Page 1 of 5 12345 LastLast
Results 1 to 10 of 45

Thread: Ransomware Trojan

  1. #1
    Member
    Join Date
    Mar 2008
    Location
    England
    Posts
    64

    Default Ransomware Trojan

    Hello again, sorry so soon,

    I got the same pop-up as one month ago, asking permission to make a registry change:

    (link) http://forums.spybot.info/showthread...egistry-hijack

    so this time allowed it (as was Shelf Life's recommendation previously).

    It has now implemented a Police-type Trojan, requiring UKash or similar, and had a webcam section that took over my webcam. I've booted in safe-mode, ran spybot (found nothing) and thought I'd need help, what with what I've heard about Cryptolocker recently.

    I run eRunt and seems like it worked fine.



    DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
    Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.65.2
    Run by Ed and Lou 2 at 0:36:50 on 2014-07-20
    .
    ============== Running Processes ================
    .
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bq.bp.2020.net/Core/Player/2020PlayerAX_Win32.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{D34D4A84-3E9D-40D5-A6D9-93A100A1B04F} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{D34D4A84-3E9D-40D5-A6D9-93A100A1B04F}\A5978554C4F57303932357B656 : DHCPNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - <no file>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? AERTFilters;Andrea RT Filters Service
    R? aswHwid;avast! HardwareID
    R? aswMonFlt;aswMonFlt
    R? aswRvrt;avast! Revert
    R? aswSnx;aswSnx
    R? aswSP;aswSP
    R? aswStm;aswStm
    R? aswVmm;avast! VM Monitor
    R? avast! Antivirus;avast! Antivirus
    R? btusbflt;Bluetooth USB Filter
    R? btwl2cap;Bluetooth L2CAP Service
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
    R? CtClsFlt;Creative Camera Class Upper Filter Driver
    R? cvhsvc;Client Virtualization Handler
    R? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
    R? DockLoginService;Dock Login Service
    R? fssfltr;fssfltr
    R? fsssvc;Windows Live Family Safety Service
    R? Impcd;Impcd
    R? IntcDAud;Intel(R) Display Audio
    R? LVPr2M64;Logitech LVPr2M64 Driver
    R? LVPrcS64;Process Monitor
    R? LVRS64;Logitech RightSound Filter Driver
    R? LVUVC64;Logitech QuickCam E3500(UVC)
    R? MBAMProtector;MBAMProtector
    R? MBAMScheduler;MBAMScheduler
    R? MBAMService;MBAMService
    R? MBAMSwissArmy;MBAMSwissArmy
    R? MBAMWebAccessControl;MBAMWebAccessControl
    R? PSI;PSI
    R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
    R? SBSDWSCService;SBSD Security Center Service
    R? Secunia PSI Agent;Secunia PSI Agent
    R? Secunia Update Agent;Secunia Update Agent
    R? Sftfs;Sftfs
    R? sftlist;Application Virtualization Client
    R? Sftplay;Sftplay
    R? Sftredir;Sftredir
    R? Sftvol;Sftvol
    R? sftvsa;Application Virtualization Service Agent
    R? ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
    R? TomTomHOMEService;TomTomHOMEService
    R? UNS;Intel(R) Management & Security Application User Notification Service
    R? WatAdminSvc;Windows Activation Technologies Service
    R? wlcrasvc;Windows Live Mesh remote connections service
    S? BcmVWL;Broadcom Virtual Wireless
    S? gfibto;gfibto
    S? HECIx64;Intel(R) Management Engine Interface
    S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller
    S? PxHlpa64;PxHlpa64
    .
    =============== Created Last 30 ================
    .
    2014-07-19 22:50:34 -------- d-----w- C:\FRST
    2014-07-19 22:39:16 -------- d-----w- C:\ProgramData\788B23B92244C6B9DBB5C906F76891A9
    2014-07-19 21:13:15 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
    2014-07-19 21:12:52 43152 ----a-w- C:\Windows\avastSS.scr
    2014-07-19 20:43:23 -------- d-----w- C:\Users\Ed and Lou 2\AppData\Local\Adobe
    2014-07-18 16:01:25 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94E67583-ADBF-4E59-B6ED-E41357CBABC7}\mpengine.dll
    2014-07-17 16:59:34 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-07-10 21:37:36 -------- d-s---w- C:\Windows\System32\CompatTel
    2014-07-10 19:00:33 516096 ----a-w- C:\Windows\System32\aepdu.dll
    2014-07-10 19:00:33 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-07-10 18:52:16 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
    2014-06-27 20:32:20 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
    2014-06-26 21:42:49 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-06-26 21:41:57 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-06-26 21:41:57 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-06-26 21:41:57 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-06-26 21:41:57 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-06-26 21:41:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-20 22:57:57 -------- d-----w- C:\ProgramData\F321AC108F210EF99933826ED58525E0
    .
    ==================== Find3M ====================
    .
    2014-07-19 21:12:54 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2014-07-19 21:12:54 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
    2014-07-19 21:12:54 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-07-19 21:12:54 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2014-07-19 21:12:54 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2014-07-19 21:12:54 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2014-07-08 19:12:32 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-07-08 19:12:32 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    .
    ============= FINISH: 0:39:00.38 ===============

    aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
    Run date: 2014-07-20 00:48:03
    -----------------------------
    00:48:03.397 OS Version: Windows x64 6.1.7600
    00:48:03.397 Number of processors: 4 586 0x2505
    00:48:03.397 ComputerName: EDANDLOU2-PC UserName: Ed and Lou 2
    00:48:04.317 Initialize success
    00:48:04.349 VM: driver load error: 2
    00:48:06.579 AVAST engine defs: 14071901
    00:48:17.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    00:48:17.078 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
    00:48:17.172 Disk 0 MBR read successfully
    00:48:17.172 Disk 0 MBR scan
    00:48:17.718 Disk 0 Windows 7 default MBR code
    00:48:17.733 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
    00:48:17.952 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
    00:48:17.983 Disk 0 Boot: NTFS code=1
    00:48:18.139 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290143 MB offset 30926848
    00:48:18.326 Disk 0 scanning C:\Windows\system32\drivers
    00:48:29.433 Service scanning
    00:48:58.231 Modules scanning
    00:48:58.231 Disk 0 trace - called modules:
    00:48:58.262 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    00:48:58.262 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004be1060]
    00:48:58.262 3 CLASSPNP.SYS[fffff88001ad943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004902050]
    00:48:58.761 AVAST engine scan C:\Windows
    00:49:00.540 AVAST engine scan C:\Windows\system32
    00:51:10.301 AVAST engine scan C:\Windows\system32\drivers
    00:51:22.828 AVAST engine scan C:\Users\Ed and Lou 2
    01:10:25.118 AVAST engine scan C:\ProgramData
    01:14:49.525 Scan finished successfully
    01:15:56.205 Disk 0 MBR has been saved successfully to "C:\Users\Ed and Lou 2\Desktop\MBR.dat"
    01:15:56.205 The log file has been saved successfully to "C:\Users\Ed and Lou 2\Desktop\aswMBR.txt"
    Attached Files Attached Files

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Lets run a few programs

    Please download aswMBR to your desktop.

    • Double click the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • If you are asked to update the Avast Virus database please allow it to do so.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.


    I just want to see the report....Please Do Not Fix Anything



    ===========================================================



    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes






    ========================================================





    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member
    Join Date
    Mar 2008
    Location
    England
    Posts
    64

    Default

    Hello,

    Almost immediately after posting logs, I remembered previous advice and then ran MBAM (it's new to me so I forgot about it). It found the ransomware, and quarantined it. However, there seem to be a few knock-on effects.

    1. Upon startup a window pops up and warns that a DLL cannot be found, one presumably from the ransomware (I've attached a screenshot).
    2. I've unchecked Resident in S&D, but Teatimer still shows up in the application tray (am I getting confused?)
    3. I'm gettting a notification to address an issue with Windows Security Centre, and clicking on the boxes to turn it back on result in popup windows that say it cannot be started.

    I've included all log files requests except for the Additional.txt as with two MBAMs I exceeded 64000 characters.

    Many thanks,


    aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
    Run date: 2014-07-21 22:09:31
    -----------------------------
    22:09:31.291 OS Version: Windows x64 6.1.7600
    22:09:31.291 Number of processors: 4 586 0x2505
    22:09:31.291 ComputerName: EDANDLOU2-PC UserName: Ed and Lou 2
    22:09:32.617 Initialize success
    22:09:32.710 VM: initialized successfully
    22:09:32.726 VM: Intel CPU supported
    22:09:35.327 VM: supported disk I/O iaStor.sys
    22:09:39.945 AVAST engine defs: 14072101
    22:09:50.412 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:09:50.412 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
    22:09:50.537 VM: Disk 0 MBR read successfully
    22:09:50.537 Disk 0 MBR scan
    22:09:50.553 Disk 0 Windows 7 default MBR code
    22:09:50.568 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
    22:09:50.584 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
    22:09:50.599 Disk 0 Boot: NTFS code=1
    22:09:50.615 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290143 MB offset 30926848
    22:09:50.755 Disk 0 scanning C:\Windows\system32\drivers
    22:10:03.360 Service scanning
    22:10:38.289 Modules scanning
    22:10:38.289 Disk 0 trace - called modules:
    22:10:38.320 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    22:10:38.335 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c36060]
    22:10:38.335 3 CLASSPNP.SYS[fffff88001b7743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004954050]
    22:10:39.131 AVAST engine scan C:\Windows
    22:10:41.362 AVAST engine scan C:\Windows\system32
    22:13:22.292 AVAST engine scan C:\Windows\system32\drivers
    22:13:40.123 AVAST engine scan C:\Users\Ed and Lou 2
    22:38:28.438 AVAST engine scan C:\ProgramData
    22:44:26.521 Scan finished successfully
    22:50:33.605 Disk 0 MBR has been saved successfully to "C:\Users\Ed and Lou 2\Desktop\MBR.dat"
    22:50:33.621 The log file has been saved successfully to "C:\Users\Ed and Lou 2\Desktop\aswMBR.txt"


    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 20/07/2014

    Scan Time: 01:22:13
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.19.09
    Rootkit Database: v2014.07.17.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7
    CPU: x64
    File System: NTFS
    User: Ed and Lou 2

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 290070
    Time Elapsed: 9 min, 41 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    Trojan.Ransom.ED, C:\ProgramData\788B23B92244C6B9DBB5C906F76891A9\s6jffhw.cpp, Quarantined, [2f36851c7a013ef88e8f029c2dd47a86],

    Physical Sectors: 0
    (No malicious items detected)


    (end)



    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 21/07/2014

    Scan Time: 22:52:40
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.21.09
    Rootkit Database: v2014.07.17.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7
    CPU: x64
    File System: NTFS
    User: Ed and Lou 2

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 292955
    Time Elapsed: 12 min, 14 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
    Ran by Ed and Lou 2 (administrator) on EDANDLOU2-PC on 21-07-2014 23:13:16
    Running from C:\Users\Ed and Lou 2\Desktop
    Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
    Internet Explorer Version 9
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (Dropbox, Inc.) C:\Users\Ed and Lou 2\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    () C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-08] (Synaptics Incorporated)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-14] (Realtek Semiconductor)
    HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [DellSupportCenter] => c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
    HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-19] (AVAST Software)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-1729037807-3945438059-1432830009-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Ed and Lou 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autostart.lnk
    ShortcutTarget: autostart.lnk -> C:\PROGRA~3\788B23~1\s6jffhw.cpp (No File)
    Startup: C:\Users\Ed and Lou 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
    ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe (No File)
    Startup: C:\Users\Ed and Lou 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Ed and Lou 2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Ed and Lou 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
    ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
    ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
    ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
    ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
    ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
    ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120703223727.dll No File
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120703223727.dll No File
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab
    DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://bq.bp.2020.net/Core/Player/20...erAX_Win32.cab
    DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default
    FF DefaultSearchEngine: Bing
    FF Homepage: hxxp://www.google.co.uk/
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Extension: Lavasoft Search Plugin - C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-11-28]
    FF Extension: DownloadHelper - C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-28]
    FF Extension: Tube Enhancer Plus - C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2014-02-27]
    FF Extension: Modify Headers - C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2012-04-05]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-04]
    FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.co.uk/
    CHR DefaultSearchKeyword: google.co.uk
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Extension: (Google Docs) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-02]
    CHR Extension: (Google Drive) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-02]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-02]
    CHR Extension: (YouTube) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-02]
    CHR Extension: (Google Search) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-02]
    CHR Extension: (ProxMate - Improve your Internet!) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-03-02]
    CHR Extension: (Google Wallet) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
    CHR Extension: (Gmail) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-02]

    ==================== Services (Whitelisted) =================

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-19] (AVAST Software)
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-06-27] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-06-27] (Secunia)

    ==================== Drivers (Whitelisted) ====================

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-19] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-19] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-19] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-19] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-19] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-19] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-19] (AVAST Software)
    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-11-28] (GFI Software)
    R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-21] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    R3 aswVmm; \??\C:\Users\EDANDL~1\AppData\Local\Temp\aswVmm.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    U3 aswMBR; \??\C:\Users\EDANDL~1\AppData\Local\Temp\aswMBR.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-07-21 23:13 - 2014-07-21 23:13 - 00023162 _____ () C:\Users\Ed and Lou 2\Desktop\FRST.txt
    2014-07-21 23:11 - 2014-07-21 23:11 - 02090496 _____ (Farbar) C:\Users\Ed and Lou 2\Desktop\FRST64.exe
    2014-07-21 23:09 - 2014-07-21 23:09 - 00001138 _____ () C:\Users\Ed and Lou 2\Desktop\MBAM1.txt
    2014-07-21 23:07 - 2014-07-21 23:07 - 00001040 _____ () C:\Users\Ed and Lou 2\Desktop\MBAM2.txt
    2014-07-21 22:50 - 2014-07-21 22:50 - 00002109 _____ () C:\Users\Ed and Lou 2\Desktop\aswMBR.txt
    2014-07-21 22:50 - 2014-07-21 22:50 - 00000512 _____ () C:\Users\Ed and Lou 2\Desktop\MBR.dat
    2014-07-21 22:09 - 2014-07-21 22:09 - 05185536 _____ (AVAST Software) C:\Users\Ed and Lou 2\Desktop\aswMBR.exe
    2014-07-21 20:33 - 2014-07-21 21:42 - 00296730 _____ () C:\Users\Ed and Lou 2\Desktop\DLL Pic.bmp
    2014-07-20 00:35 - 2014-07-20 00:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    2014-07-20 00:35 - 2014-07-20 00:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT
    2014-07-20 00:05 - 2014-07-20 00:05 - 00030243 _____ () C:\ProgramData\RUNDLL32.EXE-4816-F.txt
    2014-07-19 23:50 - 2014-07-21 23:13 - 00000000 ____D () C:\FRST
    2014-07-19 23:39 - 2014-07-20 01:39 - 00000000 ____D () C:\ProgramData\788B23B92244C6B9DBB5C906F76891A9
    2014-07-19 22:13 - 2014-07-19 22:12 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-07-19 22:12 - 2014-07-19 22:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-07-17 17:59 - 2014-07-17 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-07-17 17:59 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-07-17 17:59 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-07-17 17:59 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-07-17 17:59 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-07-17 17:58 - 2014-07-17 17:59 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
    2014-07-11 22:43 - 2014-07-19 23:41 - 00000000 ____D () C:\Users\Ed and Lou 2\Desktop\GAMESHOW
    2014-07-10 22:37 - 2014-07-10 22:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-07-10 20:00 - 2014-07-01 02:56 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-07-10 20:00 - 2014-07-01 02:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-07-05 10:15 - 2014-07-05 10:20 - 00000000 ____D () C:\Users\Ed and Lou 2\Desktop\Phone Backup
    2014-07-04 20:03 - 2014-07-04 20:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-06-29 10:09 - 2014-06-29 10:09 - 00004341 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
    2014-06-27 21:32 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-06-26 22:42 - 2014-07-21 22:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-06-26 22:42 - 2014-06-26 22:42 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-06-26 22:42 - 2014-06-26 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-06-26 22:41 - 2014-06-26 22:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-26 22:41 - 2014-06-26 22:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-06-26 22:41 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-06-26 22:41 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-06-26 22:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

    ==================== One Month Modified Files and Folders =======

    2014-07-21 23:13 - 2014-07-21 23:13 - 00023162 _____ () C:\Users\Ed and Lou 2\Desktop\FRST.txt
    2014-07-21 23:13 - 2014-07-19 23:50 - 00000000 ____D () C:\FRST
    2014-07-21 23:12 - 2012-07-20 16:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-07-21 23:11 - 2014-07-21 23:11 - 02090496 _____ (Farbar) C:\Users\Ed and Lou 2\Desktop\FRST64.exe
    2014-07-21 23:09 - 2014-07-21 23:09 - 00001138 _____ () C:\Users\Ed and Lou 2\Desktop\MBAM1.txt
    2014-07-21 23:07 - 2014-07-21 23:07 - 00001040 _____ () C:\Users\Ed and Lou 2\Desktop\MBAM2.txt
    2014-07-21 23:02 - 2011-02-12 12:07 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-21 23:00 - 2009-07-14 05:51 - 00163149 _____ () C:\Windows\setupact.log
    2014-07-21 22:50 - 2014-07-21 22:50 - 00002109 _____ () C:\Users\Ed and Lou 2\Desktop\aswMBR.txt
    2014-07-21 22:50 - 2014-07-21 22:50 - 00000512 _____ () C:\Users\Ed and Lou 2\Desktop\MBR.dat
    2014-07-21 22:17 - 2014-06-26 22:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-21 22:09 - 2014-07-21 22:09 - 05185536 _____ (AVAST Software) C:\Users\Ed and Lou 2\Desktop\aswMBR.exe
    2014-07-21 21:56 - 2014-02-15 23:12 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Roaming\Audacity
    2014-07-21 21:56 - 2013-01-23 22:18 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Roaming\Dropbox
    2014-07-21 21:48 - 2009-07-14 06:10 - 01063588 _____ () C:\Windows\WindowsUpdate.log
    2014-07-21 21:42 - 2014-07-21 20:33 - 00296730 _____ () C:\Users\Ed and Lou 2\Desktop\DLL Pic.bmp
    2014-07-21 20:41 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-07-21 20:41 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-07-21 20:38 - 2010-10-04 22:17 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{991DD349-1CA5-4023-A8EE-0372A0D9409B}
    2014-07-21 20:33 - 2014-05-03 07:34 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Roaming\DropboxMaster
    2014-07-21 20:33 - 2013-01-23 22:21 - 00000000 ___RD () C:\Users\Ed and Lou 2\Dropbox
    2014-07-21 20:33 - 2012-11-27 23:19 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-07-21 20:32 - 2011-02-12 12:07 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-21 20:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-07-21 20:31 - 2010-08-25 00:06 - 00916698 _____ () C:\Windows\PFRO.log
    2014-07-20 01:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-07-20 01:39 - 2014-07-19 23:39 - 00000000 ____D () C:\ProgramData\788B23B92244C6B9DBB5C906F76891A9
    2014-07-20 00:35 - 2014-07-20 00:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    2014-07-20 00:35 - 2014-07-20 00:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT
    2014-07-20 00:35 - 2012-07-18 17:11 - 00000000 ____D () C:\Windows\ERDNT
    2014-07-20 00:05 - 2014-07-20 00:05 - 00030243 _____ () C:\ProgramData\RUNDLL32.EXE-4816-F.txt
    2014-07-19 23:41 - 2014-07-11 22:43 - 00000000 ____D () C:\Users\Ed and Lou 2\Desktop\GAMESHOW
    2014-07-19 22:42 - 2014-02-27 22:43 - 00000000 ____D () C:\Tube Enhancer Plus
    2014-07-19 22:14 - 2013-10-31 10:26 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-07-19 22:13 - 2012-11-27 23:20 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-07-19 22:12 - 2014-07-19 22:13 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-07-19 22:12 - 2014-07-19 22:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-07-19 22:12 - 2014-02-20 23:54 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-07-19 22:12 - 2013-03-18 21:43 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-07-19 22:12 - 2013-03-18 21:43 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-07-19 22:12 - 2012-11-27 23:20 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-07-19 22:12 - 2012-11-27 23:20 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-07-19 22:12 - 2012-11-27 23:19 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-07-19 22:12 - 2012-11-27 23:19 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-07-19 21:54 - 2010-08-27 21:06 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Roaming\SoftGrid Client
    2014-07-18 22:54 - 2013-03-02 13:23 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-07-17 18:19 - 2014-02-01 11:42 - 00000000 ____D () C:\ProgramData\Oracle
    2014-07-17 17:59 - 2014-07-17 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-07-17 17:59 - 2014-07-17 17:58 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
    2014-07-17 17:59 - 2013-03-14 08:26 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-07-16 21:13 - 2011-01-11 20:43 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Roaming\vlc
    2014-07-13 23:58 - 2012-07-20 16:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-07-11 03:02 - 2014-07-17 17:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-07-11 02:56 - 2014-07-17 17:59 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-07-11 02:56 - 2014-07-17 17:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-07-11 02:55 - 2014-07-17 17:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-07-10 22:37 - 2014-07-10 22:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-07-10 22:37 - 2013-08-01 21:42 - 00000000 ____D () C:\Windows\system32\MRT
    2014-07-10 22:35 - 2010-08-31 10:15 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-07-08 21:37 - 2010-08-28 08:38 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Roaming\Skype
    2014-07-08 20:12 - 2012-07-20 16:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-07-08 20:12 - 2012-04-02 08:10 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-07-08 20:12 - 2011-11-18 18:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-07-08 18:04 - 2013-05-30 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2014-07-06 16:11 - 2009-07-14 03:34 - 00449915 ____R () C:\Windows\system32\Drivers\etc\hosts.20140712-064746.backup
    2014-07-05 10:20 - 2014-07-05 10:15 - 00000000 ____D () C:\Users\Ed and Lou 2\Desktop\Phone Backup
    2014-07-05 08:56 - 2009-07-14 06:13 - 00005392 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-07-04 20:03 - 2014-07-04 20:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-07-01 02:56 - 2014-07-10 20:00 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-07-01 02:50 - 2014-07-10 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-06-29 10:09 - 2014-06-29 10:09 - 00004341 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
    2014-06-27 02:57 - 2011-02-12 12:07 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-06-27 02:57 - 2011-02-12 12:07 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-06-26 22:42 - 2014-06-26 22:42 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-06-26 22:42 - 2014-06-26 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-06-26 22:42 - 2014-06-26 22:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-26 22:41 - 2014-06-26 22:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-06-26 21:53 - 2009-07-14 03:34 - 00449915 ____R () C:\Windows\system32\Drivers\etc\hosts.20140706-161119.backup
    2014-06-26 21:47 - 2014-06-20 23:57 - 00000000 ____D () C:\ProgramData\F321AC108F210EF99933826ED58525E0
    2014-06-21 00:13 - 2009-07-14 03:34 - 00449915 ____R () C:\Windows\system32\Drivers\etc\hosts.20140626-215315.backup

    Some content of TEMP:
    ====================
    C:\Users\Ed and Lou 2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppgwuic.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-07-18 17:25

    ==================== End Of Log ============================








    DLL Pic.jpg

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    I see the entry for the error from ransomeware on your FRST, but I need you to post the additions log also as there may be more to remove
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Member
    Join Date
    Mar 2008
    Location
    England
    Posts
    64

    Default

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
    Ran by Ed and Lou 2 at 2014-07-21 23:14:15
    Running from C:\Users\Ed and Lou 2\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================


    ==================== Installed Programs ======================

    AC3Filter 1.62b (HKLM-x32\...\AC3Filter_is1) (Version: 1.62b - Alexander Vigovsky)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
    Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11,2,392,0 - Adobe Systems Incorporated)
    Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)
    Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
    Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
    DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
    ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
    Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.650 - Oracle)
    Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
    Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (Version: 1.1.500.0 - Microsoft Corporation) Hidden
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.5123.5005 - Microsoft Corporation)
    Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.2 - Dell Inc.)
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
    Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
    Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
    Secunia PSI (3.0.0.2004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.2004 - Secunia)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8312 - Skype Technologies S.A.)
    Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.20.0 - Synaptics Incorporated)
    TomTom HOME 2.8.1.2218 (HKLM-x32\...\TomTom HOME) (Version: 2.8.1.2218 - TomTom)
    TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Visual Studio C++ 9.0 Runtime (HKLM-x32\...\{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}) (Version: 1.0.0 - TomTom International B.V.)
    VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN)
    WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    ==================== Restore Points =========================

    Could not list Restore Points. Check "winmgmt" service or repair WMI.


    ==================== Hosts content: ==========================

    2009-07-14 03:34 - 2014-07-12 06:47 - 00449915 ____R C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 www.123fporn.info
    127.0.0.1 123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    Task: {679BF396-A3E5-462F-8BC0-E96E4F4A64EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12] (Google Inc.)
    Task: {79F94D2B-EDA2-445B-81BC-76297DE269F6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
    Task: {81DCD538-AD3D-4D8E-A88F-71E265473207} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
    Task: {AA11C434-D979-44B7-9F2B-EACC83FD024F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12] (Google Inc.)
    Task: {B0406793-82DF-487D-961A-E943A802EB13} - System32\Tasks\{9399B6F6-5579-4FB9-8B5D-D050D833BD88} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
    Task: {B1A32DBB-B5E4-4295-88E3-9CCFB363512C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {D5C34925-43A5-43E4-B4BE-35F09A444BA1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
    Task: {D83489D4-AD7C-485A-B6DA-FA626317C67C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-19] (AVAST Software)
    Task: {DB978A67-8D8F-43F9-A0B6-E8140C6C4291} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2009-10-14 14:36 - 2009-10-14 14:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    2009-10-14 14:34 - 2009-10-14 14:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    2014-07-19 22:12 - 2014-07-19 22:12 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2014-07-20 09:46 - 2014-07-20 09:46 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14072000\algo.dll
    2014-07-21 20:35 - 2014-07-21 20:35 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14072101\algo.dll
    2014-07-21 20:32 - 2014-07-21 20:32 - 00043008 _____ () c:\Users\Ed and Lou 2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppgwuic.dll
    2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Ed and Lou 2\AppData\Roaming\Dropbox\bin\libcef.dll
    2014-07-19 22:12 - 2014-07-19 22:12 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== EXE Association (whitelisted) =============


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Password 2.lnk => C:\Windows\pss\Password 2.lnk.CommonStartup
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: Update => C:\Users\Ed and Lou 2\AppData\Roaming\toip0_tmp.exe

    ==================== Faulty Device Manager Devices =============

    Could not list Devices. Check "winmgmt" service or repair WMI.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/21/2014 09:04:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80004005

    Error: (07/21/2014 08:53:28 PM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

    Error: (07/21/2014 08:51:58 PM) (Source: SideBySide) (EventID: 75) (User: )
    Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
    Multiple requestedPrivileges elements are not allowed in manifest.

    Error: (07/20/2014 10:43:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1270

    Start Time: 01cfa3fbcdfa6f7b

    Termination Time: 0

    Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

    Report Id: 494a7a4a-0ff2-11e4-bd9e-f04da2455c98

    Error: (07/20/2014 10:04:57 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80004005

    Error: (07/19/2014 00:07:45 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80004005

    Error: (07/19/2014 11:36:00 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

    Error: (07/19/2014 11:34:03 AM) (Source: SideBySide) (EventID: 75) (User: )
    Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
    Multiple requestedPrivileges elements are not allowed in manifest.

    Error: (07/19/2014 11:08:06 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80004005

    Error: (07/18/2014 11:31:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: f48

    Start Time: 01cfa2ab7cc0a8aa

    Termination Time: 0

    Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

    Report Id: 3367b63f-0ecb-11e4-8024-f04da2455c98


    System errors:
    =============
    Error: (07/21/2014 10:27:31 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

    Error: (07/21/2014 09:59:11 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

    Error: (07/21/2014 09:58:52 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

    Error: (07/21/2014 08:36:25 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

    Error: (07/21/2014 08:32:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error:
    %%1075

    Error: (07/21/2014 08:32:50 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

    Error: (07/21/2014 08:32:48 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The Internet Connection Sharing (ICS) service depends the following service: winmgmt. This service might not be installed.

    Error: (07/21/2014 08:32:10 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The IP Helper service depends the following service: winmgmt. This service might not be installed.

    Error: (07/20/2014 09:47:05 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

    Error: (07/20/2014 09:42:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error:
    %%1075


    Microsoft Office Sessions:
    =========================
    Error: (07/21/2014 09:04:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80004005

    Error: (07/21/2014 08:53:28 PM) (Source: SideBySide) (EventID: 63) (User: )
    Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

    Error: (07/21/2014 08:51:58 PM) (Source: SideBySide) (EventID: 75) (User: )
    Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

    Error: (07/20/2014 10:43:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe9.0.8112.16476127001cfa3fbcdfa6f7b0C:\Program Files (x86)\Internet Explorer\iexplore.exe494a7a4a-0ff2-11e4-bd9e-f04da2455c98

    Error: (07/20/2014 10:04:57 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80004005

    Error: (07/19/2014 00:07:45 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80004005

    Error: (07/19/2014 11:36:00 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

    Error: (07/19/2014 11:34:03 AM) (Source: SideBySide) (EventID: 75) (User: )
    Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

    Error: (07/19/2014 11:08:06 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80004005

    Error: (07/18/2014 11:31:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe9.0.8112.16476f4801cfa2ab7cc0a8aa0C:\Program Files (x86)\Internet Explorer\iexplore.exe3367b63f-0ecb-11e4-8024-f04da2455c98


    CodeIntegrity Errors:
    ===================================
    Date: 2012-07-18 22:51:12.309
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-07-18 22:51:12.231
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Percentage of memory in use: 56%
    Total physical RAM: 3892.52 MB
    Available physical RAM: 1707.46 MB
    Total Pagefile: 7783.15 MB
    Available Pagefile: 5454.15 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:151.66 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: F6996217)
    Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
    Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt. (it has to be right next to FRST/64)

    Start
    ShortcutTarget: autostart.lnk -> C:\PROGRA~3\788B23~1\s6jffhw.cpp (No File)
    2014-07-06 16:11 - 2009-07-14 03:34 - 00449915 ____R () C:\Windows\system32\Drivers\etc\hosts.20140712-064746.backup
    2014-06-26 21:53 - 2009-07-14 03:34 - 00449915 ____R () C:\Windows\system32\Drivers\etc\hosts.20140706-161119.backup
    2014-06-21 00:13 - 2009-07-14 03:34 - 00449915 ____R () C:\Windows\system32\Drivers\etc\hosts.20140626-215315.backup
    MSCONFIG\startupreg: Update => C:\Users\Ed and Lou 2\AppData\Roaming\toip0_tmp.exe
    Hosts:
    Reboot:
    End
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Then open FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Then run a new scan with FRST and post the log and let me know how things are running now ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Member
    Join Date
    Mar 2008
    Location
    England
    Posts
    64

    Default

    Hello,

    I did the fix, and re-ran FRST. Logs below. Up re-start, the same DLL warning came up, and I've checked to see if I can run Windows Security Centre, but I can't.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2014
    Ran by Ed and Lou 2 at 2014-07-22 21:23:23 Run:2
    Running from C:\Users\Ed and Lou 2\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    ShortcutTarget: autostart.lnk -> C:\PROGRA~3\788B23~1\s6jffhw.cpp (No File)
    2014-07-06 16:11 - 2009-07-14 03:34 - 00449915 ____R () C:\Windows\system32\Drivers\etc\hosts.20140712-064746.backup
    2014-06-26 21:53 - 2009-07-14 03:34 - 00449915 ____R () C:\Windows\system32\Drivers\etc\hosts.20140706-161119.backup
    2014-06-21 00:13 - 2009-07-14 03:34 - 00449915 ____R () C:\Windows\system32\Drivers\etc\hosts.20140626-215315.backup
    MSCONFIG\startupreg: Update => C:\Users\Ed and Lou 2\AppData\Roaming\toip0_tmp.exe
    Hosts:
    Reboot:
    End
    *****************

    C:\PROGRA~3\788B23~1\s6jffhw.cpp not found.
    C:\Windows\system32\Drivers\etc\hosts.20140712-064746.backup => Moved successfully.
    C:\Windows\system32\Drivers\etc\hosts.20140706-161119.backup => Moved successfully.
    C:\Windows\system32\Drivers\etc\hosts.20140626-215315.backup => Moved successfully.
    MSCONFIG\startupreg: Update => C:\Users\Ed and Lou 2\AppData\Roaming\toip0_tmp.exe => Error: No automatic fix found for this entry.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.


    The system needed a reboot.

    ==== End of Fixlog ====


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
    Ran by Ed and Lou 2 (administrator) on EDANDLOU2-PC on 22-07-2014 21:26:53
    Running from C:\Users\Ed and Lou 2\Desktop
    Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
    Internet Explorer Version 9
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (Dropbox, Inc.) C:\Users\Ed and Lou 2\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    () C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-08] (Synaptics Incorporated)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-14] (Realtek Semiconductor)
    HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [DellSupportCenter] => c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
    HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-19] (AVAST Software)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-1729037807-3945438059-1432830009-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Ed and Lou 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autostart.lnk
    ShortcutTarget: autostart.lnk -> C:\PROGRA~3\788B23~1\s6jffhw.cpp (No File)
    Startup: C:\Users\Ed and Lou 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
    ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe (No File)
    Startup: C:\Users\Ed and Lou 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Ed and Lou 2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Ed and Lou 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
    ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
    ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
    ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
    ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
    ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
    ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120703223727.dll No File
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120703223727.dll No File
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab
    DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://bq.bp.2020.net/Core/Player/20...erAX_Win32.cab
    DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default
    FF DefaultSearchEngine: Bing
    FF Homepage: hxxp://www.google.co.uk/
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Extension: Lavasoft Search Plugin - C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-11-28]
    FF Extension: DownloadHelper - C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-28]
    FF Extension: Tube Enhancer Plus - C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2014-02-27]
    FF Extension: Modify Headers - C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2012-04-05]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-04]
    FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.co.uk/
    CHR DefaultSearchKeyword: google.co.uk
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Extension: (Google Docs) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-02]
    CHR Extension: (Google Drive) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-02]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-02]
    CHR Extension: (YouTube) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-02]
    CHR Extension: (Google Search) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-02]
    CHR Extension: (ProxMate - Improve your Internet!) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-03-02]
    CHR Extension: (Google Wallet) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
    CHR Extension: (Gmail) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-02]

    ==================== Services (Whitelisted) =================

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-19] (AVAST Software)
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-06-27] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-06-27] (Secunia)

    ==================== Drivers (Whitelisted) ====================

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-19] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-19] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-19] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-19] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-19] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-19] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-19] (AVAST Software)
    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-11-28] (GFI Software)
    R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    S3 aswVmm; \??\C:\Users\EDANDL~1\AppData\Local\Temp\aswVmm.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-07-22 21:26 - 2014-07-22 21:27 - 00022829 _____ () C:\Users\Ed and Lou 2\Desktop\FRST.txt
    2014-07-22 21:22 - 2014-07-22 21:22 - 02090496 _____ (Farbar) C:\Users\Ed and Lou 2\Desktop\FRST64.exe
    2014-07-22 13:00 - 2014-07-22 13:00 - 00000000 _____ () C:\Users\Ed and Lou 2\Desktop\Heateam 00de698840.txt
    2014-07-20 00:35 - 2014-07-20 00:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    2014-07-20 00:35 - 2014-07-20 00:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT
    2014-07-20 00:05 - 2014-07-20 00:05 - 00030243 _____ () C:\ProgramData\RUNDLL32.EXE-4816-F.txt
    2014-07-19 23:50 - 2014-07-22 21:27 - 00000000 ____D () C:\FRST
    2014-07-19 23:39 - 2014-07-20 01:39 - 00000000 ____D () C:\ProgramData\788B23B92244C6B9DBB5C906F76891A9
    2014-07-19 22:13 - 2014-07-19 22:12 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-07-19 22:12 - 2014-07-19 22:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-07-17 17:59 - 2014-07-17 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-07-17 17:59 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-07-17 17:59 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-07-17 17:59 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-07-17 17:59 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-07-17 17:58 - 2014-07-17 17:59 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
    2014-07-11 22:43 - 2014-07-19 23:41 - 00000000 ____D () C:\Users\Ed and Lou 2\Desktop\GAMESHOW
    2014-07-10 22:37 - 2014-07-10 22:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-07-10 20:00 - 2014-07-01 02:56 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-07-10 20:00 - 2014-07-01 02:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-07-05 10:15 - 2014-07-05 10:20 - 00000000 ____D () C:\Users\Ed and Lou 2\Desktop\Phone Backup
    2014-07-04 20:03 - 2014-07-04 20:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-06-29 10:09 - 2014-06-29 10:09 - 00004341 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
    2014-06-27 21:32 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-06-26 22:42 - 2014-07-22 21:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-06-26 22:42 - 2014-06-26 22:42 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-06-26 22:42 - 2014-06-26 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-06-26 22:41 - 2014-06-26 22:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-26 22:41 - 2014-06-26 22:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-06-26 22:41 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-06-26 22:41 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-06-26 22:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

    ==================== One Month Modified Files and Folders =======

    2014-07-22 21:28 - 2014-07-22 21:26 - 00022829 _____ () C:\Users\Ed and Lou 2\Desktop\FRST.txt
    2014-07-22 21:27 - 2014-07-19 23:50 - 00000000 ____D () C:\FRST
    2014-07-22 21:26 - 2013-01-23 22:18 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Roaming\Dropbox
    2014-07-22 21:25 - 2014-05-03 07:34 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Roaming\DropboxMaster
    2014-07-22 21:25 - 2013-01-23 22:21 - 00000000 ___RD () C:\Users\Ed and Lou 2\Dropbox
    2014-07-22 21:24 - 2011-02-12 12:07 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-22 21:24 - 2010-08-25 00:06 - 00917882 _____ () C:\Windows\PFRO.log
    2014-07-22 21:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-07-22 21:24 - 2009-07-14 05:51 - 00163429 _____ () C:\Windows\setupact.log
    2014-07-22 21:23 - 2009-07-14 06:10 - 01111383 _____ () C:\Windows\WindowsUpdate.log
    2014-07-22 21:22 - 2014-07-22 21:22 - 02090496 _____ (Farbar) C:\Users\Ed and Lou 2\Desktop\FRST64.exe
    2014-07-22 21:20 - 2010-10-04 22:17 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{991DD349-1CA5-4023-A8EE-0372A0D9409B}
    2014-07-22 21:12 - 2012-07-20 16:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-07-22 21:04 - 2014-06-26 22:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-22 21:02 - 2011-02-12 12:07 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-22 20:58 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-07-22 20:58 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-07-22 20:50 - 2012-11-27 23:19 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-07-22 20:48 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-07-22 13:00 - 2014-07-22 13:00 - 00000000 _____ () C:\Users\Ed and Lou 2\Desktop\Heateam 00de698840.txt
    2014-07-21 21:56 - 2014-02-15 23:12 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Roaming\Audacity
    2014-07-20 01:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-07-20 01:39 - 2014-07-19 23:39 - 00000000 ____D () C:\ProgramData\788B23B92244C6B9DBB5C906F76891A9
    2014-07-20 00:35 - 2014-07-20 00:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    2014-07-20 00:35 - 2014-07-20 00:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT
    2014-07-20 00:35 - 2012-07-18 17:11 - 00000000 ____D () C:\Windows\ERDNT
    2014-07-20 00:05 - 2014-07-20 00:05 - 00030243 _____ () C:\ProgramData\RUNDLL32.EXE-4816-F.txt
    2014-07-19 23:41 - 2014-07-11 22:43 - 00000000 ____D () C:\Users\Ed and Lou 2\Desktop\GAMESHOW
    2014-07-19 22:42 - 2014-02-27 22:43 - 00000000 ____D () C:\Tube Enhancer Plus
    2014-07-19 22:14 - 2013-10-31 10:26 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-07-19 22:13 - 2012-11-27 23:20 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-07-19 22:12 - 2014-07-19 22:13 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-07-19 22:12 - 2014-07-19 22:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-07-19 22:12 - 2014-02-20 23:54 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-07-19 22:12 - 2013-03-18 21:43 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-07-19 22:12 - 2013-03-18 21:43 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-07-19 22:12 - 2012-11-27 23:20 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-07-19 22:12 - 2012-11-27 23:20 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-07-19 22:12 - 2012-11-27 23:19 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-07-19 22:12 - 2012-11-27 23:19 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-07-19 21:54 - 2010-08-27 21:06 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Roaming\SoftGrid Client
    2014-07-18 22:54 - 2013-03-02 13:23 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-07-17 18:19 - 2014-02-01 11:42 - 00000000 ____D () C:\ProgramData\Oracle
    2014-07-17 17:59 - 2014-07-17 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-07-17 17:59 - 2014-07-17 17:58 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
    2014-07-17 17:59 - 2013-03-14 08:26 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-07-16 21:13 - 2011-01-11 20:43 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Roaming\vlc
    2014-07-13 23:58 - 2012-07-20 16:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-07-11 03:02 - 2014-07-17 17:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-07-11 02:56 - 2014-07-17 17:59 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-07-11 02:56 - 2014-07-17 17:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-07-11 02:55 - 2014-07-17 17:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-07-10 22:37 - 2014-07-10 22:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-07-10 22:37 - 2013-08-01 21:42 - 00000000 ____D () C:\Windows\system32\MRT
    2014-07-10 22:35 - 2010-08-31 10:15 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-07-08 21:37 - 2010-08-28 08:38 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Roaming\Skype
    2014-07-08 20:12 - 2012-07-20 16:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-07-08 20:12 - 2012-04-02 08:10 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-07-08 20:12 - 2011-11-18 18:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-07-08 18:04 - 2013-05-30 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2014-07-05 10:20 - 2014-07-05 10:15 - 00000000 ____D () C:\Users\Ed and Lou 2\Desktop\Phone Backup
    2014-07-05 08:56 - 2009-07-14 06:13 - 00005392 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-07-04 20:03 - 2014-07-04 20:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-07-01 02:56 - 2014-07-10 20:00 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-07-01 02:50 - 2014-07-10 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-06-29 10:09 - 2014-06-29 10:09 - 00004341 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
    2014-06-27 02:57 - 2011-02-12 12:07 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-06-27 02:57 - 2011-02-12 12:07 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-06-26 22:42 - 2014-06-26 22:42 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-06-26 22:42 - 2014-06-26 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-06-26 22:42 - 2014-06-26 22:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-26 22:41 - 2014-06-26 22:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-06-26 21:47 - 2014-06-20 23:57 - 00000000 ____D () C:\ProgramData\F321AC108F210EF99933826ED58525E0

    Some content of TEMP:
    ====================
    C:\Users\Ed and Lou 2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0c0se_.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-07-18 17:25

    ==================== End Of Log ============================

  8. #8
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Give this a try

    Download AutoRuns and save it to your Desktop.
    • Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there.
    • Open the folder and double-click on autoruns.exe to launch it.Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Please be patient as it scans and populates the entries.
    • When finished scanning, it will say Ready at the bottom.
    • In the top menu, click File > Find... and type the file name (s6jffhw.cpp) related to the error message, then click Find Next.
      Alternatively, you can scroll through the list and look for any entry related to s6jffhw.cpp
    • If found, right-click on the entry and choose delete.
    • Exit Autoruns and reboot your computer when done.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Member
    Join Date
    Mar 2008
    Location
    England
    Posts
    64

    Default

    Hello, there is no DLL warning for the .cpp file.

    I've tried the Security Centre notification, and it still won't let me.

  10. #10
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    You will need the 64 bit version of this program

    Download and Run SystemLook

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    64 Bit Version

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :regfind
      788B23~1
      s6jffhw.cpp
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •