Jump to content

Possible Infection


Recommended Posts

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
P2P/Piracy Warning:
  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

    Please copy and paste these logs in your next reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-08-2014

Ran by Bobs (administrator) on BOBS-PC on 15-08-2014 18:23:30

Running from C:\Users\Bobs\Desktop

Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILFE.EXE

(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-11-03] (Intel Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-2028160917-3071815627-2566426118-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILFE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2028160917-3071815627-2566426118-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-30] (Google Inc.)

HKU\S-1-5-21-2028160917-3071815627-2566426118-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-14] (SUPERAntiSpyware)

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bobs\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bobs\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bobs\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bobs\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com?cid={3B7D9441-CD9F-499B-8767-B9E8A043CF30}&mid=dc5ae135f08147d28e98d16dcaaf9e45-97284ab4ed93cc8b8a4b5969749b4f8864625f57〈=&ds=&coid=&cmpid=&pr=&d=&v=18.1.0.443&pid=safeguard&sg=&sap=hp

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=92&bd=Presario&pf=cndt

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type={partner_id}

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=92&bd=Presario&pf=cndt

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=92&bd=Presario&pf=cndt

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=92&bd=Presario&pf=cndt

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=92&bd=Presario&pf=cndt

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - {6332EB9C-7887-4616-8ECD-33ADC081CA2B} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

SearchScopes: HKLM - {6626D70A-0053-4363-A9B7-6670C4C043B0} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb

SearchScopes: HKLM - {D34B3EE1-59E7-40F9-9082-1FF3FE8A8D71} URL = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

SearchScopes: HKLM-x32 - {6332EB9C-7887-4616-8ECD-33ADC081CA2B} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

SearchScopes: HKLM-x32 - {6626D70A-0053-4363-A9B7-6670C4C043B0} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb

SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}

SearchScopes: HKLM-x32 - {D34B3EE1-59E7-40F9-9082-1FF3FE8A8D71} URL = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

SearchScopes: HKCU - {6332EB9C-7887-4616-8ECD-33ADC081CA2B} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

SearchScopes: HKCU - {6626D70A-0053-4363-A9B7-6670C4C043B0} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb

SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}

SearchScopes: HKCU - {D34B3EE1-59E7-40F9-9082-1FF3FE8A8D71} URL = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-06]

FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on

FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-04-06]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-13]

Chrome:

=======

CHR HomePage: hxxp://www.google.com/

CHR StartupUrls: "hxxp://www.google.com/"

CHR Extension: (Google Docs) - C:\Users\Bobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-06]

CHR Extension: (Google Drive) - C:\Users\Bobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-06]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]

CHR Extension: (YouTube) - C:\Users\Bobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-06]

CHR Extension: (Google Search) - C:\Users\Bobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-06]

CHR Extension: (Google Wallet) - C:\Users\Bobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-06]

CHR Extension: (Gmail) - C:\Users\Bobs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-06]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-24] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-24] (AVAST Software)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]

R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]

R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-10-22] (Hewlett-Packard Company) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X]

S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-24] ()

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-24] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-24] (AVAST Software)

R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2014-04-14] (ALWIL Software)

R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [329968 2014-07-24] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-07-24] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-24] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-24] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-24] (AVAST Software)

R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-07-24] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-24] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-15] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-08-03] ()

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\ENG64.SYS [X]

S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\EX64.SYS [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [X]

S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]

S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 18:23 - 2014-08-15 18:26 - 00018438 _____ () C:\Users\Bobs\Desktop\FRST.txt

2014-08-15 18:21 - 2014-08-15 18:22 - 02100224 _____ (Farbar) C:\Users\Bobs\Desktop\FRST64.exe

2014-08-10 11:23 - 2014-08-10 11:23 - 00001184 _____ () C:\Users\Bobs\Desktop\Malwarebytes Anti-Malware - Shortcut.lnk

2014-08-10 11:22 - 2014-08-10 11:22 - 00001139 _____ () C:\Users\Bobs\Desktop\SUPERAntiSpyware - Shortcut.lnk

2014-08-10 11:15 - 2014-08-10 11:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bobs\Desktop\mbam-setup-2.0.2.1012.exe

2014-08-09 16:42 - 2014-08-09 16:42 - 00000000 ____D () C:\Windows\System32\Tasks\Apple

2014-08-09 16:42 - 2014-08-09 16:42 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

2014-08-07 09:30 - 2014-08-07 09:30 - 00001722 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2014-08-07 09:30 - 2014-08-07 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2014-08-07 09:29 - 2014-08-15 18:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2014-08-03 10:49 - 2014-08-03 10:49 - 18549136 _____ (SUPERAntiSpyware) C:\Users\Bobs\Downloads\SUPERAntiSpyware.exe

2014-08-03 10:46 - 2014-08-03 10:46 - 04813544 _____ (Piriform Ltd) C:\Users\Bobs\Downloads\ccsetup416 (1).exe

2014-08-03 10:45 - 2014-08-03 10:45 - 04813544 _____ (Piriform Ltd) C:\Users\Bobs\Downloads\ccsetup416.exe

2014-08-03 10:44 - 2014-08-03 10:44 - 00000000 ____D () C:\Users\Bobs\Desktop\FileHippo.com

2014-08-03 10:43 - 2014-08-03 10:43 - 00264757 _____ () C:\Users\Bobs\Downloads\FHSetup (4).exe

2014-08-03 10:26 - 2014-08-03 10:27 - 00000000 ____D () C:\Users\Bobs\AppData\Local\{52BAE69B-504F-4BE7-9A1B-F886C57A3453}

2014-08-03 10:26 - 2014-08-03 10:26 - 00000000 ____D () C:\Users\Bobs\Tracing

2014-08-03 10:08 - 2014-08-03 10:08 - 00000000 ____D () C:\Windows\en

2014-08-03 10:06 - 2014-08-03 10:06 - 00001218 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk

2014-08-03 10:05 - 2014-08-03 10:06 - 00001287 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk

2014-08-03 10:04 - 2014-08-03 10:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2014-08-03 10:03 - 2014-08-03 10:03 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

2014-08-03 10:02 - 2014-08-03 10:02 - 00002085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk

2014-08-03 10:00 - 2014-08-03 10:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

2014-08-03 10:00 - 2012-03-08 18:40 - 00048488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys

2014-08-03 09:59 - 2014-08-03 10:09 - 00000000 ____D () C:\Program Files (x86)\Windows Live

2014-08-03 09:59 - 2014-08-03 09:59 - 00000000 ____D () C:\Program Files\Windows Live

2014-08-03 09:56 - 2014-08-05 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-08-03 09:56 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll

2014-08-03 09:56 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll

2014-08-03 09:56 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll

2014-08-03 09:56 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll

2014-08-03 09:56 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll

2014-08-03 09:56 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll

2014-08-03 09:55 - 2014-08-07 08:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-08-03 09:54 - 2014-08-03 10:25 - 00000000 ____D () C:\Users\Bobs\AppData\Local\Windows Live

2014-08-03 09:53 - 2009-08-04 09:12 - 01103872 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll

2014-08-03 09:53 - 2009-08-04 09:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll

2014-08-03 09:53 - 2006-11-10 16:25 - 00525792 _____ (Microsoft Corporation) C:\Windows\system32\difxapi.dll

2014-08-03 09:47 - 2014-08-03 09:47 - 00264757 _____ () C:\Users\Bobs\Downloads\FHSetup (3).exe

2014-08-01 19:22 - 2014-08-01 19:22 - 00046272 _____ () C:\Users\Bobs\Downloads\CheckResults (2).txt

2014-08-01 00:01 - 2014-08-01 00:01 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Bobs\Downloads\mbam-check-2.1.1.1001.exe

2014-07-31 23:39 - 2014-08-03 08:48 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys

2014-07-31 23:39 - 2014-07-31 23:39 - 00945136 _____ (SlimWare Utilities, Inc.) C:\Users\Bobs\Downloads\DriverUpdate-setup (2).exe

2014-07-31 23:39 - 2014-07-31 23:39 - 00427122 _____ () C:\Users\Bobs\AppData\Local\dd_vcredistMSI71B3.txt

2014-07-31 23:39 - 2014-07-31 23:39 - 00013204 _____ () C:\Users\Bobs\AppData\Local\dd_vcredistUI71B3.txt

2014-07-31 23:39 - 2014-07-31 23:39 - 00000000 ____D () C:\Users\Bobs\AppData\Local\SlimWare Utilities Inc

2014-07-31 23:38 - 2014-07-31 23:38 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers

2014-07-31 23:37 - 2014-07-31 23:37 - 00945136 _____ (SlimWare Utilities, Inc.) C:\Users\Bobs\Downloads\DriverUpdate-setup.exe

2014-07-31 23:37 - 2014-07-31 23:37 - 00945136 _____ (SlimWare Utilities, Inc.) C:\Users\Bobs\Downloads\DriverUpdate-setup (1).exe

2014-07-31 23:30 - 2014-07-31 23:30 - 05513976 _____ (ReviverSoft LLC) C:\Users\Bobs\Downloads\RegistryReviverSetup.exe

2014-07-28 08:40 - 2014-07-28 08:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2014-07-25 10:09 - 2014-07-25 10:09 - 00001763 _____ () C:\Users\Bobs\Downloads\WANTED Ladies Bike (Inverurie).eml

2014-07-24 09:34 - 2014-07-24 09:34 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-07-22 23:15 - 2014-07-22 23:15 - 00000000 _____ () C:\Users\Bobs\AppData\Local\{A74875F2-CB1C-4BA1-94A7-137D09899953}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 18:26 - 2014-08-15 18:23 - 00018438 _____ () C:\Users\Bobs\Desktop\FRST.txt

2014-08-15 18:23 - 2014-04-27 16:19 - 00000000 ____D () C:\FRST

2014-08-15 18:22 - 2014-08-15 18:21 - 02100224 _____ (Farbar) C:\Users\Bobs\Desktop\FRST64.exe

2014-08-15 18:21 - 2014-04-06 15:36 - 02070116 _____ () C:\Windows\WindowsUpdate.log

2014-08-15 18:17 - 2014-08-07 09:29 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2014-08-15 18:17 - 2014-06-26 07:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-15 18:16 - 2014-04-13 11:39 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-08-15 18:15 - 2014-04-07 10:24 - 00003880 _____ () C:\Windows\system32\spsys.log

2014-08-15 18:15 - 2014-04-06 16:17 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-15 18:15 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-15 18:15 - 2006-11-02 16:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-15 18:15 - 2006-11-02 16:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-14 20:10 - 2006-11-02 16:42 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-08-14 19:45 - 2014-04-06 16:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-14 18:57 - 2014-04-06 16:29 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ec3cb67b-3c0f-4135-bd0e-da40204f5bac.job

2014-08-10 11:23 - 2014-08-10 11:23 - 00001184 _____ () C:\Users\Bobs\Desktop\Malwarebytes Anti-Malware - Shortcut.lnk

2014-08-10 11:22 - 2014-08-10 11:22 - 00001139 _____ () C:\Users\Bobs\Desktop\SUPERAntiSpyware - Shortcut.lnk

2014-08-10 11:16 - 2014-08-10 11:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bobs\Desktop\mbam-setup-2.0.2.1012.exe

2014-08-09 16:42 - 2014-08-09 16:42 - 00000000 ____D () C:\Windows\System32\Tasks\Apple

2014-08-09 16:42 - 2014-08-09 16:42 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

2014-08-09 16:42 - 2014-06-28 16:17 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2014-08-07 09:30 - 2014-08-07 09:30 - 00001722 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2014-08-07 09:30 - 2014-08-07 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2014-08-07 08:47 - 2014-08-03 09:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-08-05 03:02 - 2014-08-03 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-08-04 10:36 - 2014-04-28 09:31 - 00000000 ____D () C:\Program Files\CCleaner

2014-08-03 10:49 - 2014-08-03 10:49 - 18549136 _____ (SUPERAntiSpyware) C:\Users\Bobs\Downloads\SUPERAntiSpyware.exe

2014-08-03 10:46 - 2014-08-03 10:46 - 04813544 _____ (Piriform Ltd) C:\Users\Bobs\Downloads\ccsetup416 (1).exe

2014-08-03 10:45 - 2014-08-03 10:45 - 04813544 _____ (Piriform Ltd) C:\Users\Bobs\Downloads\ccsetup416.exe

2014-08-03 10:44 - 2014-08-03 10:44 - 00000000 ____D () C:\Users\Bobs\Desktop\FileHippo.com

2014-08-03 10:44 - 2014-05-15 19:26 - 00001570 _____ () C:\Users\Bobs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk

2014-08-03 10:43 - 2014-08-03 10:43 - 00264757 _____ () C:\Users\Bobs\Downloads\FHSetup (4).exe

2014-08-03 10:37 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\rescache

2014-08-03 10:27 - 2014-08-03 10:26 - 00000000 ____D () C:\Users\Bobs\AppData\Local\{52BAE69B-504F-4BE7-9A1B-F886C57A3453}

2014-08-03 10:26 - 2014-08-03 10:26 - 00000000 ____D () C:\Users\Bobs\Tracing

2014-08-03 10:26 - 2014-04-06 15:40 - 00000000 ____D () C:\Users\Bobs

2014-08-03 10:25 - 2014-08-03 09:54 - 00000000 ____D () C:\Users\Bobs\AppData\Local\Windows Live

2014-08-03 10:19 - 2014-04-06 15:53 - 00078472 _____ () C:\Users\Bobs\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-03 10:18 - 2006-11-02 16:21 - 00318896 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-03 10:09 - 2014-08-03 09:59 - 00000000 ____D () C:\Program Files (x86)\Windows Live

2014-08-03 10:08 - 2014-08-03 10:08 - 00000000 ____D () C:\Windows\en

2014-08-03 10:08 - 2014-08-03 10:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

2014-08-03 10:06 - 2014-08-03 10:06 - 00001218 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk

2014-08-03 10:06 - 2014-08-03 10:05 - 00001287 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk

2014-08-03 10:04 - 2014-08-03 10:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2014-08-03 10:03 - 2014-08-03 10:03 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

2014-08-03 10:02 - 2014-08-03 10:02 - 00002085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk

2014-08-03 09:59 - 2014-08-03 09:59 - 00000000 ____D () C:\Program Files\Windows Live

2014-08-03 09:59 - 2006-11-02 14:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-08-03 09:57 - 2014-04-06 15:51 - 00000000 ____D () C:\Users\Bobs\AppData\Local\VirtualStore

2014-08-03 09:56 - 2014-06-28 16:22 - 00075660 _____ () C:\Windows\DirectX.log

2014-08-03 09:52 - 2009-03-16 17:31 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM

2014-08-03 09:47 - 2014-08-03 09:47 - 00264757 _____ () C:\Users\Bobs\Downloads\FHSetup (3).exe

2014-08-03 08:48 - 2014-07-31 23:39 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys

2014-08-01 19:22 - 2014-08-01 19:22 - 00046272 _____ () C:\Users\Bobs\Downloads\CheckResults (2).txt

2014-08-01 19:03 - 2014-05-02 16:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys

2014-08-01 00:01 - 2014-08-01 00:01 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Bobs\Downloads\mbam-check-2.1.1.1001.exe

2014-07-31 23:39 - 2014-07-31 23:39 - 00945136 _____ (SlimWare Utilities, Inc.) C:\Users\Bobs\Downloads\DriverUpdate-setup (2).exe

2014-07-31 23:39 - 2014-07-31 23:39 - 00427122 _____ () C:\Users\Bobs\AppData\Local\dd_vcredistMSI71B3.txt

2014-07-31 23:39 - 2014-07-31 23:39 - 00013204 _____ () C:\Users\Bobs\AppData\Local\dd_vcredistUI71B3.txt

2014-07-31 23:39 - 2014-07-31 23:39 - 00000000 ____D () C:\Users\Bobs\AppData\Local\SlimWare Utilities Inc

2014-07-31 23:38 - 2014-07-31 23:38 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers

2014-07-31 23:37 - 2014-07-31 23:37 - 00945136 _____ (SlimWare Utilities, Inc.) C:\Users\Bobs\Downloads\DriverUpdate-setup.exe

2014-07-31 23:37 - 2014-07-31 23:37 - 00945136 _____ (SlimWare Utilities, Inc.) C:\Users\Bobs\Downloads\DriverUpdate-setup (1).exe

2014-07-31 23:30 - 2014-07-31 23:30 - 05513976 _____ (ReviverSoft LLC) C:\Users\Bobs\Downloads\RegistryReviverSetup.exe

2014-07-28 08:43 - 2014-06-15 14:58 - 00001460 _____ () C:\Windows\setupact.log

2014-07-28 08:40 - 2014-07-28 08:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2014-07-27 20:18 - 2006-11-02 13:46 - 00767538 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-25 10:09 - 2014-07-25 10:09 - 00001763 _____ () C:\Users\Bobs\Downloads\WANTED Ladies Bike (Inverurie).eml

2014-07-24 09:56 - 2014-06-12 10:06 - 00002202 _____ () C:\Windows\PFRO.log

2014-07-24 09:35 - 2014-04-13 10:36 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-07-24 09:34 - 2014-07-24 09:34 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-07-24 09:34 - 2014-05-05 18:39 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-07-24 09:34 - 2014-04-13 10:36 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2014-07-24 09:34 - 2014-04-13 10:36 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-07-24 09:34 - 2014-04-13 10:36 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-07-24 09:34 - 2014-04-13 10:36 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-07-24 09:34 - 2014-04-13 10:36 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-07-24 09:34 - 2014-04-13 10:36 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys

2014-07-24 09:34 - 2014-04-13 10:36 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys

2014-07-24 09:33 - 2014-04-14 20:13 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

2014-07-24 09:32 - 2014-04-14 20:13 - 00329968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys

2014-07-22 23:15 - 2014-07-22 23:15 - 00000000 _____ () C:\Users\Bobs\AppData\Local\{A74875F2-CB1C-4BA1-94A7-137D09899953}

Some content of TEMP:

====================

C:\Users\Bobs\AppData\Local\Temp\BackupSetup.exe

C:\Users\Bobs\AppData\Local\Temp\mpbE99C.tmp.exe

C:\Users\Bobs\AppData\Local\Temp\vcredist_x64.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2014

Ran by Bobs at 2014-08-15 18:26:37

Running from C:\Users\Bobs\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)

Apple Application Support (HKLM-x32\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)

Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)

CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.)

CyberLink DVD Suite Deluxe (x32 Version: 6.0.2326 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)

Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.2.0 - SEIKO EPSON CORPORATION)

Epson Easy Photo Print 2 (HKLM-x32\...\{674E262F-72EA-41C1-AF16-9727311A4553}) (Version: 2.4.1.0 - SEIKO EPSON CORPORATION)

Epson Event Manager (HKLM-x32\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)

Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)

EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

EPSON XP-312 313 315 Series Printer Uninstall (HKLM\...\EPSON XP-312 313 315 Series) (Version: - SEIKO EPSON Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)

FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )

FUJIFILM MyFinePix Studio 4.1 (HKLM-x32\...\MyFinePix Studio_is1) (Version: - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5048.14 - PC-Doctor, Inc.)

HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)

HP Customer Experience Enhancements (HKLM-x32\...\{E1591139-8B44-411B-A81B-D35F83A0565A}) (Version: 5.7.0.2875 - Hewlett-Packard)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Recovery Manager RSS (x32 Version: 92.0.0.9 - Hewlet Packard Company) Hidden

HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)

HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.6171.2860 - Hewlett-Packard)

HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1103 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.1103 - CyberLink Corp.) Hidden

LightScribe System Software 1.14.32.1 (HKLM-x32\...\{CF3D8718-EF21-4408-AE38-A6DA98E1E2B6}) (Version: 1.14.32.1 - LightScribe)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

muvee Reveal (HKLM-x32\...\{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}) (Version: 7.0.35.7918 - muvee Technologies Pte Ltd)

My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.)

Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden

PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2417 - CyberLink Corp.)

PowerDirector (x32 Version: 7.0.2417 - CyberLink Corp.) Hidden

Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)

Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)

QuickTime (HKLM-x32\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden

Software Updater (HKLM-x32\...\{7B3A525D-9D3D-4618-AE52-A31DE98C8AC3}) (Version: 4.1.4 - SEIKO EPSON CORPORATION)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1126 - SUPERAntiSpyware.com)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2028160917-3071815627-2566426118-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Bobs\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2028160917-3071815627-2566426118-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bobs\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2028160917-3071815627-2566426118-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bobs\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2028160917-3071815627-2566426118-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bobs\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2028160917-3071815627-2566426118-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bobs\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

Link to post
Share on other sites

Hi you can also attach the Addition.txt using the "Advanced Reply Options" to the bottom right. :)

  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.

Sorry, I thought that you wanted me to C & P both items.

Link to post
Share on other sites

Hi,
no. Please run FRST again. Addition.txt also ends with...

==================== End Of Log ============================

:)

 

 

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Link to post
Share on other sites

:)

Step 1

Scan with mbam.pngMalwarebytes Antimalware

  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.

    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)

  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select "Run As Administrator"

  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.

    Copy and paste the contents of that logfile in your next reply.

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 16/08/2014

Scan Time: 10:29:22

Logfile:

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.08.16.02

Rootkit Database: v2014.08.15.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows Vista Service Pack 2

CPU: x64

File System: NTFS

User: Bobs

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 283184

Time Elapsed: 12 min, 41 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

# AdwCleaner v3.306 - Report created 16/08/2014 at 11:35:59

# Updated 15/08/2014 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)

# Username : Bobs - BOBS-PC

# Running from : C:\Users\Bobs\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\AVG Security Toolbar

[!] Folder Deleted : C:\Users\Bobs\AppData\Local\AVG Secure Search

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\systweak

Key Deleted : HKLM\SOFTWARE\systweak

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16563

-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\Bobs\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [1695 octets] - [16/08/2014 11:34:02]

AdwCleaner[s0].txt - [1673 octets] - [16/08/2014 11:35:59]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1733 octets] ##########

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.