 00034304 _____ () C:\Windows\System32\ssp8ml6.dll
    2013-07-10 19:31 - 2013-07-10 19:31 - 08865448 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
    2012-11-29 17:15 - 2012-11-29 17:15 - 00171224 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
    2013-01-30 07:25 - 2012-10-15 05:09 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
    2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-07-10 19:31 - 2013-07-10 19:31 - 08865448 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-01-24 21:07 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
    2014-01-24 21:07 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
    2014-01-24 21:07 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
    2014-01-24 21:07 - 2013-12-12 19:46 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
    2014-01-24 21:07 - 2013-10-16 23:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll
    2014-01-24 21:07 - 2013-05-16 20:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
    2014-01-24 21:07 - 2013-05-16 20:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
    2013-05-25 08:26 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    ==================== Alternate Data Streams (whitelisted) =========

    ==================== Safe Mode (whitelisted) ===================
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    ==================== Disabled items from MSCONFIG ==============
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S
    MSCONFIG\startupreg: ATLauncher => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createshortcuts:1
    MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
    MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
    MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
    MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
    MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    ==================== Faulty Device Manager Devices =============
    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (04/06/2014 10:20:34 AM) (Source: Customer Experience Improvement Program) (User: )
    Description: 80070005
    Error: (04/02/2014 07:46:39 PM) (Source: Customer Experience Improvement Program) (User: )
    Description: 80070005
    Error: (04/02/2014 03:42:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: CHER)
    Description: App Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo did not launch within its allotted time.
    Error: (04/02/2014 03:42:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: CHER)
    Description: Activation of application Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
    Error: (04/02/2014 03:42:35 PM) (Source: Application Error) (User: )
    Description: Faulting application name: wwahost.exe, version: 6.2.9200.16420, time stamp: 0x505a9152
    Faulting module name: EntPlat.dll, version: 1.0.927.0, time stamp: 0x4ffcd52b
    Exception code: 0xc0000005
    Fault offset: 0x0000000000008ad7
    Faulting process ID: 0x2c8
    Faulting application start time: 0xwwahost.exe0
    Faulting application path: wwahost.exe1
    Faulting module path: wwahost.exe2
    Report ID: wwahost.exe3
    Faulting package full name: wwahost.exe4
    Faulting package-relative application ID: wwahost.exe5
    Error: (04/01/2014 00:13:56 PM) (Source: Customer Experience Improvement Program) (User: )
    Description: 80070005
    Error: (03/28/2014 02:33:35 PM) (Source: Customer Experience Improvement Program) (User: )
    Description: 80070005
    Error: (03/27/2014 06:02:53 PM) (Source: Application Error) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16843, time stamp: 0x53096fea
    Faulting module name: Adblock.dll, version: 1.0.0.0, time stamp: 0x52bcfc32
    Exception code: 0xc0000005
    Fault offset: 0x0002130a
    Faulting process ID: 0x6dd8
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report ID: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5
    Error: (03/26/2014 10:38:36 AM) (Source: Application Error) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16843, time stamp: 0x53096fea
    Faulting module name: Adblock.dll, version: 1.0.0.0, time stamp: 0x52bcfc32
    Exception code: 0xc0000005
    Fault offset: 0x00025eda
    Faulting process ID: 0x72b0
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report ID: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5
    Error: (03/26/2014 09:24:57 AM) (Source: Customer Experience Improvement Program) (User: )
    Description: 80070005

    System errors:
    =============
    Error: (04/04/2014 02:21:07 PM) (Source: DCOM) (User: CHER)
    Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}ChercherS-1-5-21-2792565551-3794414492-4264910988-1001LocalHost (Using LRPC)UnavailableUnavailable
    Error: (04/04/2014 02:21:07 PM) (Source: DCOM) (User: CHER)
    Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}ChercherS-1-5-21-2792565551-3794414492-4264910988-1001LocalHost (Using LRPC)UnavailableUnavailable
    Error: (04/04/2014 02:21:06 PM) (Source: DCOM) (User: CHER)
    Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}ChercherS-1-5-21-2792565551-3794414492-4264910988-1001LocalHost (Using LRPC)UnavailableUnavailable
    Error: (04/04/2014 02:21:05 PM) (Source: DCOM) (User: CHER)
    Description: application-specificLocalActivation{A188DB29-2ABC-46CB-9A38-40B82CF5D051}{EA022610-0748-4C24-B229-6C507EBDFDBB}ChercherS-1-5-21-2792565551-3794414492-4264910988-1001LocalHost (Using LRPC)UnavailableUnavailable
    Error: (04/04/2014 02:16:29 PM) (Source: Schannel) (User: CHER)
    Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
    Error: (04/04/2014 02:16:29 PM) (Source: Schannel) (User: CHER)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.
    Error: (04/04/2014 09:03:20 AM) (Source: Service Control Manager) (User: )
    Description: The WajamUpdater service failed to start due to the following error:
    %%2
    Error: (04/04/2014 09:02:37 AM) (Source: EventLog) (User: )
    Description: The previous system shutdown at 17:43:13 on ‎03/‎04/‎2014 was unexpected.
    Error: (04/03/2014 11:03:54 AM) (Source: DCOM) (User: CHER)
    Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}ChercherS-1-5-21-2792565551-3794414492-4264910988-1001LocalHost (Using LRPC)UnavailableS-1-15-2-1625604918-572784044-3792628569-2913108312-1950804483-4121635801-1753345143
    Error: (04/03/2014 11:03:51 AM) (Source: DCOM) (User: CHER)
    Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}ChercherS-1-5-21-2792565551-3794414492-4264910988-1001LocalHost (Using LRPC)UnavailableS-1-15-2-1625604918-572784044-3792628569-2913108312-1950804483-4121635801-1753345143

    Microsoft Office Sessions:
    =========================
    Error: (04/06/2014 10:20:34 AM) (Source: Customer Experience Improvement Program)(User: )
    Description: 80070005
    Error: (04/02/2014 07:46:39 PM) (Source: Customer Experience Improvement Program)(User: )
    Description: 80070005
    Error: (04/02/2014 03:42:49 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: CHER)
    Description: Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo
    Error: (04/02/2014 03:42:37 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: CHER)
    Description: Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo-2147023170
    Error: (04/02/2014 03:42:35 PM) (Source: Application Error)(User: )
    Description: wwahost.exe6.2.9200.16420505a9152EntPlat.dll1.0.927.04ffcd52bc00000050000000000008ad72c801cf4e81c26f8440C:\Windows\system32\wwahost.exeC:\Program Files\WindowsApps\Microsoft.ZuneVideo_1.0.927.0_x64__8wekyb3d8bbwe\EntPlat.dll073c60b6-ba75-11e3-be97-68172912f100Microsoft.ZuneVideo_1.0.927.0_x64__8wekyb3d8bbweMicrosoft.ZuneVideo
    Error: (04/01/2014 00:13:56 PM) (Source: Customer Experience Improvement Program)(User: )
    Description: 80070005
    Error: (03/28/2014 02:33:35 PM) (Source: Customer Experience Improvement Program)(User: )
    Description: 80070005
    Error: (03/27/2014 06:02:53 PM) (Source: Application Error)(User: )
    Description: IEXPLORE.EXE10.0.9200.1684353096feaAdblock.dll1.0.0.052bcfc32c00000050002130a6dd801cf49b4b39d3215C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dlla257ab63-b5d1-11e3-be96-68172912f100
    Error: (03/26/2014 10:38:36 AM) (Source: Application Error)(User: )
    Description: IEXPLORE.EXE10.0.9200.1684353096feaAdblock.dll1.0.0.052bcfc32c000000500025eda72b001cf48456a44a8f6C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll67294b73-b4ca-11e3-be96-68172912f100
    Error: (03/26/2014 09:24:57 AM) (Source: Customer Experience Improvement Program)(User: )
    Description: 80070005
     
  5. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Hubbell Walker

    Thanks for the reports.

    Step 1
    Please uninstall the following (if they will)
    Bundled software uninstaller
    IObit Apps Toolbar

    Parts have already been removed by the earlier security tools, so this may hamper the uninstall .... let me know of any problems.

    I seriously recommend that this is removed as well:
    IObit Malware Fighter
    Iobit is not a company that i could recommend and would never have any of their software on my systems.
    Plus with AVG and MalwareBytes installed.... you have more than enough security.
    Too much is as bad as not enough.


    Step 2
    Be careful with this fix.
    You have 2 locations showing for FRST:
    You cannot run this fix from the temp internet files.

    Please download the attached fixlist.txt file (bottom of this post) and save it to the Download folder.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 and press the Fix button just once and wait.
    Your system will reboot when the fix has completed.
    The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.

    In your next reply, please submit:
    Fixlog.txt
    and let me know how the uninstall part went and any problems still being encountered.

    Thanks
     

    Attached Files:

  6. Hubbell Walker

    Hubbell Walker

    Joined:
    Apr 6, 2014
    Messages:
    3
    Operating System:
    Windows 8
    I removed Iobit and the toolbar, but the bundle software remover does not appear in add/remove? I've re scanned and pasted the results below.

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
    Ran by cher (administrator) on CHER on 06-04-2014 20:51:00
    Running from C:\Users\cher\Downloads
    Windows 8 (X64) OS Language: English(UK)
    Internet Explorer Version 10
    Boot Mode: Normal
    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
    (Microsoft Corporation) C:\Windows\system32\WLANExt.exe
    (ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    (Microsoft Corporation) C:\Windows\system32\dashost.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Intel Corporation) C:\Windows\system32\hkcmd.exe
    (Intel Corporation) C:\Windows\system32\igfxtray.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe
    (Intel Corporation) C:\Windows\system32\igfxpers.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Microsoft Corporation) C:\Windows\syswow64\wwahost.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
    HKLM-x32\...\Run: [ATUninstallIcon] - "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [ATLauncher] - "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createshortcuts:1
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2792565551-3794414492-4264910988-1001\...\Run: [AVG-Secure-Search-Update_1113a] - C:\Users\cher\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=f4d6cc185a4247d39d3cb95e6ff618f3-9b8cfdfe45246e743fe52e6c8939dcc5ae6aac78 /CMPID=1113a
    HKU\S-1-5-21-2792565551-3794414492-4264910988-1001\...\MountPoints2: {aa4da198-2ad1-11e3-be79-68172912f100} - "F:\SETUP.EXE"
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...EtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=305087029&ir=
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...EtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=305087029&ir=
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...EtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=305087029&ir=
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...EtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=305087029&ir=
    SearchScopes: HKCU - {A0A67264-14D2-4F6F-9837-821FC633011B} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
    BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
    Chrome:
    =======
    CHR HomePage: hxxp://www.google.co.uk/?gws_rd=cr&ei=iqnjUumUCqeV0QW8-YDQBQ
    CHR DefaultSearchKeyword: google.co.uk
    CHR Extension: (Google Docs) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-01]
    CHR Extension: (Google Drive) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-01]
    CHR Extension: (YouTube) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-01]
    CHR Extension: (Google Search) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-01]
    CHR Extension: (Google Wallet) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
    CHR Extension: (Gmail) - C:\Users\cher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-01]
    CHR HKLM-x32\...\Chrome\Extension: [debmkdhphjfcbaomiknnceliiclnpmfg] - C:\Program Files (x86)\Jump Flip\debmkdhphjfcbaomiknnceliiclnpmfg.crx [2013-10-01]
    ==================== Services (Whitelisted) =================
    R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
    R3 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
    R3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
    R3 WakeupService; C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe [42336 2012-11-16] (ASUSTek Computer Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
    R3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
    S3 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
    ==================== Drivers (Whitelisted) ====================
    R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation)
    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
    R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
    R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-06] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
    R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
    R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
    R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-17] (StdLib)
    R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
    U0 msahci;
    R4 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [X]
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2014-04-06 11:39 - 2014-04-06 20:51 - 00015386 _____ () C:\Users\cher\Downloads\FRST.txt
    2014-04-06 11:38 - 2014-04-06 11:38 - 02157056 _____ (Farbar) C:\Users\cher\Downloads\FRST64.exe
    2014-04-06 11:17 - 2014-04-06 11:20 - 00000000 ____D () C:\AdwCleaner
    2014-04-06 11:08 - 2014-04-06 20:51 - 00000000 ____D () C:\FRST
    2014-04-06 10:14 - 2014-04-06 20:43 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-04-06 10:12 - 2014-04-06 10:12 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-04-06 10:12 - 2014-04-06 10:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-06 10:12 - 2014-04-06 10:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-06 10:12 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-04-06 10:12 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-04-06 10:12 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-04-02 15:44 - 2014-04-02 15:44 - 00000000 ____D () C:\Users\cher\Desktop\860OKMZO
    2014-04-02 15:43 - 2014-04-02 15:55 - 00000000 ____D () C:\Users\cher\Desktop\Iphone photos
    2014-04-02 09:49 - 2014-04-02 09:49 - 00422160 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-03-28 14:10 - 2014-03-28 14:10 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
    2014-03-28 14:10 - 2014-03-28 14:10 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
    2014-03-17 10:34 - 2014-03-17 10:34 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
    2014-03-13 13:00 - 2014-03-13 13:00 - 00024840 ____H () C:\Users\cher\Desktop\~WRL0643.tmp
    2014-03-13 10:58 - 2014-02-23 09:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-03-13 10:57 - 2014-02-23 09:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-03-13 10:57 - 2014-02-23 09:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-03-13 10:57 - 2014-02-23 09:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
    2014-03-13 10:57 - 2014-02-23 09:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
    2014-03-13 10:57 - 2014-02-23 09:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-03-13 10:57 - 2014-02-23 09:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-03-13 10:57 - 2014-02-23 09:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-03-13 10:57 - 2014-02-23 09:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-03-13 10:57 - 2014-02-23 07:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-03-13 10:57 - 2014-02-23 07:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-03-13 10:57 - 2014-02-23 07:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-03-13 10:57 - 2014-02-23 07:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-03-13 10:57 - 2014-02-23 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-03-13 10:57 - 2014-02-23 07:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-03-13 10:57 - 2014-02-23 05:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
    2014-03-13 10:57 - 2014-02-08 05:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-03-13 10:57 - 2013-10-25 08:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
    2014-03-13 10:57 - 2013-10-24 23:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
    2014-03-13 10:52 - 2013-12-07 07:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-03-13 10:52 - 2013-12-07 06:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-03-13 10:51 - 2014-02-06 00:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-03-13 10:51 - 2014-02-06 00:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-03-13 10:51 - 2014-01-31 01:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-03-13 10:51 - 2014-01-31 01:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    ==================== One Month Modified Files and Folders =======
    2014-04-06 20:51 - 2014-04-06 11:39 - 00015386 _____ () C:\Users\cher\Downloads\FRST.txt
    2014-04-06 20:51 - 2014-04-06 11:08 - 00000000 ____D () C:\FRST
    2014-04-06 20:43 - 2014-04-06 10:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-04-06 20:39 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
    2014-04-06 19:00 - 2013-10-01 19:29 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-04-06 18:36 - 2013-12-13 22:43 - 00000000 ____D () C:\ProgramData\MFAData
    2014-04-06 11:38 - 2014-04-06 11:38 - 02157056 _____ (Farbar) C:\Users\cher\Downloads\FRST64.exe
    2014-04-06 11:27 - 2013-10-01 19:20 - 00000062 _____ () C:\Users\cher\AppData\Roaming\sp_data.sys
    2014-04-06 11:27 - 2013-05-25 08:37 - 00003028 _____ () C:\Windows\System32\Tasks\ASUS USB Charger Plus
    2014-04-06 11:27 - 2013-05-25 08:26 - 00003542 _____ () C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)
    2014-04-06 11:27 - 2012-07-26 08:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-04-06 11:26 - 2013-05-25 08:45 - 00003260 _____ () C:\Windows\System32\Tasks\ASUS Patch for Touch Panel
    2014-04-06 11:26 - 2013-05-25 08:39 - 00003056 _____ () C:\Windows\System32\Tasks\ASUS P4G
    2014-04-06 11:26 - 2013-05-25 08:39 - 00003004 _____ () C:\Windows\System32\Tasks\ASUS Splendid ColorU
    2014-04-06 11:26 - 2013-05-25 08:39 - 00002988 _____ () C:\Windows\System32\Tasks\ASUS Splendid ACMON
    2014-04-06 11:26 - 2013-05-25 08:37 - 00003114 _____ () C:\Windows\System32\Tasks\ASUS Live Update
    2014-04-06 11:23 - 2013-12-13 22:29 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
    2014-04-06 11:23 - 2013-10-01 19:29 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-04-06 11:22 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-04-06 11:21 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
    2014-04-06 11:20 - 2014-04-06 11:17 - 00000000 ____D () C:\AdwCleaner
    2014-04-06 10:42 - 2012-08-02 14:24 - 00046240 _____ () C:\Windows\PFRO.log
    2014-04-06 10:42 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\System
    2014-04-06 10:41 - 2012-07-26 06:26 - 00000399 _____ () C:\Windows\win.ini
    2014-04-06 10:12 - 2014-04-06 10:12 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-04-06 10:12 - 2014-04-06 10:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-06 10:12 - 2014-04-06 10:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-06 09:56 - 2014-02-24 16:12 - 00004936 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CHER-cher Cher
    2014-04-06 09:55 - 2013-12-09 11:04 - 00000000 ____D () C:\Users\cher\Desktop\Dreammaker
    2014-04-04 17:06 - 2014-01-07 17:00 - 00000000 ____D () C:\Users\cher\AppData\Roaming\FileZilla
    2014-04-04 15:43 - 2013-10-01 19:12 - 00000000 ____D () C:\Users\cher\AppData\Local\Packages
    2014-04-04 09:04 - 2013-10-08 19:25 - 00074752 ___SH () C:\Users\cher\Desktop\Thumbs.db
    2014-04-04 09:02 - 2012-11-27 05:11 - 00000000 ____D () C:\Program Files\mcafee
    2014-04-04 09:02 - 2012-11-27 05:11 - 00000000 ____D () C:\Program Files\Common Files\mcafee
    2014-04-03 09:51 - 2014-04-06 10:12 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-04-03 09:51 - 2014-04-06 10:12 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-04-03 09:50 - 2014-04-06 10:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-04-02 22:06 - 2013-11-11 14:48 - 00130048 _____ () C:\Users\cher\Desktop\Cher Bears Nursery finance.xls
    2014-04-02 15:55 - 2014-04-02 15:43 - 00000000 ____D () C:\Users\cher\Desktop\Iphone photos
    2014-04-02 15:44 - 2014-04-02 15:44 - 00000000 ____D () C:\Users\cher\Desktop\860OKMZO
    2014-04-02 09:53 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2014-04-02 09:49 - 2014-04-02 09:49 - 00422160 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-03-31 10:55 - 2013-10-01 19:29 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-03-31 10:55 - 2013-10-01 19:29 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-03-28 14:10 - 2014-03-28 14:10 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
    2014-03-28 14:10 - 2014-03-28 14:10 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
    2014-03-26 09:02 - 2013-10-25 15:56 - 00000000 ____D () C:\Users\cher\AppData\Local\Windows Live
    2014-03-17 10:34 - 2014-03-17 10:34 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
    2014-03-14 22:22 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
    2014-03-14 17:37 - 2013-10-01 19:13 - 00000000 ___RD () C:\Users\cher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-03-14 17:37 - 2013-10-01 19:13 - 00000000 ___RD () C:\Users\cher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-03-14 17:33 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
    2014-03-14 17:33 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-03-14 17:33 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-03-14 17:33 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-03-14 17:33 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-03-13 23:19 - 2013-10-01 19:12 - 01700383 _____ () C:\Windows\WindowsUpdate.log
    2014-03-13 13:00 - 2014-03-13 13:00 - 00024840 ____H () C:\Users\cher\Desktop\~WRL0643.tmp
    2014-03-12 12:17 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
    Files to move or delete:
    ====================
    C:\ProgramData\SetStretch.exe
    C:\ProgramData\SetStretch.VBS

    Some content of TEMP:
    ====================
    C:\Users\cher\AppData\Local\Temp\40196uninstall.exe
    C:\Users\cher\AppData\Local\Temp\BackupSetup.exe
    C:\Users\cher\AppData\Local\Temp\ose00000.exe
    C:\Users\cher\AppData\Local\Temp\PidGenX.dll
    C:\Users\cher\AppData\Local\Temp\Quarantine.exe
    C:\Users\cher\AppData\Local\Temp\Sqlite3.dll
    C:\Users\cher\AppData\Local\Temp\vcredist_x64.exe
    C:\Users\cher\AppData\Local\Temp\{EE15AECD-6666-4A26-B6A2-96FC7853C7C7}-33.0.1750.117_32.0.1700.107_chrome_updater.exe

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2014-03-28 14:40
    ==================== End Of Log ============================
     
  7. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Hubbell Walker

    Unfortunately you seemed to have clicked the Scan button instead of the Fix button.
    The entries we needed to remove are still showing in the report.
    But the good news is that the report is showing that the programs you removed are showing some leftover entries.
    So i'll add those to the fixlist and post a new one at the end of this post.
    If you did download the old fixlist to your download folder, please right click on it and select delete.
    You don't want both fixlists in the download folder.

    Please download the attached fixlist.txt file (bottom of this post) and save it to your Download folder.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Open FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.

    Thanks
     

    Attached Files:

: 1n

Share This Page