patdave

Can you please keep this topic open as may not be able to get back to it until Sunday 15th Feb? Thankyou

FRST log Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2015Ran by Patricia (administrator) on PAT-PC on 12-02-2015 23:11:29Running from C:\Users\Patricia\DesktopLoaded Profiles: Pat & Patricia (Available profiles: Pat & Dave & Patricia & Guest)Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)Internet Explorer Version 9 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe(Microsoft Corporation) C:\Windows\System32\SLsvc.exe(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILGE.EXE(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILGE.EXE(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-11-18] (IDT, Inc.)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc.)HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-12-02] (Western Digital Technologies, Inc.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-04] (Google Inc.)HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Run: [Google Update] => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-30] (Google Inc.)HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILGE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {225807c9-e77f-11e0-bda7-0023ae2e7f5f} - E:\setup_vmc_lite.exe /checkApplicationPresenceHKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {2258083a-e77f-11e0-bda7-0023ae2e7f5f} - E:\setup_vmc_lite.exe /checkApplicationPresenceHKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {44d29be0-9939-11e4-a590-0023ae2e7f5f} - "E:\WD Drive Unlock.exe" autoplay=trueHKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {bc5fe618-a4b3-11e1-b07b-0023ae2e7f5f} - E:\setup_vmc_lite.exe /checkApplicationPresenceHKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {f5249c97-84bd-11e1-b029-0023ae2e7f5f} - E:\setup_vmc_lite.exe /checkApplicationPresenceHKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {f5249caa-84bd-11e1-b029-0023ae2e7f5f} - E:\setup_vmc_lite.exe /checkApplicationPresenceHKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {fb436b0c-a4b6-11e1-81cd-806e6f6e6963} - E:\setup_vmc_lite.exe /checkApplicationPresenceHKU\S-1-5-21-2532494780-3708508292-916854352-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILGE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnkShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2532494780-3708508292-916854352-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2532494780-3708508292-916854352-1000 -> {090C3A3A-C46F-4AF9-B5D8-B9D9A88B110E} URL = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000028&src=crm&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000SearchScopes: HKU\S-1-5-21-2532494780-3708508292-916854352-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=421&sr=0&q={searchTerms}BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No FileBHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKU\S-1-5-21-2532494780-3708508292-916854352-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No FileToolbar: HKU\S-1-5-21-2532494780-3708508292-916854352-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKU\S-1-5-21-2532494780-3708508292-916854352-1002 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No FileToolbar: HKU\S-1-5-21-2532494780-3708508292-916854352-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cabDPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cabDPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @real.com/nppl3260;version=15.0.2.72 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprjplug;version=15.0.2.72 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpjplug;version=15.0.2.72 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2532494780-3708508292-916854352-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKU\S-1-5-21-2532494780-3708508292-916854352-1000: @talk.google.com/O1DPlugin -> C:\Users\Pat\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKU\S-1-5-21-2532494780-3708508292-916854352-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-2532494780-3708508292-916854352-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-2532494780-3708508292-916854352-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-07-03]FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-02-20]FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-17] Chrome: =======CHR Profile: C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23]CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-09-17]CHR Extension: (Google Wallet) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-02-20] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-11-17] (Andrea Electronics Corporation)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-11-18] (IDT, Inc.)R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-10-09] (Vodafone) [File not signed]R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-10-23] (Western Digital Technologies, Inc.)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-26] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-26] (AVAST Software)R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-26] (AVAST Software)R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-12] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-12 23:11 - 2015-02-12 23:11 - 00021017 _____ () C:\Users\Patricia\Desktop\FRST.txt2015-02-12 23:06 - 2015-02-12 23:06 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Patricia\Downloads\mbam-check-2.1.1.1001.exe2015-02-12 23:05 - 2015-02-12 23:05 - 01125376 _____ (Farbar) C:\Users\Patricia\Desktop\FRST.exe2015-02-12 22:55 - 2015-02-12 22:55 - 00000894 _____ () C:\Users\Pat\Desktop\mbam-check-2.1.1.1001 - Shortcut.lnk2015-02-12 22:54 - 2015-02-12 22:54 - 00055015 _____ () C:\Users\Patricia\Documents\CheckResults.txt2015-02-12 22:47 - 2015-02-12 22:57 - 00055015 _____ () C:\Users\Patricia\Desktop\CheckResults.txt2015-02-12 22:44 - 2015-02-12 22:44 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Pat\Downloads\mbam-check-2.1.1.1001.exe2015-02-12 22:39 - 2015-02-12 23:11 - 00000000 ____D () C:\FRST2015-02-12 22:39 - 2015-02-12 22:39 - 01125376 _____ (Farbar) C:\Users\Pat\Downloads\FRST (3).exe2015-02-12 22:38 - 2015-02-12 22:39 - 01125376 _____ (Farbar) C:\Users\Pat\Downloads\FRST (2).exe2015-02-12 11:13 - 2014-11-26 02:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2015-02-12 11:11 - 2015-01-09 00:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-02-12 11:10 - 2015-01-13 01:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2015-02-12 11:06 - 2015-01-15 04:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2015-02-12 11:04 - 2014-12-08 01:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll2015-02-11 10:57 - 2015-01-14 01:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-02-11 10:57 - 2015-01-14 01:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-02-11 10:57 - 2015-01-14 01:47 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-02-11 10:57 - 2015-01-14 01:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-02-11 10:57 - 2015-01-14 01:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-02-11 10:57 - 2015-01-14 01:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-02-11 10:57 - 2015-01-14 01:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-02-11 10:57 - 2015-01-14 01:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-02-11 10:57 - 2015-01-14 01:41 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-02-11 10:57 - 2015-01-14 01:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-02-11 10:57 - 2015-01-14 01:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-02-11 10:57 - 2015-01-14 01:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2015-02-11 10:57 - 2015-01-14 01:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-02-11 10:57 - 2015-01-14 01:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-02-11 10:57 - 2015-01-14 01:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-02-11 10:57 - 2015-01-14 01:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-02-11 10:57 - 2015-01-14 01:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-02-11 10:57 - 2015-01-14 01:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-02-11 10:57 - 2015-01-14 01:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-02-11 10:57 - 2015-01-14 01:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2015-02-11 10:57 - 2015-01-14 01:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2015-02-11 10:57 - 2015-01-14 01:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2015-02-09 11:59 - 2015-02-09 11:59 - 00000826 _____ () C:\DelFix.txt2015-02-09 11:33 - 2015-02-09 11:36 - 00196149 _____ () C:\Users\Patricia\Downloads\delfix_10.8 (1).exe2015-02-08 21:06 - 2015-02-08 21:23 - 00000000 ____D () C:\Users\Patricia\AppData\Local\Microsoft Games2015-02-08 19:15 - 2015-02-12 13:03 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat2015-02-08 17:43 - 2015-02-08 17:43 - 02112512 _____ () C:\Users\Pat\Downloads\AdwCleaner (1).exe2015-02-08 11:33 - 2015-02-08 11:34 - 01124352 _____ (Farbar) C:\Users\Pat\Downloads\FRST (1).exe2015-02-08 00:36 - 2015-02-08 00:36 - 00022184 _____ () C:\Users\Pat\Downloads\Addition.txt2015-02-08 00:35 - 2015-02-12 22:44 - 00031948 _____ () C:\Users\Pat\Downloads\FRST.txt2015-02-08 00:34 - 2015-02-08 00:34 - 01124352 _____ (Farbar) C:\Users\Pat\Downloads\FRST.exe2015-02-05 19:03 - 2015-02-05 19:03 - 00001624 _____ () C:\Users\Public\Desktop\iTunes.lnk2015-02-05 19:03 - 2015-02-05 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-02-05 19:01 - 2015-02-05 19:03 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB2015-02-05 19:01 - 2015-02-05 19:03 - 00000000 ____D () C:\Program Files\iTunes2015-02-05 19:01 - 2015-02-05 19:01 - 00000000 ____D () C:\Program Files\iPod2015-01-29 19:13 - 2015-01-29 19:14 - 02194432 _____ () C:\Users\Pat\Downloads\adwcleaner_4.109.exe2015-01-28 01:40 - 2015-01-28 01:40 - 05325208 _____ (Piriform Ltd) C:\Users\Pat\Downloads\ccsetup502.exe2015-01-25 10:54 - 2015-01-25 10:55 - 04287921 _____ () C:\Users\Pat\Downloads\100picturesforyou (2).zip2015-01-22 17:21 - 2015-01-22 17:21 - 04287921 _____ () C:\Users\Pat\Downloads\100picturesforyou.zip2015-01-22 17:21 - 2015-01-22 17:21 - 04287921 _____ () C:\Users\Pat\Downloads\100picturesforyou (1).zip2015-01-21 02:01 - 2014-10-23 11:30 - 50569804 _____ () C:\Users\Pat\Desktop\Isla clapping hands.MOV2015-01-20 12:39 - 2014-12-19 00:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2015-01-20 12:19 - 2014-12-06 03:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll2015-01-20 12:19 - 2014-12-06 03:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2015-01-20 12:19 - 2014-12-06 03:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll2015-01-20 12:19 - 2014-12-06 03:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-12 23:05 - 2013-08-30 08:21 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532494780-3708508292-916854352-1000UA.job2015-02-12 23:01 - 2014-04-25 21:44 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-02-12 23:01 - 2011-07-04 17:00 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-02-12 23:00 - 2012-05-19 08:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-02-12 22:52 - 2014-04-20 18:52 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-215 217 Series Update {6AC83EC9-CF8C-424B-995E-08AA3CAE134B}.job2015-02-12 22:52 - 2014-04-20 18:52 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-215 217 Series Invitation {6AC83EC9-CF8C-424B-995E-08AA3CAE134B}.job2015-02-12 22:50 - 2011-07-04 17:00 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-02-12 22:35 - 2008-01-21 01:35 - 01318971 _____ () C:\Windows\WindowsUpdate.log2015-02-12 18:59 - 2006-11-02 12:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02015-02-12 18:59 - 2006-11-02 12:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02015-02-12 14:47 - 2011-07-05 22:08 - 00002569 _____ () C:\Users\Pat\Desktop\Microsoft Office Word 2003.lnk2015-02-12 12:59 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-02-12 11:58 - 2006-11-02 12:47 - 00320288 _____ () C:\Windows\system32\FNTCACHE.DAT2015-02-12 11:54 - 2006-11-02 13:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2015-02-12 11:46 - 2013-07-28 11:11 - 00000000 ____D () C:\Windows\system32\MRT2015-02-12 11:17 - 2006-11-02 10:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe2015-02-12 11:05 - 2013-08-30 08:21 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532494780-3708508292-916854352-1000Core.job2015-02-11 18:58 - 2011-07-10 20:03 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Smilebox2015-02-09 11:28 - 2011-07-05 22:31 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk2015-02-09 11:28 - 2011-07-05 22:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe2015-02-08 21:05 - 2006-11-02 12:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2015-02-08 18:28 - 2014-04-25 21:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2015-02-08 18:28 - 2013-11-15 14:08 - 05728416 _____ () C:\Windows\PFRO.log2015-02-08 12:16 - 2014-04-25 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-02-08 12:16 - 2012-01-07 17:24 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-02-06 18:04 - 2006-11-02 10:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI2015-02-05 22:58 - 2013-09-17 20:38 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-02-05 19:01 - 2012-01-30 17:10 - 00000000 ____D () C:\Program Files\Common Files\Apple2015-02-05 19:00 - 2012-05-19 08:32 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2015-02-05 19:00 - 2011-07-01 22:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2015-02-05 18:05 - 2013-08-16 22:40 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Mozilla2015-01-29 19:28 - 2011-06-27 12:06 - 00000000 ____D () C:\Users\Pat2015-01-29 11:26 - 2012-05-18 12:01 - 00000000 ____D () C:\Users\Patricia\AppData\Local\Google2015-01-28 01:40 - 2012-05-18 14:50 - 00000764 _____ () C:\Users\Public\Desktop\CCleaner.lnk2015-01-28 01:40 - 2012-05-18 14:50 - 00000000 ____D () C:\Program Files\CCleaner2015-01-25 16:17 - 2011-07-05 22:08 - 00002567 _____ () C:\Users\Pat\Desktop\Microsoft Office Excel 2003.lnk2015-01-25 15:00 - 2011-07-05 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software2015-01-21 16:39 - 2015-01-11 00:19 - 00029118 _____ () C:\Windows\DPINST.LOG2015-01-21 16:38 - 2015-01-11 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital2015-01-21 16:37 - 2015-01-11 00:19 - 00000000 ____D () C:\Program Files\Western Digital2015-01-21 16:37 - 2015-01-11 00:19 - 00000000 ____D () C:\Program Files\Common Files\Western Digital2015-01-21 16:37 - 2015-01-11 00:11 - 00000000 ____D () C:\ProgramData\Western Digital2015-01-21 16:27 - 2015-01-11 00:32 - 00000000 ____D () C:\ProgramData\Package Cache ==================== Files in the root of some directories ======= 2014-04-07 10:12 - 2014-04-07 10:12 - 0000055 _____ () C:\Users\Patricia\AppData\Roaming\mbam.context.scan2012-05-23 09:55 - 2014-11-13 12:18 - 0006080 _____ () C:\Users\Patricia\AppData\Local\d3d9caps.dat2008-08-20 15:45 - 2008-08-20 15:45 - 0020270 _____ () C:\ProgramData\DeviceInstaller.xml2008-09-22 13:21 - 2008-09-22 13:21 - 0127092 ____R () C:\ProgramData\DeviceManager.xml.rc4 ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-12 13:09 ==================== End Of Log ============================ FRST Addition log Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2015Ran by Patricia at 2015-02-12 23:12:07Running from C:\Users\Patricia\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Photoshop 6.0 (HKLM\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - )Amazon Kindle (HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Amazon Kindle) (Version: - Amazon)Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ArcSoft Multimedia Email (HKLM\...\{DD54CF66-090B-43E7-97C1-110EF526474D}) (Version: - )Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)AVS Video Converter 8 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 8.3.2.533 - Online Media Technologies Ltd.)Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)Dropbox (HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)Easy Phone Tunes (HKLM\...\{03ED925F-9E5E-4532-998D-7F8840FE5A74}) (Version: 137 - Easy Phone Tunes)Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)Epson Easy Photo Print 2 (HKLM\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)Epson Event Manager (HKLM\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)EPSON Manuals (HKLM\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version: - SEIKO EPSON Corporation)EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)Free Easy Burner V 5.1 (HKLM\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)Get Yahoo! Messenger (HKLM\...\Get Yahoo! Messenger) (Version: - )Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)Google SketchUp 8 (HKLM\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)Google Talk Plugin (HKLM\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.26.9 - Google Inc.) HiddeniCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6124.0 - IDT)Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.63.3.3 - Marvell)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)MyFreeCodec (HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MyFreeCodec) (Version: - )MyFreeCodec (HKU\S-1-5-21-2532494780-3708508292-916854352-1002\...\MyFreeCodec) (Version: - )Photosynth 2.0110.0317.1042 (HKLM\...\{B08AC850-5B07-41F1-9DB1-56CF72003BDA}) (Version: 3.3.3.3 - Microsoft)Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.2.17 - Dell Inc.)QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) HiddenRealPlayer (HKLM\...\RealPlayer 15.0) (Version: - RealNetworks)Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) HiddenSerif PagePlus 9.0 (HKLM\...\{BCA541B4-00B4-4D20-B38D-6623BF2F68BF}) (Version: 9.00 - Serif)Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)Smilebox (HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)Software Updater (HKLM\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) HiddenVisual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)Vodafone Mobile Connect Lite (HKLM\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.5.11690 - Vodafone)WD Drive Utilities (HKLM\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)WD Quick View (HKLM\...\{79966948-BECF-4CB1-A79F-E76C830A17D2}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)WD Security (HKLM\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)WD SmartWare (HKLM\...\{9D86C21F-11DD-4FBD-97CE-AE6BE34D271C}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)WD SmartWare Installer (HKLM\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{1383A31C-26AC-4d88-91F1-EEAD77D81FA6}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\MP3Writer.dll ()CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{382C9F93-9BA4-4FC6-88DC-AD52F5812FF8}\localserver32 -> C:\Users\Pat\AppData\Roaming\Smilebox\OzDesktopImporter.exe (Octazen Solutions)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{4665E44B-8B9A-4515-A086-E94ECE374608}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\CoreAAC.ax ()CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{6AC7C19E-8CA0-4E3D-9A9F-2881DE29E0AC}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\CoreAAC.ax ()CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{919AB5F1-1C34-47a2-9C02-17128222C7CF}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\MP3Encoder.dll ()CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{BBFC1A2A-D3A2-4610-847D-26592022F86E}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\CoreAAC.ax ()CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{C42B23DF-334C-4AD0-9AB4-91FF53D04239}\localserver32 -> C:\Users\Pat\AppData\Roaming\Smilebox\OzDesktopImporter.exe (Octazen Solutions)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{D3D9D58B-45B5-48AB-B199-B8C40560AEC7}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1002_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 10-01-2015 11:59:08 Scheduled Checkpoint10-01-2015 19:11:52 Windows Backup11-01-2015 00:24:47 Installed WD Security19-01-2015 21:14:01 Windows Update20-01-2015 12:18:24 Windows Update21-01-2015 16:27:00 WD SmartWare Installer23-01-2015 14:33:18 Scheduled Checkpoint25-01-2015 14:59:01 Installed Software Updater27-01-2015 11:34:54 Windows Update29-01-2015 20:26:37 Scheduled Checkpoint05-02-2015 17:53:06 Windows Update10-02-2015 11:47:20 Windows Update12-02-2015 11:01:04 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 10:23 - 2006-09-18 21:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1BCB786E-9A11-4B8A-91D1-5068D97096AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {226F8FFD-84FE-4DCB-882D-A547187E3A2C} - System32\Tasks\EPSON XP-215 217 Series Invitation {6AC83EC9-CF8C-424B-995E-08AA3CAE134B} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)Task: {4810D204-98D7-466E-80DA-D51FADBAF9D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)Task: {613D58C0-20A5-470D-A6E0-9839C9710F1B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)Task: {734F45E6-B18A-4EE5-9ABC-B967E3CC0C22} - System32\Tasks\EPSON XP-215 217 Series Update {6AC83EC9-CF8C-424B-995E-08AA3CAE134B} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)Task: {740358E3-F8C8-41EF-AFD9-1B2C85E59725} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)Task: {943D4923-C6C5-4AE4-B7C7-8E1C4B67C5B9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532494780-3708508292-916854352-1000UA => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-30] (Google Inc.)Task: {9EDEE3CE-985A-46E4-B2C3-AF7FB112C60A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2532494780-3708508292-916854352-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)Task: {A5484A87-5E04-4EF9-948C-26AFD1B98897} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)Task: {BE385223-65BF-4BCF-A319-8A1928661EEB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2532494780-3708508292-916854352-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)Task: {DAA9D7E7-B77F-4A56-93FC-DC73EB295613} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532494780-3708508292-916854352-1000Core => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-30] (Google Inc.)Task: {F83ABB0E-9626-486C-BE36-02DBB90B627A} - System32\Tasks\{2F7B4B56-AA0D-4FDD-9097-608A85E88719} => pcalua.exe -a "C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ITYGCZ68\avira_antivir_personal_en[1].exe" -d C:\Users\Pat\DesktopTask: {FDF8A04E-DC9E-49D7-A976-F40143208BA7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-26] (AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\EPSON XP-215 217 Series Invitation {6AC83EC9-CF8C-424B-995E-08AA3CAE134B}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXETask: C:\Windows\Tasks\EPSON XP-215 217 Series Update {6AC83EC9-CF8C-424B-995E-08AA3CAE134B}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXETask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532494780-3708508292-916854352-1000Core.job => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532494780-3708508292-916854352-1000UA.job => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2015-02-12 22:36 - 2015-02-12 22:36 - 02912256 _____ () C:\Program Files\AVAST Software\Avast\defs\15021201\algo.dll2014-04-17 14:34 - 2014-11-26 16:44 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2015-02-05 22:58 - 2015-02-04 09:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll2014-04-18 10:15 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Pat\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll2014-04-18 10:15 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Pat\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll2015-02-05 22:58 - 2015-02-04 09:02 - 14965064 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll2014-11-13 12:55 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll2014-11-13 12:55 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2532494780-3708508292-916854352-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pat\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpgHKU\S-1-5-21-2532494780-3708508292-916854352-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpgDNS Servers: 192.168.1.254 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITORMSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"MSCONFIG\startupreg: EPLTarget => MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe ==================== Accounts: ============================= Administrator (S-1-5-21-2532494780-3708508292-916854352-500 - Administrator - Disabled)Dave (S-1-5-21-2532494780-3708508292-916854352-1001 - Limited - Enabled) => C:\Users\DaveGuest (S-1-5-21-2532494780-3708508292-916854352-501 - Limited - Disabled) => C:\Users\GuestPat (S-1-5-21-2532494780-3708508292-916854352-1000 - Limited - Enabled) => C:\Users\PatPatricia (S-1-5-21-2532494780-3708508292-916854352-1002 - Administrator - Enabled) => C:\Users\Patricia ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (02/12/2015 10:35:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 9129272 Error: (02/12/2015 10:35:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 9129272 Error: (02/12/2015 10:35:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/12/2015 10:35:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 9128118 Error: (02/12/2015 10:35:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 9128118 Error: (02/12/2015 10:35:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/12/2015 10:35:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 9126511 Error: (02/12/2015 10:35:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 9126511 Error: (02/12/2015 10:35:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/12/2015 08:03:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 5943 System errors:=============Error: (02/12/2015 10:39:27 PM) (Source: bowser) (EventID: 8003) (User: )Description: The master browser has received a server announcement from the computer AUDREY-PCthat believes that it is the master browser for the domain on transport NetBT_Tcpip_{72315BB8-29F0-42D4-9A50-6BE25EFE.The master browser is stopping or an election is being forced. Error: (02/12/2015 01:02:25 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (02/12/2015 01:00:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Parallel port driver%%1058 Error: (02/12/2015 01:00:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: USB RNDIS Adapter%%1058 Error: (02/12/2015 01:00:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058 Error: (02/12/2015 00:59:48 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 12:58:04 on 12/02/2015 was unexpected. Error: (02/12/2015 00:01:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86 Error: (02/12/2015 11:59:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Parallel port driver%%1058 Error: (02/12/2015 11:59:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: USB RNDIS Adapter%%1058 Error: (02/12/2015 11:59:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058 Microsoft Office Sessions:=========================Error: (02/12/2015 10:35:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 9129272 Error: (02/12/2015 10:35:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 9129272 Error: (02/12/2015 10:35:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/12/2015 10:35:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 9128118 Error: (02/12/2015 10:35:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 9128118 Error: (02/12/2015 10:35:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/12/2015 10:35:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 9126511 Error: (02/12/2015 10:35:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 9126511 Error: (02/12/2015 10:35:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/12/2015 08:03:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 5943 CodeIntegrity Errors:=================================== Date: 2015-02-12 23:11:38.289 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-12 23:11:37.997 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-12 23:11:37.712 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-12 23:11:37.395 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-12 23:10:10.299 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-12 23:10:09.908 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-12 23:10:09.288 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-12 23:10:08.806 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-12 23:06:11.700 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-12 23:06:11.383 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHzPercentage of memory in use: 71%Total physical RAM: 3033.63 MBAvailable physical RAM: 857.39 MBTotal Pagefile: 6305.52 MBAvailable Pagefile: 3304.39 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1918.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.88 GB) (Free:80.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: B8FDB839)Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Have attached Mbam check file as requested CheckResults.txt

Further note:- Husbands laptop is also taking ages to load the desktop, occasionally hanging on Windows Welcome page till need to force shut down, then start again, which usually works.

Noticed since upgrade of Malwarebytes to Premium. The laptop is running really slow especially on loading desktop & startup. Plus Google chrome appears to keep crashing - getting Aw Snap message - reload always works. Having similar problem with husbands laptop running Windows 7 & Avast, since upgrading to the premium. So am fairly certain its some problem with Malwarebytes premium. Have tried putting Delaying Malwarebytes Protection on Startup by 90 seconds on my laptop which seems to improve things a bit? However since doing this have noticed Malwarebytes icon is no longer in System taskbar. When I click on desktop icon it indicates that Realtime protection is enabled. But if its not showing in system taskbar am I receiving Realtime protection? Have just done a Malwarebytes scan which was totally clear. Am currently running Windows Vista & also have Avast on system. Any advice would be really welcome.

Hi Sorry just tried to download the Delfix again and this time its worked and it has deleted everything as required. Many Thanks once again Have put something in Paypal for your trouble. Pat

Hi Glad to hear I don't have to do anything with all those 'threats' on ESET presume they are classed as false positives? Tried to download delfix but got error message as not a valid Win32 application? Shall I just delete via Uninstall programmes? Especially as I use Malwarebytes all the time & dont want to uninstall it? Regards Pat

Ok Many thanks once again for helping. Know what you mean its quite late. Sleep well!

Final steps asap.....???? Does that mean you are sending me further instructions? Or Is the ESET log posted in Post 13 above not acceptable? It was copied from Program Files/ESET/ESET Online Scanner/log on Notepad.

Sorry didn't read the instructions properly. ESETSmartInstaller@High as downloader log:all okESETSmartInstaller@High as downloader log:all ok# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.7623# api_version=3.0.2# EOSSerial=8c0380b9d29fe44d95f471301166eb0f# engine=22368# end=stopped# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2015-02-08 08:39:48# local_time=2015-02-08 08:39:48 (+0000, GMT Standard Time)# country="United Kingdom"# lang=1033# osver=6.0.6002 NT Service Pack 2# compatibility_mode_1='avast! Antivirus'# compatibility_mode=783 16777213 71 95 987226 25682750 0 0# compatibility_mode_1=''# compatibility_mode=5892 16776573 100 100 198652 260960716 0 0# scanned=792# found=6# cleaned=0# scan_time=107sh=0B721092D2B67397D9406788D4DF4DA87CD5A6F4 ft=1 fh=82fa0b549d14e9bf vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Dave\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll.vir"sh=4BECECC6C1BA8187EB0E22A3E050DB6547B4C6E3 ft=1 fh=5f6c4b27cfa94330 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\AskToolbar\Downloaded Program Files\AviraTrans.dll.vir"sh=0B721092D2B67397D9406788D4DF4DA87CD5A6F4 ft=1 fh=82fa0b549d14e9bf vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll.vir"sh=4BECECC6C1BA8187EB0E22A3E050DB6547B4C6E3 ft=1 fh=5f6c4b27cfa94330 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\AskToolbar\Downloaded Program Files\AviraTrans.dll.vir"sh=0B721092D2B67397D9406788D4DF4DA87CD5A6F4 ft=1 fh=82fa0b549d14e9bf vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll.vir"sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pat\VideoConverter\VideoConverter.exe.vir"ESETSmartInstaller@High as downloader log:all ok# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.7623# api_version=3.0.2# EOSSerial=8c0380b9d29fe44d95f471301166eb0f# engine=22368# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2015-02-08 10:30:42# local_time=2015-02-08 10:30:42 (+0000, GMT Standard Time)# country="United Kingdom"# lang=1033# osver=6.0.6002 NT Service Pack 2# compatibility_mode_1='avast! Antivirus'# compatibility_mode=783 16777213 71 95 997480 25689404 0 0# compatibility_mode_1=''# compatibility_mode=5892 16776573 100 100 208906 260967370 0 0# scanned=161311# found=60# cleaned=0# scan_time=6510sh=0B721092D2B67397D9406788D4DF4DA87CD5A6F4 ft=1 fh=82fa0b549d14e9bf vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Dave\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll.vir"sh=4BECECC6C1BA8187EB0E22A3E050DB6547B4C6E3 ft=1 fh=5f6c4b27cfa94330 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\AskToolbar\Downloaded Program Files\AviraTrans.dll.vir"sh=0B721092D2B67397D9406788D4DF4DA87CD5A6F4 ft=1 fh=82fa0b549d14e9bf vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll.vir"sh=4BECECC6C1BA8187EB0E22A3E050DB6547B4C6E3 ft=1 fh=5f6c4b27cfa94330 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\AskToolbar\Downloaded Program Files\AviraTrans.dll.vir"sh=0B721092D2B67397D9406788D4DF4DA87CD5A6F4 ft=1 fh=82fa0b549d14e9bf vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll.vir"sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pat\VideoConverter\VideoConverter.exe.vir"sh=59C75B45AC46FAC8C4018205544938C46B1BA631 ft=1 fh=ab462a0af6e69b03 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Dave\Downloads\ccsetup405.exe"sh=ADF2AD3B94EB35DC371AB7A1A49B004B7C76BFA5 ft=1 fh=f95766f30bc4ebc6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Dave\Downloads\ccsetup406.exe"sh=44A7AE70AA7AC181E962591F263CFA55C823B4FC ft=1 fh=cf972a16567b49c6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Dave\Downloads\Shockwave_Installer_Slim.exe"sh=4BECECC6C1BA8187EB0E22A3E050DB6547B4C6E3 ft=1 fh=5f6c4b27cfa94330 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Default\AppData\Local\AskToolbar\Downloaded Program Files\AviraTrans.dll"sh=DD2B65E0DC0E179649D517DC9819399A4201FB6C ft=1 fh=d0a7f3949e3545a5 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\avira_free_antivirus_en.exe"sh=2E9FC5EE22DDB3588857BAEB1EC51885EB3D3C27 ft=1 fh=78aa2c558c3526a3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup318.exe"sh=03659459CF218748D115AB0EBD09E04AE43D9BC4 ft=1 fh=b7fea6e53bda36e3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup323.exe"sh=3D84C7C0E316EAD02DD7A59E746EC798DAB8BC0C ft=1 fh=ce50a11e70bad71c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup328 (1).exe"sh=3D84C7C0E316EAD02DD7A59E746EC798DAB8BC0C ft=1 fh=ce50a11e70bad71c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup328.exe"sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup400 (1).exe"sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup400.exe"sh=2FEC2BB06C11B711B37E7D1BAC0004F8F25A4C7B ft=1 fh=9586b0754c97a9e0 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup401.exe"sh=EA244E84E1468A6AF4741F2184E113A16F833D8B ft=1 fh=a9c73d0d07b22a58 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup402 (1).exe"sh=EA244E84E1468A6AF4741F2184E113A16F833D8B ft=1 fh=a9c73d0d07b22a58 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup402.exe"sh=A4854C3C5A7277D3C02F88330D2023AAD3667533 ft=1 fh=818bd9cd8f0d2ffa vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup403 (1).exe"sh=A4854C3C5A7277D3C02F88330D2023AAD3667533 ft=1 fh=818bd9cd8f0d2ffa vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup403.exe"sh=6525F85F423A8ACB9DE261FCE7C1BFDCAF0651EC ft=1 fh=e751b5239200023c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup404.exe"sh=59C75B45AC46FAC8C4018205544938C46B1BA631 ft=1 fh=ab462a0af6e69b03 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup405 (1).exe"sh=59C75B45AC46FAC8C4018205544938C46B1BA631 ft=1 fh=ab462a0af6e69b03 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup405 (2).exe"sh=59C75B45AC46FAC8C4018205544938C46B1BA631 ft=1 fh=ab462a0af6e69b03 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup405.exe"sh=DD6E088E22874B283348A15DB5159C7B20CC6D22 ft=1 fh=fe9dda6ca79832a6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup407 (1).exe"sh=DD6E088E22874B283348A15DB5159C7B20CC6D22 ft=1 fh=fe9dda6ca79832a6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup407.exe"sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup408 (1).exe"sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup408.exe"sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup409 (1).exe"sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup409.exe"sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup410.exe"sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup411.exe"sh=DA0FB77CECB4247F067294DA5E54E0020844FECE ft=1 fh=96c9faddf1c23368 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup413.exe"sh=F83855D2F4CB2063085A6A66A6A1C7CB377C28CB ft=1 fh=bcd5e45444e76df6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup414.exe"sh=D12F2B7B95F3EB52E57E5E034F4315F4716670FF ft=1 fh=fa0e3acfd523f7f9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup415.exe"sh=A601D7FA1AC943E7C513C18554B4963A7CC30777 ft=1 fh=24077ef6e95ea586 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup419.exe"sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup500.exe"sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup501.exe"sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\ccsetup502.exe"sh=0DA5BF6A614D7B9BEB2F060EC11FA290A16313A1 ft=1 fh=16ce9d450490cca4 vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\FixBeeV1.exe"sh=3FA3207F8176D4ABD00FA39EDFCCA469128BA859 ft=1 fh=c30d9f97003238f2 vn="Win32/Graboid potentially unsafe application" ac=I fn="C:\Users\Pat\Downloads\GraboidVideoSetup-3.01-Complete.exe"sh=FE2D1BAB37AD9E6A46D423FCD136DF476715FC45 ft=1 fh=9ad9f0a2911ff436 vn="a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\iLividSetupV1 (1).exe"sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner (1).exe"sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner (2).exe"sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner (3).exe"sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner (4).exe"sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner (5).exe"sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner (6).exe"sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner (7).exe"sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner (8).exe"sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner (9).exe"sh=F6B9AF298DBD1F95DFEF09DCCBF3928EC66EDBB1 ft=1 fh=bee81b40350d2bad vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\Pat\Downloads\Setup_FreeBurner.exe"sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Patricia\Downloads\ccsetup412.exe"sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Patricia\Downloads\ccsetup416.exe"sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Patricia\Downloads\ccsetup417.exe"sh=F69F5B71A6FA94B71504EF184913BCF428D43899 ft=1 fh=6c8257ade2556f83 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Patricia\Downloads\ccsetup418.exe"sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"sh=1C9941A88FF7BCBFE354836732A047D647E75379 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\AskToolbar\avira.cab"

Hi ESET has found 60 threats/infected files!!! Please advise what to do next. I may not get a chance to do any more tonight but will continue 1st thing tomorrow. Thanks Pat Below is the scan results C:\AdwCleaner\Quarantine\C\Users\Dave\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\AskToolbar\Downloaded Program Files\AviraTrans.dll.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\AskToolbar\Downloaded Program Files\AviraTrans.dll.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\AskToolbar\Downloaded Program Files\AviraWidget.dll.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Users\Pat\VideoConverter\VideoConverter.exe.vir a variant of Win32/InstallCore.A potentially unwanted applicationC:\Users\Dave\Downloads\ccsetup405.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Dave\Downloads\ccsetup406.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Dave\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Default\AppData\Local\AskToolbar\Downloaded Program Files\AviraTrans.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Users\Pat\Downloads\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup318.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup328 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup328.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup400 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup400.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup402 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup403 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup405 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup405 (2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup405.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup407 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup408 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup409 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup419.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\ccsetup502.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Pat\Downloads\FixBeeV1.exe Win32/Toolbar.SearchSuite potentially unwanted applicationC:\Users\Pat\Downloads\GraboidVideoSetup-3.01-Complete.exe Win32/Graboid potentially unsafe applicationC:\Users\Pat\Downloads\iLividSetupV1 (1).exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationC:\Users\Pat\Downloads\Setup_FreeBurner (1).exe Win32/Toolbar.SearchSuite potentially unwanted applicationC:\Users\Pat\Downloads\Setup_FreeBurner (2).exe Win32/Toolbar.SearchSuite potentially unwanted applicationC:\Users\Pat\Downloads\Setup_FreeBurner (3).exe Win32/Toolbar.SearchSuite potentially unwanted applicationC:\Users\Pat\Downloads\Setup_FreeBurner (4).exe Win32/Toolbar.SearchSuite potentially unwanted applicationC:\Users\Pat\Downloads\Setup_FreeBurner (5).exe Win32/Toolbar.SearchSuite potentially unwanted applicationC:\Users\Pat\Downloads\Setup_FreeBurner (6).exe Win32/Toolbar.SearchSuite potentially unwanted applicationC:\Users\Pat\Downloads\Setup_FreeBurner (7).exe Win32/Toolbar.SearchSuite potentially unwanted applicationC:\Users\Pat\Downloads\Setup_FreeBurner (8).exe Win32/Toolbar.SearchSuite potentially unwanted applicationC:\Users\Pat\Downloads\Setup_FreeBurner (9).exe Win32/Toolbar.SearchSuite potentially unwanted applicationC:\Users\Pat\Downloads\Setup_FreeBurner.exe Win32/Toolbar.SearchSuite potentially unwanted applicationC:\Users\Patricia\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Patricia\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Patricia\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Patricia\Downloads\ccsetup418.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Windows\System32\config\systemprofile\AppData\LocalLow\AskToolbar\avira.cab a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

Hi Have completed all the other actions and the Malwarebytes scan was completely clear. Do I remove the instruction to scan root kits or can I leave it on? Do I still leave the various downloads on the system? If not how do I uninstall them? Many Thanks Regards Pat Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 08/02/2015Scan Time: 19:22:10Logfile: Administrator: Yes Version: 2.00.4.1028Malware Database: v2015.02.08.05Rootkit Database: v2015.02.03.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows Vista Service Pack 2CPU: x86File System: NTFSUser: Patricia Scan Type: Threat ScanResult: CompletedObjects Scanned: 447446Time Elapsed: 49 min, 43 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: WarnPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)

This is the log from Adw Cleaner Shall I continue with the rest of your instructions? # AdwCleaner v4.110 - Logfile created 08/02/2015 at 18:27:18# Updated 05/02/2015 by Xplode# Database : 2015-02-08.1 [server]# Operating system : Windows Vista Home Premium Service Pack 2 (x86)# Username : Patricia - PAT-PC# Running from : C:\Users\Patricia\Downloads\AdwCleaner.exe# Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** -\\ Internet Explorer v9.0.8112.16599 -\\ Google Chrome v40.0.2214.111 ************************* AdwCleaner[R0].txt - [2691 bytes] - [29/01/2015 19:15:02]AdwCleaner[R1].txt - [1686 bytes] - [08/02/2015 17:45:00]AdwCleaner[R2].txt - [935 bytes] - [08/02/2015 17:54:18]AdwCleaner[s0].txt - [2800 bytes] - [29/01/2015 19:28:10]AdwCleaner[s1].txt - [863 bytes] - [08/02/2015 18:27:18] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [921 bytes] ##########

Scan with AdwCleaner (by Xplode) Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select "Run As Administrator" Vista doesnt allow me to save to Desktop, though have managed to open and run as AdministratorClick on the Scan button.Have scanned but have message "Waiting for action. Please uncheck elements you want to keep". The blue loading ribbon underneath is blank and the Results section is blank! What do I do?After the scan has finished, click on the Clean button.The clean button has a red cross. What do I do?Press OK when asked to close all programs and follow the onscreen prompts.After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically. Copy and paste the contents of that logfile in your next reply.Hi Have listed the problem I am having with running AdwCleaner above in bold, underlined red. I have tried to do this twice both on my normal desktop (using Administrative privileges) & also on the secure desktop with Administrative privileges Can you please advise what I should do? Regards Pat

Hi Have attached the FRST scan results as requested. Have had to disable AVAST as it blocked the FRST download, is that ok? FRST Log Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2015Ran by Patricia (administrator) on PAT-PC on 08-02-2015 11:44:18Running from C:\Users\Patricia\DownloadsLoaded Profiles: Pat & Patricia (Available profiles: Pat & Dave & Patricia & Guest)Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)Internet Explorer Version 9 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe(Microsoft Corporation) C:\Windows\System32\SLsvc.exe(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Microsoft Corporation) C:\Windows\System32\mobsync.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILGE.EXE(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILGE.EXE(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-11-18] (IDT, Inc.)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc.)HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-12-02] (Western Digital Technologies, Inc.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-04] (Google Inc.)HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Run: [Google Update] => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-30] (Google Inc.)HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILGE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {225807c9-e77f-11e0-bda7-0023ae2e7f5f} - E:\setup_vmc_lite.exe /checkApplicationPresenceHKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {2258083a-e77f-11e0-bda7-0023ae2e7f5f} - E:\setup_vmc_lite.exe /checkApplicationPresenceHKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {44d29be0-9939-11e4-a590-0023ae2e7f5f} - "E:\WD Drive Unlock.exe" autoplay=trueHKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {bc5fe618-a4b3-11e1-b07b-0023ae2e7f5f} - E:\setup_vmc_lite.exe /checkApplicationPresenceHKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {f5249c97-84bd-11e1-b029-0023ae2e7f5f} - E:\setup_vmc_lite.exe /checkApplicationPresenceHKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {f5249caa-84bd-11e1-b029-0023ae2e7f5f} - E:\setup_vmc_lite.exe /checkApplicationPresenceHKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MountPoints2: {fb436b0c-a4b6-11e1-81cd-806e6f6e6963} - E:\setup_vmc_lite.exe /checkApplicationPresenceHKU\S-1-5-21-2532494780-3708508292-916854352-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILGE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnkShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2532494780-3708508292-916854352-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2532494780-3708508292-916854352-1000 -> {090C3A3A-C46F-4AF9-B5D8-B9D9A88B110E} URL = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000028&src=crm&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000SearchScopes: HKU\S-1-5-21-2532494780-3708508292-916854352-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=421&sr=0&q={searchTerms}BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No FileBHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKU\S-1-5-21-2532494780-3708508292-916854352-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No FileToolbar: HKU\S-1-5-21-2532494780-3708508292-916854352-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKU\S-1-5-21-2532494780-3708508292-916854352-1002 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No FileToolbar: HKU\S-1-5-21-2532494780-3708508292-916854352-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cabDPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cabDPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @real.com/nppl3260;version=15.0.2.72 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprjplug;version=15.0.2.72 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpjplug;version=15.0.2.72 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2532494780-3708508292-916854352-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKU\S-1-5-21-2532494780-3708508292-916854352-1000: @talk.google.com/O1DPlugin -> C:\Users\Pat\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKU\S-1-5-21-2532494780-3708508292-916854352-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-2532494780-3708508292-916854352-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-2532494780-3708508292-916854352-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-07-03]FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-02-20]FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-17] Chrome: =======CHR Profile: C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23]CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-09-17]CHR Extension: (Google Wallet) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-02-20] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-11-17] (Andrea Electronics Corporation)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-11-18] (IDT, Inc.)R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-10-09] (Vodafone) [File not signed]R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-10-23] (Western Digital Technologies, Inc.)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-26] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-26] (AVAST Software)R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-26] (AVAST Software)R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2015-02-08] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 11:44 - 2015-02-08 11:44 - 00020801 _____ () C:\Users\Patricia\Downloads\FRST.txt2015-02-08 11:43 - 2015-02-08 11:43 - 01124352 _____ (Farbar) C:\Users\Patricia\Downloads\FRST.exe2015-02-08 11:33 - 2015-02-08 11:34 - 01124352 _____ (Farbar) C:\Users\Pat\Downloads\FRST (1).exe2015-02-08 11:26 - 2015-02-08 11:29 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat2015-02-08 00:36 - 2015-02-08 00:36 - 00022184 _____ () C:\Users\Pat\Downloads\Addition.txt2015-02-08 00:35 - 2015-02-08 00:36 - 00029828 _____ () C:\Users\Pat\Downloads\FRST.txt2015-02-08 00:34 - 2015-02-08 11:44 - 00000000 ____D () C:\FRST2015-02-08 00:34 - 2015-02-08 00:34 - 01124352 _____ (Farbar) C:\Users\Pat\Downloads\FRST.exe2015-02-05 19:03 - 2015-02-05 19:03 - 00001624 _____ () C:\Users\Public\Desktop\iTunes.lnk2015-02-05 19:03 - 2015-02-05 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-02-05 19:01 - 2015-02-05 19:03 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB2015-02-05 19:01 - 2015-02-05 19:03 - 00000000 ____D () C:\Program Files\iTunes2015-02-05 19:01 - 2015-02-05 19:01 - 00000000 ____D () C:\Program Files\iPod2015-01-29 19:15 - 2015-01-29 19:28 - 00000000 ____D () C:\AdwCleaner2015-01-29 19:13 - 2015-01-29 19:14 - 02194432 _____ () C:\Users\Pat\Downloads\adwcleaner_4.109.exe2015-01-28 01:40 - 2015-01-28 01:40 - 05325208 _____ (Piriform Ltd) C:\Users\Pat\Downloads\ccsetup502.exe2015-01-25 10:54 - 2015-01-25 10:55 - 04287921 _____ () C:\Users\Pat\Downloads\100picturesforyou (2).zip2015-01-22 17:21 - 2015-01-22 17:21 - 04287921 _____ () C:\Users\Pat\Downloads\100picturesforyou.zip2015-01-22 17:21 - 2015-01-22 17:21 - 04287921 _____ () C:\Users\Pat\Downloads\100picturesforyou (1).zip2015-01-21 02:01 - 2014-10-23 11:30 - 50569804 _____ () C:\Users\Pat\Desktop\Isla clapping hands.MOV2015-01-20 12:39 - 2014-12-19 00:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2015-01-20 12:19 - 2014-12-06 03:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll2015-01-20 12:19 - 2014-12-06 03:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2015-01-20 12:19 - 2014-12-06 03:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll2015-01-20 12:19 - 2014-12-06 03:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll2015-01-11 02:31 - 2015-01-11 02:31 - 00000000 ____D () C:\Users\Pat\AppData\Local\Western_Digital_Technolog2015-01-11 02:31 - 2015-01-11 02:31 - 00000000 ____D () C:\Users\Pat\AppData\Local\Western Digital2015-01-11 00:39 - 2015-01-11 00:39 - 00001021 _____ () C:\Users\Pat\Desktop\WD Security.lnk2015-01-11 00:32 - 2015-01-21 16:27 - 00000000 ____D () C:\ProgramData\Package Cache2015-01-11 00:19 - 2015-01-21 16:39 - 00029118 _____ () C:\Windows\DPINST.LOG2015-01-11 00:19 - 2015-01-21 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital2015-01-11 00:19 - 2015-01-21 16:37 - 00000000 ____D () C:\Program Files\Western Digital2015-01-11 00:19 - 2015-01-21 16:37 - 00000000 ____D () C:\Program Files\Common Files\Western Digital2015-01-11 00:19 - 2015-01-11 00:19 - 00000954 _____ () C:\Users\Public\Desktop\WD Drive Utilities.lnk2015-01-11 00:11 - 2015-01-21 16:37 - 00000000 ____D () C:\ProgramData\Western Digital2015-01-10 18:51 - 2015-01-10 18:55 - 71647536 _____ (Apple Inc.) C:\Users\Pat\Downloads\icloudsetup (1).exe2015-01-10 18:33 - 2015-01-10 18:33 - 00460915 _____ () C:\Users\Pat\Downloads\IMG_1854 (1).MOV2015-01-10 18:28 - 2015-01-10 18:28 - 00460915 _____ () C:\Users\Pat\Downloads\IMG_1854.MOV ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 11:39 - 2014-04-25 21:44 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-02-08 11:39 - 2011-07-04 17:00 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-02-08 11:37 - 2008-01-21 01:35 - 02068952 _____ () C:\Windows\WindowsUpdate.log2015-02-08 11:23 - 2013-11-15 14:08 - 05694982 _____ () C:\Windows\PFRO.log2015-02-08 11:23 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-02-08 11:23 - 2006-11-02 12:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02015-02-08 11:23 - 2006-11-02 12:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02015-02-08 01:24 - 2006-11-02 13:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2015-02-08 01:05 - 2013-08-30 08:21 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532494780-3708508292-916854352-1000UA.job2015-02-08 01:00 - 2012-05-19 08:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-02-08 00:52 - 2014-04-20 18:52 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-215 217 Series Update {6AC83EC9-CF8C-424B-995E-08AA3CAE134B}.job2015-02-08 00:52 - 2014-04-20 18:52 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-215 217 Series Invitation {6AC83EC9-CF8C-424B-995E-08AA3CAE134B}.job2015-02-08 00:50 - 2011-07-04 17:00 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-02-07 11:05 - 2013-08-30 08:21 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532494780-3708508292-916854352-1000Core.job2015-02-06 18:04 - 2006-11-02 10:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI2015-02-05 22:58 - 2013-09-17 20:38 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-02-05 19:01 - 2012-01-30 17:10 - 00000000 ____D () C:\Program Files\Common Files\Apple2015-02-05 19:00 - 2012-05-19 08:32 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2015-02-05 19:00 - 2011-07-01 22:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2015-02-05 18:05 - 2013-08-16 22:40 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Mozilla2015-01-30 10:39 - 2011-07-05 22:08 - 00002569 _____ () C:\Users\Pat\Desktop\Microsoft Office Word 2003.lnk2015-01-29 19:28 - 2011-06-27 12:06 - 00000000 ____D () C:\Users\Pat2015-01-29 11:26 - 2012-05-18 12:01 - 00000000 ____D () C:\Users\Patricia\AppData\Local\Google2015-01-28 01:40 - 2012-05-18 14:50 - 00000764 _____ () C:\Users\Public\Desktop\CCleaner.lnk2015-01-28 01:40 - 2012-05-18 14:50 - 00000000 ____D () C:\Program Files\CCleaner2015-01-25 16:17 - 2011-07-05 22:08 - 00002567 _____ () C:\Users\Pat\Desktop\Microsoft Office Excel 2003.lnk2015-01-25 15:00 - 2011-07-05 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software2015-01-20 12:39 - 2013-07-28 11:11 - 00000000 ____D () C:\Windows\system32\MRT2015-01-20 12:20 - 2006-11-02 10:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe ==================== Files in the root of some directories ======= 2014-04-07 10:12 - 2014-04-07 10:12 - 0000055 _____ () C:\Users\Patricia\AppData\Roaming\mbam.context.scan2012-05-23 09:55 - 2014-11-13 12:18 - 0006080 _____ () C:\Users\Patricia\AppData\Local\d3d9caps.dat2008-08-20 15:45 - 2008-08-20 15:45 - 0020270 _____ () C:\ProgramData\DeviceInstaller.xml2008-09-22 13:21 - 2008-09-22 13:21 - 0127092 ____R () C:\ProgramData\DeviceManager.xml.rc4 Some content of TEMP:====================C:\Users\Dave\AppData\Local\Temp\avgnt.exeC:\Users\Guest\AppData\Local\Temp\AskSLib.dllC:\Users\Patricia\AppData\Local\Temp\Quarantine.exeC:\Users\Patricia\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-08 11:47 ==================== End Of Log ============================ Addition LogAdditional scan result of Farbar Recovery Scan Tool (x86) Version: 07-02-2015Ran by Patricia at 2015-02-08 11:45:31Running from C:\Users\Patricia\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Photoshop 6.0 (HKLM\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - )Amazon Kindle (HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Amazon Kindle) (Version: - Amazon)Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ArcSoft Multimedia Email (HKLM\...\{DD54CF66-090B-43E7-97C1-110EF526474D}) (Version: - )Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)AVS Video Converter 8 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 8.3.2.533 - Online Media Technologies Ltd.)Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)Dropbox (HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)Easy Phone Tunes (HKLM\...\{03ED925F-9E5E-4532-998D-7F8840FE5A74}) (Version: 137 - Easy Phone Tunes)Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)Epson Easy Photo Print 2 (HKLM\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)Epson Event Manager (HKLM\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)EPSON Manuals (HKLM\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version: - SEIKO EPSON Corporation)EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)Free Easy Burner V 5.1 (HKLM\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)Get Yahoo! Messenger (HKLM\...\Get Yahoo! Messenger) (Version: - )Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)Google SketchUp 8 (HKLM\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)Google Talk Plugin (HKLM\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.26.9 - Google Inc.) HiddeniCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6124.0 - IDT)Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.63.3.3 - Marvell)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)MyFreeCodec (HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\MyFreeCodec) (Version: - )MyFreeCodec (HKU\S-1-5-21-2532494780-3708508292-916854352-1002\...\MyFreeCodec) (Version: - )Photosynth 2.0110.0317.1042 (HKLM\...\{B08AC850-5B07-41F1-9DB1-56CF72003BDA}) (Version: 3.3.3.3 - Microsoft)Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.2.17 - Dell Inc.)QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) HiddenRealPlayer (HKLM\...\RealPlayer 15.0) (Version: - RealNetworks)Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) HiddenSerif PagePlus 9.0 (HKLM\...\{BCA541B4-00B4-4D20-B38D-6623BF2F68BF}) (Version: 9.00 - Serif)Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)Smilebox (HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)Software Updater (HKLM\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) HiddenUpdate for Video Converter (HKU\S-1-5-21-2532494780-3708508292-916854352-1000\...\DSite) (Version: - ) <==== ATTENTIONVisual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)Vodafone Mobile Connect Lite (HKLM\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.5.11690 - Vodafone)WD Drive Utilities (HKLM\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)WD Quick View (HKLM\...\{79966948-BECF-4CB1-A79F-E76C830A17D2}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)WD Security (HKLM\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)WD SmartWare (HKLM\...\{9D86C21F-11DD-4FBD-97CE-AE6BE34D271C}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)WD SmartWare Installer (HKLM\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{1383A31C-26AC-4d88-91F1-EEAD77D81FA6}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\MP3Writer.dll ()CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{382C9F93-9BA4-4FC6-88DC-AD52F5812FF8}\localserver32 -> C:\Users\Pat\AppData\Roaming\Smilebox\OzDesktopImporter.exe (Octazen Solutions)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{4665E44B-8B9A-4515-A086-E94ECE374608}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\CoreAAC.ax ()CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{6AC7C19E-8CA0-4E3D-9A9F-2881DE29E0AC}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\CoreAAC.ax ()CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{919AB5F1-1C34-47a2-9C02-17128222C7CF}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\MP3Encoder.dll ()CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File PathCustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{BBFC1A2A-D3A2-4610-847D-26592022F86E}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\CoreAAC.ax ()CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{C42B23DF-334C-4AD0-9AB4-91FF53D04239}\localserver32 -> C:\Users\Pat\AppData\Roaming\Smilebox\OzDesktopImporter.exe (Octazen Solutions)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{D3D9D58B-45B5-48AB-B199-B8C40560AEC7}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Smilebox\MP4Splitter.ax (Gabest)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1002_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2532494780-3708508292-916854352-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 03-01-2015 10:13:30 Scheduled Checkpoint04-01-2015 11:04:10 Scheduled Checkpoint06-01-2015 11:31:33 Windows Update10-01-2015 11:59:08 Scheduled Checkpoint10-01-2015 19:11:52 Windows Backup11-01-2015 00:24:47 Installed WD Security19-01-2015 21:14:01 Windows Update20-01-2015 12:18:24 Windows Update21-01-2015 16:27:00 WD SmartWare Installer23-01-2015 14:33:18 Scheduled Checkpoint25-01-2015 14:59:01 Installed Software Updater27-01-2015 11:34:54 Windows Update29-01-2015 20:26:37 Scheduled Checkpoint05-02-2015 17:53:06 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 10:23 - 2006-09-18 21:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1BCB786E-9A11-4B8A-91D1-5068D97096AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {226F8FFD-84FE-4DCB-882D-A547187E3A2C} - System32\Tasks\EPSON XP-215 217 Series Invitation {6AC83EC9-CF8C-424B-995E-08AA3CAE134B} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)Task: {4810D204-98D7-466E-80DA-D51FADBAF9D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)Task: {613D58C0-20A5-470D-A6E0-9839C9710F1B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)Task: {734F45E6-B18A-4EE5-9ABC-B967E3CC0C22} - System32\Tasks\EPSON XP-215 217 Series Update {6AC83EC9-CF8C-424B-995E-08AA3CAE134B} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)Task: {740358E3-F8C8-41EF-AFD9-1B2C85E59725} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)Task: {943D4923-C6C5-4AE4-B7C7-8E1C4B67C5B9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532494780-3708508292-916854352-1000UA => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-30] (Google Inc.)Task: {9EDEE3CE-985A-46E4-B2C3-AF7FB112C60A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2532494780-3708508292-916854352-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)Task: {A5484A87-5E04-4EF9-948C-26AFD1B98897} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)Task: {BE385223-65BF-4BCF-A319-8A1928661EEB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2532494780-3708508292-916854352-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)Task: {DAA9D7E7-B77F-4A56-93FC-DC73EB295613} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532494780-3708508292-916854352-1000Core => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-30] (Google Inc.)Task: {F83ABB0E-9626-486C-BE36-02DBB90B627A} - System32\Tasks\{2F7B4B56-AA0D-4FDD-9097-608A85E88719} => pcalua.exe -a "C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ITYGCZ68\avira_antivir_personal_en[1].exe" -d C:\Users\Pat\DesktopTask: {FDF8A04E-DC9E-49D7-A976-F40143208BA7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-26] (AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\EPSON XP-215 217 Series Invitation {6AC83EC9-CF8C-424B-995E-08AA3CAE134B}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXETask: C:\Windows\Tasks\EPSON XP-215 217 Series Update {6AC83EC9-CF8C-424B-995E-08AA3CAE134B}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXETask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532494780-3708508292-916854352-1000Core.job => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532494780-3708508292-916854352-1000UA.job => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2015-02-07 19:04 - 2015-02-07 19:04 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020701\algo.dll2014-04-17 14:34 - 2014-11-26 16:44 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2015-02-05 22:58 - 2015-02-04 09:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll2014-04-18 10:15 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Pat\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll2014-04-18 10:15 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Pat\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll2014-11-13 12:55 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll2014-11-13 12:55 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2532494780-3708508292-916854352-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pat\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpgHKU\S-1-5-21-2532494780-3708508292-916854352-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITORMSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"MSCONFIG\startupreg: EPLTarget => MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe ==================== Accounts: ============================= Administrator (S-1-5-21-2532494780-3708508292-916854352-500 - Administrator - Disabled)Dave (S-1-5-21-2532494780-3708508292-916854352-1001 - Limited - Enabled) => C:\Users\DaveGuest (S-1-5-21-2532494780-3708508292-916854352-501 - Limited - Disabled) => C:\Users\GuestPat (S-1-5-21-2532494780-3708508292-916854352-1000 - Limited - Enabled) => C:\Users\PatPatricia (S-1-5-21-2532494780-3708508292-916854352-1002 - Administrator - Enabled) => C:\Users\Patricia ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (02/08/2015 11:30:04 AM) (Source: Perflib) (EventID: 1008) (User: )Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (02/08/2015 11:29:59 AM) (Source: Perflib) (EventID: 1010) (User: )Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (02/08/2015 11:24:29 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/08/2015 11:24:08 AM) (Source: VMCService) (EventID: 0) (User: )Description: conflictManagerTypeValue Error: (02/07/2015 09:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1989200 Error: (02/07/2015 09:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1989200 Error: (02/07/2015 09:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/07/2015 09:21:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1987952 Error: (02/07/2015 09:21:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1987952 Error: (02/07/2015 09:21:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second System errors:=============Error: (02/08/2015 11:27:35 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2} Error: (02/08/2015 11:25:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: 30000Eventlog Error: (02/08/2015 11:25:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Parallel port driver%%1058 Error: (02/08/2015 11:25:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: USB RNDIS Adapter%%1058 Error: (02/08/2015 11:25:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058 Error: (02/07/2015 05:49:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Parallel port driver%%1058 Error: (02/07/2015 05:49:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: USB RNDIS Adapter%%1058 Error: (02/07/2015 05:49:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058 Error: (02/07/2015 00:16:02 PM) (Source: bowser) (EventID: 8003) (User: )Description: The master browser has received a server announcement from the computer AUDREY-PCthat believes that it is the master browser for the domain on transport NetBT_Tcpip_{72315BB8-29F0-42D4-9A50-6BE25EFE.The master browser is stopping or an election is being forced. Error: (02/07/2015 10:40:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Parallel port driver%%1058 Microsoft Office Sessions:=========================Error: (02/08/2015 11:30:04 AM) (Source: Perflib) (EventID: 1008) (User: )Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (02/08/2015 11:29:59 AM) (Source: Perflib) (EventID: 1010) (User: )Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (02/08/2015 11:24:29 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/08/2015 11:24:08 AM) (Source: VMCService) (EventID: 0) (User: )Description: conflictManagerTypeValue Error: (02/07/2015 09:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1989200 Error: (02/07/2015 09:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1989200 Error: (02/07/2015 09:21:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/07/2015 09:21:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1987952 Error: (02/07/2015 09:21:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1987952 Error: (02/07/2015 09:21:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second CodeIntegrity Errors:=================================== Date: 2015-02-08 11:25:50.723 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-08 01:20:08.309 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-08 01:20:07.746 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-08 01:20:07.435 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-08 01:20:05.871 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-08 01:03:51.783 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-08 01:03:51.413 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-08 01:03:50.994 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-08 01:03:50.442 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-07 21:24:55.694 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHzPercentage of memory in use: 60%Total physical RAM: 3033.63 MBAvailable physical RAM: 1183.76 MBTotal Pagefile: 6301.52 MBAvailable Pagefile: 4134.96 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1914.45 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.88 GB) (Free:78.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: B8FDB839)Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Thank you for helping

Please find below the Malwarebytes log report. This has now appeared a number of times and each time it is quarantined but turns up again on the next scan. I would really appreciate some advice on how to remove it. Thankyou Pat Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 08/02/2015 Scan Time: 00:58:03 Logfile: Administrator: No Version: 2.00.2.1012 Malware Database: v2015.02.08.01 Rootkit Database: v2015.02.03.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows Vista Service Pack 2 CPU: x86 File System: NTFS User: Pat Scan Type: Threat Scan Result: Completed Objects Scanned: 265611 Time Elapsed: 15 min, 50 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 Trojan.Agent, C:\Users\Patricia\AppData\Local\Temp\Quarantine.exe, Delete-on-Reboot, [45bc09131e6cf046b1a36fae9d654eb2], Physical Sectors: 0 (No malicious items detected) (end)