A virus and trojan?

tavernman

FRST part 4
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-21]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-02-21]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-3283957363-4085636639-3448929423-1002\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
Chrome:
=======
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1421607892&from=air&uid=HitachiXHTS545050A7E380_TA85113VCSDZJNCSDZJNX
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1421607892&from=air&uid=HitachiXHTS545050A7E380_TA85113VCSDZJNCSDZJNX"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Profile: C:\Users\Aaroncaz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Aaroncaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-21]
CHR Extension: (Google Drive) - C:\Users\Aaroncaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Aaroncaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Aaroncaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-21]
CHR Extension: (Adblock Plus) - C:\Users\Aaroncaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-18]
CHR Extension: (Google Search) - C:\Users\Aaroncaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-21]
CHR Extension: (Avast Online Security) - C:\Users\Aaroncaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-19]
CHR Extension: (Google Wallet) - C:\Users\Aaroncaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Gmail) - C:\Users\Aaroncaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-21]
CHR Extension: (RoboForm) - C:\Users\Aaroncaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-01-18]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-01-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-25]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-01-18]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

tavernman

FRST part 5
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-25] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-25] (Avast Software)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-06-24] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 cae99edb; "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [65776 2014-11-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-25] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [267632 2014-11-25] ()
R3 ATP; C:\Windows\system32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\system32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 kbfiltr; C:\Windows\system32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 USBAAPL64; C:\Windows\system32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-25] (Avast Software)
S3 WdNisDrv; C:\Windows\system32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-18 19:59 - 2015-01-18 20:09 - 00000000 ____D () C:\FRST
2015-01-18 19:55 - 2015-01-18 19:55 - 00001222 _____ () C:\Users\Aaroncaz\Desktop\JRT.txt
2015-01-18 19:42 - 2015-01-18 19:42 - 00000000 ____D () C:\Users\Aaroncaz\Desktop\Old Firefox Data
2015-01-18 19:26 - 2015-01-18 19:28 - 00000197 _____ () C:\WINDOWS\system32\2015-01-18-19-26-55.033-AvastVBoxSVC.exe-3636.log
2015-01-18 19:25 - 2015-01-18 19:25 - 00002074 _____ () C:\WINDOWS\PFRO.log
2015-01-18 19:25 - 2015-01-18 19:25 - 00000077 _____ () C:\WINDOWS\setupact.log
2015-01-18 19:25 - 2015-01-18 19:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-18 19:21 - 2015-01-18 19:21 - 02186752 _____ () C:\Users\Aaroncaz\Downloads\adwcleaner_4.108.exe
2015-01-18 19:16 - 2015-01-18 19:24 - 00028611 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-18 19:15 - 2015-01-18 19:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-18 18:50 - 2015-01-18 18:50 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2015-01-18 18:47 - 2015-01-18 18:47 - 00065044 _____ () C:\Users\Aaroncaz\Documents\2.reg
2015-01-18 18:46 - 2015-01-18 18:46 - 00000420 _____ () C:\Users\Aaroncaz\Documents\ccleanerbackup.reg
2015-01-18 18:35 - 2015-01-18 18:35 - 00002778 _____ () C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2015-01-18 18:35 - 2015-01-18 18:35 - 00000796 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-18 18:35 - 2015-01-18 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-18 18:35 - 2015-01-18 18:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-18 14:08 - 2015-01-18 14:10 - 00000197 _____ () C:\WINDOWS\system32\2015-01-18-14-08-01.035-AvastVBoxSVC.exe-4416.log
2015-01-17 20:53 - 2014-12-19 06:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-17 20:53 - 2014-12-12 02:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-17 20:53 - 2014-12-12 00:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-17 20:53 - 2014-12-09 01:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-17 20:53 - 2014-12-08 19:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-17 20:53 - 2014-12-08 19:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-17 20:53 - 2014-12-08 19:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SySWOW64\wer.dll
2015-01-17 20:53 - 2014-12-08 19:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-17 20:53 - 2014-12-08 19:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SySWOW64\Faultrep.dll
2015-01-17 20:53 - 2014-12-08 19:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-17 20:53 - 2014-12-08 19:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-17 20:53 - 2014-12-08 19:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SySWOW64\WerFaultSecure.exe
2015-01-17 20:53 - 2014-12-06 03:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-17 20:53 - 2014-12-06 01:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-17 20:53 - 2014-12-06 01:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-17 20:53 - 2014-10-29 04:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-17 20:53 - 2014-10-29 04:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-17 20:53 - 2014-10-29 03:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-17 20:53 - 2014-10-29 03:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-17 20:53 - 2014-10-29 03:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-17 20:53 - 2014-10-29 03:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-17 20:53 - 2014-10-29 03:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SySWOW64\WerFault.exe
2015-01-17 20:53 - 2014-10-29 03:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SySWOW64\wermgr.exe
2015-01-17 20:53 - 2014-10-29 03:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SySWOW64\AudioEng.dll
2015-01-17 20:53 - 2014-10-29 03:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SySWOW64\AudioSes.dll
2015-01-17 20:53 - 2014-10-29 03:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SySWOW64\AUDIOKSE.dll
2015-01-17 20:53 - 2014-10-29 02:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-17 20:53 - 2014-10-29 01:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SySWOW64\werdiagcontroller.dll
2015-01-17 20:53 - 2014-10-29 01:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-17 20:53 - 2014-10-29 01:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-17 20:53 - 2014-10-29 01:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SySWOW64\nlaapi.dll

aaroncaz

GT60 wrote: »

How about just doing a fresh OS install?
I am in 24 /7 so willing to hold hands
if no one else is about or can do what Gunjack says

Thanks but as it affected multiple devices though the phoes are ok now, is it the latop or the wifi/router?

tavernman

FRST part 6
2015-01-17 20:26 - 2015-01-17 20:26 - 00000197 _____ () C:\WINDOWS\system32\2015-01-17-20-26-00.018-AvastVBoxSVC.exe-4600.log
2015-01-17 20:24 - 2014-11-25 20:40 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-01-17 16:40 - 2015-01-17 19:58 - 00000000 ____D () C:\Netgear
2015-01-17 09:55 - 2015-01-17 09:55 - 00001044 _____ () C:\Users\Aaroncaz\Documents\mal17.txt
2015-01-17 08:17 - 2015-01-17 08:17 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-16 23:35 - 2015-01-16 23:46 - 00000000 _____ () C:\Users\Aaroncaz\nslookup
2015-01-16 23:02 - 2015-01-16 23:08 - 00000197 _____ () C:\WINDOWS\system32\2015-01-16-23-02-31.000-AvastVBoxSVC.exe-3696.log
2015-01-16 22:54 - 2015-01-18 19:24 - 00000000 ____D () C:\AdwCleaner
2015-01-16 22:36 - 2015-01-16 22:36 - 00001487 _____ () C:\Users\Aaroncaz\Documents\mal44.txt
2015-01-16 22:30 - 2015-01-16 22:30 - 00001042 _____ () C:\mal.txt
2015-01-16 21:22 - 2015-01-16 21:22 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-16 21:07 - 2015-01-17 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-16 21:07 - 2015-01-16 21:08 - 00000197 _____ () C:\WINDOWS\system32\2015-01-16-21-07-13.081-AvastVBoxSVC.exe-5616.log
2015-01-16 20:00 - 2015-01-16 20:02 - 00000197 _____ () C:\WINDOWS\system32\2015-01-16-20-00-11.058-AvastVBoxSVC.exe-4452.log
2015-01-16 07:29 - 2015-01-16 07:29 - 00001445 _____ () C:\Users\Aaroncaz\Documents\malware.txt
2015-01-15 23:02 - 2015-01-15 23:06 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-23-02-02.052-AvastVBoxSVC.exe-3184.log
2015-01-14 07:44 - 2015-01-14 07:44 - 00000197 _____ () C:\WINDOWS\system32\2015-01-14-07-44-46.078-AvastVBoxSVC.exe-4480.log
2015-01-13 11:22 - 2015-01-13 11:22 - 00000000 ____D () C:\Users\Aaroncaz\AppData\Local\Trusteer
2015-01-13 11:21 - 2015-01-13 11:21 - 00000000 ____D () C:\Program Files (x86)\Trusteer
2015-01-13 11:20 - 2015-01-13 11:20 - 00000000 ____D () C:\ProgramData\Trusteer
2015-01-06 12:00 - 2015-01-06 12:00 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-06 12:00 - 2015-01-06 12:00 - 00002041 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-01-06 11:59 - 2015-01-17 18:56 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-05 19:20 - 2015-01-05 19:21 - 00000197 _____ () C:\WINDOWS\system32\2015-01-05-19-20-13.095-AvastVBoxSVC.exe-3388.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-18 20:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-18 20:02 - 2013-02-21 22:46 - 00004182 _____ () C:\WINDOWS\system32\Tasks\avast! Emergency Update
2015-01-18 19:57 - 2013-02-21 19:12 - 00003598 _____ () C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3283957363-4085636639-3448929423-1002
2015-01-18 19:41 - 2013-02-26 07:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-18 19:40 - 2013-02-21 19:20 - 00004130 _____ () C:\WINDOWS\system32\Tasks\Open URL by RoboForm
2015-01-18 19:40 - 2013-02-21 19:20 - 00003502 _____ () C:\WINDOWS\system32\Tasks\Run RoboForm TaskBar Icon
2015-01-18 19:40 - 2013-02-21 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2015-01-18 19:36 - 2013-03-07 12:56 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-18 19:33 - 2013-02-21 19:19 - 00000000 ____D () C:\Users\Aaroncaz\AppData\Roaming\RoboForm
2015-01-18 19:29 - 2013-02-21 19:23 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 19:27 - 2013-02-21 19:06 - 00000380 _____ () C:\Users\Aaroncaz\AppData\Roaming\sp_data.sys
2015-01-18 19:26 - 2013-02-21 19:23 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 19:25 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-18 19:25 - 2013-02-21 19:24 - 00000000 ____D () C:\Program Files\Google
2015-01-18 19:25 - 2013-02-21 19:23 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-18 19:24 - 2014-06-03 16:36 - 00000967 _____ () C:\Users\Aaroncaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-18 19:24 - 2013-08-22 13:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-18 19:24 - 2013-02-26 07:22 - 00001079 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-18 19:24 - 2013-02-26 07:22 - 00001067 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-18 19:24 - 2013-02-21 22:48 - 00001312 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-18 19:24 - 2013-02-21 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-18 19:04 - 2013-02-21 19:23 - 00000000 ____D () C:\ProgramData\Google
2015-01-18 19:04 - 2013-02-21 19:18 - 00000000 ____D () C:\Users\Aaroncaz\AppData\Local\Google
2015-01-18 18:41 - 2014-06-03 16:45 - 00000000 ___DC () C:\WINDOWS\Panther
2015-01-18 14:13 - 2014-06-03 16:45 - 00003946 _____ () C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{0588043D-6016-4115-80B5-2DF3753A002F}
2015-01-18 11:20 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-17 21:11 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-17 20:36 - 2013-03-07 12:56 - 00003718 _____ () C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2015-01-17 20:25 - 2014-11-25 20:41 - 00001942 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-17 20:18 - 2014-06-03 16:01 - 00000000 ____D () C:\Users\Aaroncaz
2015-01-17 20:14 - 2014-07-10 10:15 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-01-17 20:14 - 2014-06-03 16:01 - 00000000 ____D () C:\Users\Administrator
2015-01-17 20:14 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\Globalization
2015-01-17 20:14 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-01-17 20:14 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-01-17 20:14 - 2012-09-06 03:22 - 00000000 ____D () C:\ProgramData\P4G
2015-01-17 19:59 - 2014-06-29 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-17 19:59 - 2014-02-04 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-01-17 19:59 - 2014-02-04 14:12 - 00000000 ____D () C:\ProgramData\Sony
2015-01-17 19:59 - 2013-02-21 18:59 - 00000000 ____D () C:\Users\Aaroncaz\AppData\Local\ASUS
2015-01-17 19:58 - 2014-06-29 10:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-17 19:58 - 2014-02-04 14:12 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-01-17 19:58 - 2012-09-06 03:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-17 19:30 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\registration
2015-01-17 18:59 - 2012-08-17 00:52 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-17 16:12 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-16 22:31 - 2014-06-15 19:02 - 00156160 ___SH () C:\Users\Aaroncaz\Downloads\Thumbs.db
2015-01-14 08:34 - 2013-07-28 09:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-06 12:02 - 2013-02-22 12:41 - 00000000 ____D () C:\Users\Aaroncaz\AppData\Local\Adobe
2015-01-06 00:08 - 2014-12-10 07:55 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SySWOW64\FlashPlayerApp.exe
2015-01-06 00:08 - 2014-12-10 07:55 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SySWOW64\FlashPlayerCPLApp.cpl
2015-01-05 19:18 - 2013-08-22 13:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI(208)
2015-01-05 19:18 - 2013-08-22 13:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI(111)
==================== Files in the root of some directories =======
2013-02-21 19:06 - 2015-01-18 19:27 - 0000380 _____ () C:\Users\Aaroncaz\AppData\Roaming\sp_data.sys
2013-02-21 19:18 - 2013-02-21 19:18 - 0338815 _____ () C:\Users\Aaroncaz\AppData\Local\speeddial.crx
2012-08-17 00:52 - 2012-07-30 06:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-17 00:52 - 2009-07-22 10:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe

Some content of TEMP:
====================
C:\Users\Aaroncaz\AppData\Local\Temp\Quarantine.exe
C:\Users\Aaroncaz\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SySWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SySWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SySWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SySWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-18 14:22
==================== End Of Log ============================

tavernman

Morning, finally got the log posted, I need to go out and purchase some tiles this morning , but I will come back again, It could be one or other of the pcs which is doing thiis.

As GJ suggested lets also have a look at your hosts
so opend a CMD prompt and enter this -
notepad C:\Windows\System32\Drivers\etc\HOSTS
and post that

tavernman

I also note that you have a proxy on port 58821
ProxyServer: [.DEFAULT] => xttp=127.0.0.1:58821;xttps=127.0.0.1:58821
and this looks suspicious too

DPF: HKLM-x32 {745395C8-D0E1-4227-8586-624CA9A10A8D} xttp://88.26.216.90/activex/AMC.cab

aaroncaz

tavernman wrote: »

I also note that you have a proxy on port 58821
ProxyServer: [.DEFAULT] => xttp=127.0.0.1:58821;xttps=127.0.0.1:58821
and this looks suspicious too

DPF: HKLM-x32 {745395C8-D0E1-4227-8586-624CA9A10A8D} xttp://88.26.216.90/activex/AMC.cab

Morning. Do I do anything with it?

tavernman

WIll research , can you post your hosts file ^^^^two posts up and for an avast scan on boot https://www.avast.com/en-gb/faq.php?article=AVKB132#artTitle

aaroncaz

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

aaroncaz

tavernman wrote: »

Morning, finally got the log posted, I need to go out and purchase some tiles this morning , but I will come back again, It could be one or other of the pcs which is doing thiis.

As GJ suggested lets also have a look at your hosts
so opend a CMD prompt and enter this -
notepad C:\Windows\System32\Drivers\etc\HOSTS
and post that

Cant get this to work.