Jump to content

Malwarebytes scan keeps identifying a Trojan Agent & Quarantine but still there at next scan


Recommended Posts

Please find below the Malwarebytes log report.

This has now appeared a number of times and each time it is quarantined but turns up again on the next scan.

I would really appreciate some advice on how to remove it.

Thankyou

Pat

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 08/02/2015

Scan Time: 00:58:03

Logfile: 

Administrator: No

 

Version: 2.00.2.1012

Malware Database: v2015.02.08.01

Rootkit Database: v2015.02.03.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows Vista Service Pack 2

CPU: x86

File System: NTFS

User: Pat

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 265611

Time Elapsed: 15 min, 50 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

Trojan.Agent, C:\Users\Patricia\AppData\Local\Temp\Quarantine.exe, Delete-on-Reboot, [45bc09131e6cf046b1a36fae9d654eb2], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
P2P/Piracy Warning:
  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Hi

Have attached the FRST scan results as requested.

Have had to disable AVAST as it blocked the FRST download, is that ok?

 

FRST Log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2015
Ran by Patricia (administrator) on PAT-PC on 08-02-2015 11:44:18
Running from C:\Users\Patricia\Downloads
Loaded Profiles: Pat & Patricia (Available profiles: Pat & Dave & Patricia & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILGE.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILGE.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-11-18] (IDT, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-12-02] (Western Digital Technologies, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-04] (Google Inc.)
HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Run: [Google Update] => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-30] (Google Inc.)
HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILGE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {225807c9-e77f-11e0-bda7-0023ae2e7f5f} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {2258083a-e77f-11e0-bda7-0023ae2e7f5f} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {44d29be0-9939-11e4-a590-0023ae2e7f5f} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {bc5fe618-a4b3-11e1-b07b-0023ae2e7f5f} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {f5249c97-84bd-11e1-b029-0023ae2e7f5f} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {f5249caa-84bd-11e1-b029-0023ae2e7f5f} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {fb436b0c-a4b6-11e1-81cd-806e6f6e6963} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2532494780-3708508292-916854352-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILGE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2532494780-3708508292-916854352-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2532494780-3708508292-916854352-1000 -> {090C3A3A-C46F-4AF9-B5D8-B9D9A88B110E} URL = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000028&src=crm&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000
SearchScopes: HKU\S-1-5-21-2532494780-3708508292-916854352-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=421&sr=0&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2532494780-3708508292-916854352-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKU\S-1-5-21-2532494780-3708508292-916854352-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2532494780-3708508292-916854352-1002 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKU\S-1-5-21-2532494780-3708508292-916854352-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.2.72 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.2.72 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.2.72 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2532494780-3708508292-916854352-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2532494780-3708508292-916854352-1000: @talk.google.com/O1DPlugin -> C:\Users\Pat\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2532494780-3708508292-916854352-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2532494780-3708508292-916854352-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2532494780-3708508292-916854352-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-07-03]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-02-20]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-17]
 
Chrome: 
=======
CHR Profile: C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-09-17]
CHR Extension: (Google Wallet) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-02-20]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-11-17] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-11-18] (IDT, Inc.)
R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-10-09] (Vodafone) [File not signed]
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-10-23] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2015-02-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-08 11:44 - 2015-02-08 11:44 - 00020801 _____ () C:\Users\Patricia\Downloads\FRST.txt
2015-02-08 11:43 - 2015-02-08 11:43 - 01124352 _____ (Farbar) C:\Users\Patricia\Downloads\FRST.exe
2015-02-08 11:33 - 2015-02-08 11:34 - 01124352 _____ (Farbar) C:\Users\Pat\Downloads\FRST (1).exe
2015-02-08 11:26 - 2015-02-08 11:29 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat
2015-02-08 00:36 - 2015-02-08 00:36 - 00022184 _____ () C:\Users\Pat\Downloads\Addition.txt
2015-02-08 00:35 - 2015-02-08 00:36 - 00029828 _____ () C:\Users\Pat\Downloads\FRST.txt
2015-02-08 00:34 - 2015-02-08 11:44 - 00000000 ____D () C:\FRST
2015-02-08 00:34 - 2015-02-08 00:34 - 01124352 _____ (Farbar) C:\Users\Pat\Downloads\FRST.exe
2015-02-05 19:03 - 2015-02-05 19:03 - 00001624 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-05 19:03 - 2015-02-05 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-05 19:01 - 2015-02-05 19:03 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-02-05 19:01 - 2015-02-05 19:03 - 00000000 ____D () C:\Program Files\iTunes
2015-02-05 19:01 - 2015-02-05 19:01 - 00000000 ____D () C:\Program Files\iPod
2015-01-29 19:15 - 2015-01-29 19:28 - 00000000 ____D () C:\AdwCleaner
2015-01-29 19:13 - 2015-01-29 19:14 - 02194432 _____ () C:\Users\Pat\Downloads\adwcleaner_4.109.exe
2015-01-28 01:40 - 2015-01-28 01:40 - 05325208 _____ (Piriform Ltd) C:\Users\Pat\Downloads\ccsetup502.exe
2015-01-25 10:54 - 2015-01-25 10:55 - 04287921 _____ () C:\Users\Pat\Downloads\100picturesforyou (2).zip
2015-01-22 17:21 - 2015-01-22 17:21 - 04287921 _____ () C:\Users\Pat\Downloads\100picturesforyou.zip
2015-01-22 17:21 - 2015-01-22 17:21 - 04287921 _____ () C:\Users\Pat\Downloads\100picturesforyou (1).zip
2015-01-21 02:01 - 2014-10-23 11:30 - 50569804 _____ () C:\Users\Pat\Desktop\Isla clapping hands.MOV
2015-01-20 12:39 - 2014-12-19 00:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-20 12:19 - 2014-12-06 03:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-20 12:19 - 2014-12-06 03:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-20 12:19 - 2014-12-06 03:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-20 12:19 - 2014-12-06 03:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-11 02:31 - 2015-01-11 02:31 - 00000000 ____D () C:\Users\Pat\AppData\Local\Western_Digital_Technolog
2015-01-11 02:31 - 2015-01-11 02:31 - 00000000 ____D () C:\Users\Pat\AppData\Local\Western Digital
2015-01-11 00:39 - 2015-01-11 00:39 - 00001021 _____ () C:\Users\Pat\Desktop\WD Security.lnk
2015-01-11 00:32 - 2015-01-21 16:27 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-11 00:19 - 2015-01-21 16:39 - 00029118 _____ () C:\Windows\DPINST.LOG
2015-01-11 00:19 - 2015-01-21 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-01-11 00:19 - 2015-01-21 16:37 - 00000000 ____D () C:\Program Files\Western Digital
2015-01-11 00:19 - 2015-01-21 16:37 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-01-11 00:19 - 2015-01-11 00:19 - 00000954 _____ () C:\Users\Public\Desktop\WD Drive Utilities.lnk
2015-01-11 00:11 - 2015-01-21 16:37 - 00000000 ____D () C:\ProgramData\Western Digital
2015-01-10 18:51 - 2015-01-10 18:55 - 71647536 _____ (Apple Inc.) C:\Users\Pat\Downloads\icloudsetup (1).exe
2015-01-10 18:33 - 2015-01-10 18:33 - 00460915 _____ () C:\Users\Pat\Downloads\IMG_1854 (1).MOV
2015-01-10 18:28 - 2015-01-10 18:28 - 00460915 _____ () C:\Users\Pat\Downloads\IMG_1854.MOV
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-08 11:39 - 2014-04-25 21:44 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 11:39 - 2011-07-04 17:00 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 11:37 - 2008-01-21 01:35 - 02068952 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 11:23 - 2013-11-15 14:08 - 05694982 _____ () C:\Windows\PFRO.log
2015-02-08 11:23 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 11:23 - 2006-11-02 12:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 11:23 - 2006-11-02 12:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 01:24 - 2006-11-02 13:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-08 01:05 - 2013-08-30 08:21 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532494780-3708508292-916854352-1000UA.job
2015-02-08 01:00 - 2012-05-19 08:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 00:52 - 2014-04-20 18:52 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-215 217 Series Update {6AC83EC9-CF8C-424B-995E-08AA3CAE134B}.job
2015-02-08 00:52 - 2014-04-20 18:52 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-215 217 Series Invitation {6AC83EC9-CF8C-424B-995E-08AA3CAE134B}.job
2015-02-08 00:50 - 2011-07-04 17:00 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 11:05 - 2013-08-30 08:21 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532494780-3708508292-916854352-1000Core.job
2015-02-06 18:04 - 2006-11-02 10:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 22:58 - 2013-09-17 20:38 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 19:01 - 2012-01-30 17:10 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-05 19:00 - 2012-05-19 08:32 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 19:00 - 2011-07-01 22:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 18:05 - 2013-08-16 22:40 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Mozilla
2015-01-30 10:39 - 2011-07-05 22:08 - 00002569 _____ () C:\Users\Pat\Desktop\Microsoft Office Word 2003.lnk
2015-01-29 19:28 - 2011-06-27 12:06 - 00000000 ____D () C:\Users\Pat
2015-01-29 11:26 - 2012-05-18 12:01 - 00000000 ____D () C:\Users\Patricia\AppData\Local\Google
2015-01-28 01:40 - 2012-05-18 14:50 - 00000764 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-28 01:40 - 2012-05-18 14:50 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-25 16:17 - 2011-07-05 22:08 - 00002567 _____ () C:\Users\Pat\Desktop\Microsoft Office Excel 2003.lnk
2015-01-25 15:00 - 2011-07-05 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-01-20 12:39 - 2013-07-28 11:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-20 12:20 - 2006-11-02 10:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
==================== Files in the root of some directories =======
 
2014-04-07 10:12 - 2014-04-07 10:12 - 0000055 _____ () C:\Users\Patricia\AppData\Roaming\mbam.context.scan
2012-05-23 09:55 - 2014-11-13 12:18 - 0006080 _____ () C:\Users\Patricia\AppData\Local\d3d9caps.dat
2008-08-20 15:45 - 2008-08-20 15:45 - 0020270 _____ () C:\ProgramData\DeviceInstaller.xml
2008-09-22 13:21 - 2008-09-22 13:21 - 0127092 ____R () C:\ProgramData\DeviceManager.xml.rc4
 
Some content of TEMP:
====================
C:\Users\Dave\AppData\Local\Temp\avgnt.exe
C:\Users\Guest\AppData\Local\Temp\AskSLib.dll
C:\Users\Patricia\AppData\Local\Temp\Quarantine.exe
C:\Users\Patricia\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-08 11:47
 
==================== End Of Log ============================
 
Addition Log
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-02-2015
Ran by Patricia at 2015-02-08 11:45:31
Running from C:\Users\Patricia\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop 6.0 (HKLM\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version:  3.0 - )
Amazon Kindle (HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Multimedia Email (HKLM\...\{DD54CF66-090B-43E7-97C1-110EF526474D}) (Version:  - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVS Video Converter 8 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 8.3.2.533 - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dropbox (HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
Easy Phone Tunes (HKLM\...\{03ED925F-9E5E-4532-998D-7F8840FE5A74}) (Version: 137 - Easy Phone Tunes)
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)
EPSON Manuals (HKLM\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Free Easy Burner V 5.1 (HKLM\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)
Get Yahoo! Messenger (HKLM\...\Get Yahoo! Messenger) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google SketchUp 8 (HKLM\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)
Google Talk Plugin (HKLM\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6124.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.63.3.3 - Marvell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MyFreeCodec) (Version:  - )
MyFreeCodec (HKU\S-1-5-21-2532494780-3708508292-916854352-1002\...\MyFreeCodec) (Version:  - )
Photosynth 2.0110.0317.1042 (HKLM\...\{B08AC850-5B07-41F1-9DB1-56CF72003BDA}) (Version: 3.3.3.3 - Microsoft)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.2.17 - Dell Inc.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version:  - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Serif PagePlus 9.0 (HKLM\...\{BCA541B4-00B4-4D20-B38D-6623BF2F68BF}) (Version: 9.00 - Serif)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smilebox (HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
Software Updater (HKLM\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Video Converter (HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\DSite) (Version:  - ) <==== ATTENTION
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Vodafone Mobile Connect Lite (HKLM\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.5.11690 - Vodafone)
WD Drive Utilities (HKLM\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM\...\{79966948-BECF-4CB1-A79F-E76C830A17D2}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{9D86C21F-11DD-4FBD-97CE-AE6BE34D271C}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{1383A31C-26AC-4d88-91F1-EEAD77D81FA6}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\MP3Writer.dll ()
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{382C9F93-9BA4-4FC6-88DC-AD52F5812FF8}\localserver32 -> C:\Users\Pat\AppData\Roaming\Smilebox\OzDesktopImporter.exe (Octazen Solutions)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{4665E44B-8B9A-4515-A086-E94ECE374608}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\CoreAAC.ax ()
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{6AC7C19E-8CA0-4E3D-9A9F-2881DE29E0AC}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\CoreAAC.ax ()
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{919AB5F1-1C34-47a2-9C02-17128222C7CF}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\MP3Encoder.dll ()
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{BBFC1A2A-D3A2-4610-847D-26592022F86E}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\CoreAAC.ax ()
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{C42B23DF-334C-4AD0-9AB4-91FF53D04239}\localserver32 -> C:\Users\Pat\AppData\Roaming\Smilebox\OzDesktopImporter.exe (Octazen Solutions)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{D3D9D58B-45B5-48AB-B199-B8C40560AEC7}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1002_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
03-01-2015 10:13:30 Scheduled Checkpoint
04-01-2015 11:04:10 Scheduled Checkpoint
06-01-2015 11:31:33 Windows Update
10-01-2015 11:59:08 Scheduled Checkpoint
10-01-2015 19:11:52 Windows Backup
11-01-2015 00:24:47 Installed WD Security
19-01-2015 21:14:01 Windows Update
20-01-2015 12:18:24 Windows Update
21-01-2015 16:27:00 WD SmartWare Installer
23-01-2015 14:33:18 Scheduled Checkpoint
25-01-2015 14:59:01 Installed Software Updater
27-01-2015 11:34:54 Windows Update
29-01-2015 20:26:37 Scheduled Checkpoint
05-02-2015 17:53:06 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 10:23 - 2006-09-18 21:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1BCB786E-9A11-4B8A-91D1-5068D97096AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {226F8FFD-84FE-4DCB-882D-A547187E3A2C} - System32\Tasks\EPSON XP-215 217 Series Invitation {6AC83EC9-CF8C-424B-995E-08AA3CAE134B} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {4810D204-98D7-466E-80DA-D51FADBAF9D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {613D58C0-20A5-470D-A6E0-9839C9710F1B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {734F45E6-B18A-4EE5-9ABC-B967E3CC0C22} - System32\Tasks\EPSON XP-215 217 Series Update {6AC83EC9-CF8C-424B-995E-08AA3CAE134B} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {740358E3-F8C8-41EF-AFD9-1B2C85E59725} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {943D4923-C6C5-4AE4-B7C7-8E1C4B67C5B9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532494780-3708508292-916854352-1000UA => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-30] (Google Inc.)
Task: {9EDEE3CE-985A-46E4-B2C3-AF7FB112C60A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2532494780-3708508292-916854352-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {A5484A87-5E04-4EF9-948C-26AFD1B98897} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {BE385223-65BF-4BCF-A319-8A1928661EEB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2532494780-3708508292-916854352-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {DAA9D7E7-B77F-4A56-93FC-DC73EB295613} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532494780-3708508292-916854352-1000Core => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-30] (Google Inc.)
Task: {F83ABB0E-9626-486C-BE36-02DBB90B627A} - System32\Tasks\{2F7B4B56-AA0D-4FDD-9097-608A85E88719} => pcalua.exe -a "C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ITYGCZ68\avira_antivir_personal_en[1].exe" -d C:\Users\Pat\Desktop
Task: {FDF8A04E-DC9E-49D7-A976-F40143208BA7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-26] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-215 217 Series Invitation {6AC83EC9-CF8C-424B-995E-08AA3CAE134B}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXE
Task: C:\Windows\Tasks\EPSON XP-215 217 Series Update {6AC83EC9-CF8C-424B-995E-08AA3CAE134B}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532494780-3708508292-916854352-1000Core.job => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532494780-3708508292-916854352-1000UA.job => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-07 19:04 - 2015-02-07 19:04 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020701\algo.dll
2014-04-17 14:34 - 2014-11-26 16:44 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-05 22:58 - 2015-02-04 09:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll
2014-04-18 10:15 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Pat\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-18 10:15 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Pat\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-11-13 12:55 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-11-13 12:55 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2532494780-3708508292-916854352-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pat\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
HKU\S-1-5-21-2532494780-3708508292-916854352-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2532494780-3708508292-916854352-500 - Administrator - Disabled)
Dave (S-1-5-21-2532494780-3708508292-916854352-1001 - Limited - Enabled) => C:\Users\Dave
Guest (S-1-5-21-2532494780-3708508292-916854352-501 - Limited - Disabled) => C:\Users\Guest
Pat (S-1-5-21-2532494780-3708508292-916854352-1000 - Limited - Enabled) => C:\Users\Pat
Patricia (S-1-5-21-2532494780-3708508292-916854352-1002 - Administrator - Enabled) => C:\Users\Patricia
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/08/2015 11:30:04 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (02/08/2015 11:29:59 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (02/08/2015 11:24:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/08/2015 11:24:08 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue
 
Error: (02/07/2015 09:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1989200
 
Error: (02/07/2015 09:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1989200
 
Error: (02/07/2015 09:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/07/2015 09:21:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1987952
 
Error: (02/07/2015 09:21:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1987952
 
Error: (02/07/2015 09:21:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (02/08/2015 11:27:35 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}
 
Error: (02/08/2015 11:25:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Eventlog
 
Error: (02/08/2015 11:25:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (02/08/2015 11:25:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: USB RNDIS Adapter%%1058
 
Error: (02/08/2015 11:25:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058
 
Error: (02/07/2015 05:49:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (02/07/2015 05:49:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: USB RNDIS Adapter%%1058
 
Error: (02/07/2015 05:49:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058
 
Error: (02/07/2015 00:16:02 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer AUDREY-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{72315BB8-29F0-42D4-9A50-6BE25EFE.
The master browser is stopping or an election is being forced.
 
Error: (02/07/2015 10:40:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (02/08/2015 11:30:04 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (02/08/2015 11:29:59 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (02/08/2015 11:24:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/08/2015 11:24:08 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue
 
Error: (02/07/2015 09:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1989200
 
Error: (02/07/2015 09:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1989200
 
Error: (02/07/2015 09:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/07/2015 09:21:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1987952
 
Error: (02/07/2015 09:21:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1987952
 
Error: (02/07/2015 09:21:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-08 11:25:50.723
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-08 01:20:08.309
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-08 01:20:07.746
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-08 01:20:07.435
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-08 01:20:05.871
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-08 01:03:51.783
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-08 01:03:51.413
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-08 01:03:50.994
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-08 01:03:50.442
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 21:24:55.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 60%
Total physical RAM: 3033.63 MB
Available physical RAM: 1183.76 MB
Total Pagefile: 6301.52 MB
Available Pagefile: 4134.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.45 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.88 GB) (Free:78.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: B8FDB839)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Thank you for helping
Link to post
Share on other sites

Hi,
 
Step 1

Please uninstall: Update for Video Converter via
Open Programs and Features by clicking the Start button hidden2.png, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
Step 2

Scan with adwcleaner.png AdwCleaner (by Xplode)

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 3

Please download tfc.pngTFC (by Oldtimer) and save it to your Desktop.

  • Start TFC.exe with administrator privileges.
  • Close all other running programs.
  • Click on Start.
  • Allow a reboot if one is requested.

Step 4
Scan with mbam.pngMalwarebytes Anti-Malware

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

mbameng.gif

Link to post
Share on other sites

Scan with adwcleaner.png AdwCleaner (by Xplode)

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"  Vista doesnt allow me to save to Desktop, though have managed to open and run as Administrator
  • Click on the Scan button.Have scanned but have message
  • "Waiting for action. Please uncheck elements you want to keep".
  • The blue loading ribbon underneath is blank and the Results section is blank! What do I do?
  • After the scan has finished, click on the Clean button.The clean button has a red cross. What do I do?
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Hi

Have listed the problem I am having with running AdwCleaner above in bold, underlined red. I have tried to do this twice both on my normal desktop (using Administrative privileges) & also on the secure desktop with Administrative privileges

Can you please advise what I should do?

Regards

Pat

Link to post
Share on other sites

.Have scanned but have message

  • "Waiting for action. Please uncheck elements you want to keep".
  • The blue loading ribbon underneath is blank and the Results section is blank! What do I do?
  • After the scan has finished, click on the Clean button.The clean button has a red cross. What do I do?

 

 

Run it as admin (whencever), click scan, afterwards simply click clean...try it :)

Link to post
Share on other sites

This is the log from Adw Cleaner

Shall I continue with the rest of your instructions?

 

# AdwCleaner v4.110 - Logfile created 08/02/2015 at 18:27:18
# Updated 05/02/2015 by Xplode
# Database : 2015-02-08.1 [server]
# Operating system : Windows Vista Home Premium Service Pack 2 (x86)
# Username : Patricia - PAT-PC
# Running from : C:\Users\Patricia\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [2691 bytes] - [29/01/2015 19:15:02]
AdwCleaner[R1].txt - [1686 bytes] - [08/02/2015 17:45:00]
AdwCleaner[R2].txt - [935 bytes] - [08/02/2015 17:54:18]
AdwCleaner[s0].txt - [2800 bytes] - [29/01/2015 19:28:10]
AdwCleaner[s1].txt - [863 bytes] - [08/02/2015 18:27:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [921  bytes] ##########
Link to post
Share on other sites

Hi

Have completed all the other actions and the Malwarebytes scan was completely clear. Do I remove the instruction to scan root kits or can I leave it on?

Do I still leave the various downloads on the system? If not how do I uninstall them?

Many Thanks

Regards

Pat

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 08/02/2015
Scan Time: 19:22:10
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.08.05
Rootkit Database: v2015.02.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Patricia
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 447446
Time Elapsed: 49 min, 43 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Let's do a final check up:

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png

    Copy and paste the content of this log file in your next reply.

esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!

eset.gif

Link to post
Share on other sites

Hi

ESET has found 60 threats/infected files!!! 

Please advise what to do next.

I may not get a chance to do any more tonight but will continue 1st thing tomorrow.

Thanks

Pat

 

Below is the scan results

C:\AdwCleaner\Quarantine\C\Users\Dave\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\AskToolbar\Downloaded Program Files\AviraTrans.dll.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\AskToolbar\Downloaded Program Files\AviraTrans.dll.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Pat\VideoConverter\VideoConverter.exe.vir a variant of Win32/InstallCore.A potentially unwanted application
C:\Users\Dave\Downloads\ccsetup405.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Dave\Downloads\ccsetup406.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Dave\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Default\AppData\Local\AskToolbar\Downloaded Program Files\AviraTrans.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Pat\Downloads\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Pat\Downloads\ccsetup318.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Pat\Downloads\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Pat\Downloads\ccsetup328 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup328.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup400 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup400.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup402 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup403 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup405 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup405 (2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup405.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup407 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup408 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup409 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup419.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\ccsetup502.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pat\Downloads\FixBeeV1.exe Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Pat\Downloads\GraboidVideoSetup-3.01-Complete.exe Win32/Graboid potentially unsafe application
C:\Users\Pat\Downloads\iLividSetupV1 (1).exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
C:\Users\Pat\Downloads\Setup_FreeBurner (1).exe Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Pat\Downloads\Setup_FreeBurner (2).exe Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Pat\Downloads\Setup_FreeBurner (3).exe Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Pat\Downloads\Setup_FreeBurner (4).exe Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Pat\Downloads\Setup_FreeBurner (5).exe Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Pat\Downloads\Setup_FreeBurner (6).exe Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Pat\Downloads\Setup_FreeBurner (7).exe Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Pat\Downloads\Setup_FreeBurner (8).exe Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Pat\Downloads\Setup_FreeBurner (9).exe Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Pat\Downloads\Setup_FreeBurner.exe Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Patricia\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Patricia\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Patricia\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Patricia\Downloads\ccsetup418.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\AskToolbar\avira.cab a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
Link to post
Share on other sites

Sorry didn't read the instructions properly.

 

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8c0380b9d29fe44d95f471301166eb0f
# engine=22368
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-08 08:39:48
# local_time=2015-02-08 08:39:48 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 95 987226 25682750 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 198652 260960716 0 0
# scanned=792
# found=6
# cleaned=0
# scan_time=107
sh=0B721092D2B67397D9406788D4DF4DA87CD5A6F4 ft=1 fh=82fa0b549d14e9bf vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Dave\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll.vir"
sh=4BECECC6C1BA8187EB0E22A3E050DB6547B4C6E3 ft=1 fh=5f6c4b27cfa94330 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\AskToolbar\Downloaded Program Files\AviraTrans.dll.vir"
sh=0B721092D2B67397D9406788D4DF4DA87CD5A6F4 ft=1 fh=82fa0b549d14e9bf vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll.vir"
sh=4BECECC6C1BA8187EB0E22A3E050DB6547B4C6E3 ft=1 fh=5f6c4b27cfa94330 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\AskToolbar\Downloaded Program Files\AviraTrans.dll.vir"
sh=0B721092D2B67397D9406788D4DF4DA87CD5A6F4 ft=1 fh=82fa0b549d14e9bf vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll.vir"
sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pat\VideoConverter\VideoConverter.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8c0380b9d29fe44d95f471301166eb0f
# engine=22368
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-08 10:30:42
# local_time=2015-02-08 10:30:42 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 95 997480 25689404 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 208906 260967370 0 0
# scanned=161311
# found=60
# cleaned=0
# scan_time=6510
sh=0B721092D2B67397D9406788D4DF4DA87CD5A6F4 ft=1 fh=82fa0b549d14e9bf vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Dave\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll.vir"
sh=4BECECC6C1BA8187EB0E22A3E050DB6547B4C6E3 ft=1 fh=5f6c4b27cfa94330 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\AskToolbar\Downloaded Program Files\AviraTrans.dll.vir"
sh=0B721092D2B67397D9406788D4DF4DA87CD5A6F4 ft=1 fh=82fa0b549d14e9bf vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll.vir"
sh=4BECECC6C1BA8187EB0E22A3E050DB6547B4C6E3 ft=1 fh=5f6c4b27cfa94330 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\AskToolbar\Downloaded Program Files\AviraTrans.dll.vir"
sh=0B721092D2B67397D9406788D4DF4DA87CD5A6F4 ft=1 fh=82fa0b549d14e9bf vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll.vir"
sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pat\VideoConverter\VideoConverter.exe.vir"
sh=59C75B45AC46FAC8C4018205544938C46B1BA631 ft=1 fh=ab462a0af6e69b03 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Dave\Downloads\ccsetup405.exe"
sh=ADF2AD3B94EB35DC371AB7A1A49B004B7C76BFA5 ft=1 fh=f95766f30bc4ebc6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Dave\Downloads\ccsetup406.exe"
sh=44A7AE70AA7AC181E962591F263CFA55C823B4FC ft=1 fh=cf972a16567b49c6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Dave\Downloads\Shockwave_Installer_Slim.exe"
sh=4BECECC6C1BA8187EB0E22A3E050DB6547B4C6E3 ft=1 fh=5f6c4b27cfa94330 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Default\AppData\Local\AskToolbar\Downloaded Program Files\AviraTrans.dll"
sh=DD2B65E0DC0E179649D517DC9819399A4201FB6C ft=1 fh=d0a7f3949e3545a5 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\avira_free_antivirus_en.exe"
sh=2E9FC5EE22DDB3588857BAEB1EC51885EB3D3C27 ft=1 fh=78aa2c558c3526a3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup318.exe"
sh=03659459CF218748D115AB0EBD09E04AE43D9BC4 ft=1 fh=b7fea6e53bda36e3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup323.exe"
sh=3D84C7C0E316EAD02DD7A59E746EC798DAB8BC0C ft=1 fh=ce50a11e70bad71c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup328 (1).exe"
sh=3D84C7C0E316EAD02DD7A59E746EC798DAB8BC0C ft=1 fh=ce50a11e70bad71c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup328.exe"
sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup400 (1).exe"
sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup400.exe"
sh=2FEC2BB06C11B711B37E7D1BAC0004F8F25A4C7B ft=1 fh=9586b0754c97a9e0 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup401.exe"
sh=EA244E84E1468A6AF4741F2184E113A16F833D8B ft=1 fh=a9c73d0d07b22a58 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup402 (1).exe"
sh=EA244E84E1468A6AF4741F2184E113A16F833D8B ft=1 fh=a9c73d0d07b22a58 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup402.exe"
sh=A4854C3C5A7277D3C02F88330D2023AAD3667533 ft=1 fh=818bd9cd8f0d2ffa vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup403 (1).exe"
sh=A4854C3C5A7277D3C02F88330D2023AAD3667533 ft=1 fh=818bd9cd8f0d2ffa vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup403.exe"
sh=6525F85F423A8ACB9DE261FCE7C1BFDCAF0651EC ft=1 fh=e751b5239200023c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup404.exe"
sh=59C75B45AC46FAC8C4018205544938C46B1BA631 ft=1 fh=ab462a0af6e69b03 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup405 (1).exe"
sh=59C75B45AC46FAC8C4018205544938C46B1BA631 ft=1 fh=ab462a0af6e69b03 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup405 (2).exe"
sh=59C75B45AC46FAC8C4018205544938C46B1BA631 ft=1 fh=ab462a0af6e69b03 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup405.exe"
sh=DD6E088E22874B283348A15DB5159C7B20CC6D22 ft=1 fh=fe9dda6ca79832a6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup407 (1).exe"
sh=DD6E088E22874B283348A15DB5159C7B20CC6D22 ft=1 fh=fe9dda6ca79832a6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup407.exe"
sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup408 (1).exe"
sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup408.exe"
sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup409 (1).exe"
sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup409.exe"
sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup410.exe"
sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup411.exe"
sh=DA0FB77CECB4247F067294DA5E54E0020844FECE ft=1 fh=96c9faddf1c23368 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup413.exe"
sh=F83855D2F4CB2063085A6A66A6A1C7CB377C28CB ft=1 fh=bcd5e45444e76df6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup414.exe"
sh=D12F2B7B95F3EB52E57E5E034F4315F4716670FF ft=1 fh=fa0e3acfd523f7f9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup415.exe"
sh=A601D7FA1AC943E7C513C18554B4963A7CC30777 ft=1 fh=24077ef6e95ea586 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup419.exe"
sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup500.exe"
sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup501.exe"
sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup502.exe"
sh=0DA5BF6A614D7B9BEB2F060EC11FA290A16313A1 ft=1 fh=16ce9d450490cca4 vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\FixBeeV1.exe"
sh=3FA3207F8176D4ABD00FA39EDFCCA469128BA859 ft=1 fh=c30d9f97003238f2 vn="Win32/Graboid potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\GraboidVideoSetup-3.01-Complete.exe"
sh=FE2D1BAB37AD9E6A46D423FCD136DF476715FC45 ft=1 fh=9ad9f0a2911ff436 vn="a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\iLividSetupV1 (1).exe"
sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner (1).exe"
sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner (2).exe"
sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner (3).exe"
sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner (4).exe"
sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner (5).exe"
sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner (6).exe"
sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner (7).exe"
sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner (8).exe"
sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner (9).exe"
sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner.exe"
sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Patricia\Downloads\ccsetup412.exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Patricia\Downloads\ccsetup416.exe"
sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Patricia\Downloads\ccsetup417.exe"
sh=F69F5B71A6FA94B71504EF184913BCF428D43899 ft=1 fh=6c8257ade2556f83 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Patricia\Downloads\ccsetup418.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=1C9941A88FF7BCBFE354836732A047D647E75379 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\AskToolbar\avira.cab"
Link to post
Share on other sites

ESET hasn't found any active malware or adware. So we're done! :)

That's it! abklatsch.gif
Your logs look clean to me at the moment. thumbup2.gif
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If I have helped you then please consider donating to continue the fight against malware: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

 

Adobe Reader X

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Link to post
Share on other sites

Hi

Glad to hear I don't have to do anything with all those 'threats' on ESET presume they are classed as false positives?

 

 

Tried to download delfix but got error message as not a valid Win32 application?

Shall I just delete via Uninstall programmes? Especially as I use Malwarebytes all the time & dont want to uninstall it?

Regards

Pat

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.