View Full Version : Repeated registry hijack
On loading, persist registry notice to from publisher microsoft. When cancelled, immediately pops up again. Suspected as not real as website visited had no need to make registry change, and nothing running other than IE.
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.55.2
Run by Ed and Lou 2 at 2:43:02 on 2014-06-21
.
============== Running Processes ================
.
C:\Program Files (x86)\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bq.bp.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{D34D4A84-3E9D-40D5-A6D9-93A100A1B04F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D34D4A84-3E9D-40D5-A6D9-93A100A1B04F}\A5978554C4F57303932357B656 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - <no file>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R? AERTFilters;Andrea RT Filters Service
R? aswMonFlt;aswMonFlt
R? aswRvrt;avast! Revert
R? aswSnx;aswSnx
R? aswSP;aswSP
R? aswStm;aswStm
R? aswVmm;avast! VM Monitor
R? avast! Antivirus;avast! Antivirus
R? btusbflt;Bluetooth USB Filter
R? btwl2cap;Bluetooth L2CAP Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? CtClsFlt;Creative Camera Class Upper Filter Driver
R? cvhsvc;Client Virtualization Handler
R? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
R? DockLoginService;Dock Login Service
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? Impcd;Impcd
R? IntcDAud;Intel(R) Display Audio
R? LVPr2M64;Logitech LVPr2M64 Driver
R? LVPrcS64;Process Monitor
R? LVRS64;Logitech RightSound Filter Driver
R? LVUVC64;Logitech QuickCam E3500(UVC)
R? PSI;PSI
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? SBSDWSCService;SBSD Security Center Service
R? Secunia PSI Agent;Secunia PSI Agent
R? Secunia Update Agent;Secunia Update Agent
R? Sftfs;Sftfs
R? sftlist;Application Virtualization Client
R? Sftplay;Sftplay
R? Sftredir;Sftredir
R? Sftvol;Sftvol
R? sftvsa;Application Virtualization Service Agent
R? ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
R? TomTomHOMEService;TomTomHOMEService
R? UNS;Intel(R) Management & Security Application User Notification Service
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
S? BcmVWL;Broadcom Virtual Wireless
S? gfibto;gfibto
S? HECIx64;Intel(R) Management Engine Interface
S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller
S? PxHlpa64;PxHlpa64
.
=============== Created Last 30 ================
.
2014-06-20 22:57:57 -------- d-----w- C:\ProgramData\F321AC108F210EF99933826ED58525E0
2014-06-20 17:11:35 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3F725DB0-184E-4874-9064-8E3D05C5FC3F}\mpengine.dll
2014-06-19 16:46:29 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-05-28 15:58:15 -------- d-----w- C:\Users\Ed and Lou 2\AppData\Local\Skype
.
==================== Find3M ====================
.
2014-05-29 22:39:11 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-29 22:39:11 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-03 06:45:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-16 03:02:58 354656 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2014-03-31 08:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 2:45:34.78 ===============
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-06-21 02:51:05
-----------------------------
02:51:05.970 OS Version: Windows x64 6.1.7600
02:51:05.970 Number of processors: 4 586 0x2505
02:51:05.970 ComputerName: EDANDLOU2-PC UserName: Ed and Lou 2
02:51:06.937 Initialize success
02:51:06.984 VM: driver load error: 2
02:51:09.339 AVAST engine defs: 14062001
02:51:19.760 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:51:19.760 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
02:51:19.869 Disk 0 MBR read successfully
02:51:19.869 Disk 0 MBR scan
02:51:20.244 Disk 0 Windows 7 default MBR code
02:51:20.259 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
02:51:20.446 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
02:51:20.446 Disk 0 Boot: NTFS code=1
02:51:20.587 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290143 MB offset 30926848
02:51:20.758 Disk 0 scanning C:\Windows\system32\drivers
02:51:32.115 Service scanning
02:52:01.116 Modules scanning
02:52:01.116 Disk 0 trace - called modules:
02:52:01.147 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
02:52:01.162 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004be1060]
02:52:01.162 3 CLASSPNP.SYS[fffff88001b3b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80048f6050]
02:52:01.630 AVAST engine scan C:\Windows
02:52:03.378 AVAST engine scan C:\Windows\system32
02:54:16.103 AVAST engine scan C:\Windows\system32\drivers
02:54:28.941 AVAST engine scan C:\Users\Ed and Lou 2
02:57:07.875 Disk 0 MBR has been saved successfully to "C:\Users\Ed and Lou 2\Desktop\MBR.dat"
02:57:07.875 The log file has been saved successfully to "C:\Users\Ed and Lou 2\Desktop\aswMBR.txt"
shelf life
2014-06-26, 03:42
hi eddyb,
I really don't think that message is malware related. Do you get it when you boot up the machine or at random times? I assume that's a message from Spybot with the allow or cancel options?
The message shows up a minute into booting up. The window is titled "User account control" and no matter how many times I click "No". It immediately pops back up.
So should I click yes and deal with the fall out if it is a bit of mal-ware?Quick phone photo to help attached ( I know about screenshots, but did not have time at home today).
Thanks!
11602
shelf life
2014-06-26, 23:41
Hi,
Go ahead and click yes to allow the change. Might just be a 32bit file on a 64bit system or the other way around. Have you installed any software lately?
Use your machine like you normally do, then post a new DDS log as a comparison. You can also get the free version of MBAM while your at it to keep and use as another antimalware app:
These directions are old, the MBAM gui has changed but you should be able to manage it:
Please download the free version of Malwarebytes (http://www.malwarebytes.org/products/malwarebytes_free) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
Hello, I will follow the above instructions. When booting up, I expected the same dialogue box, but up popped a new one, with a file path and "Could not load" as it contains a virus.
Have updated Search and Destroy, am running a scan, and will re-boot with a screenshot of dialogue box, results from scan, as well as your instructions.
Many thanks, am working on it tonight.
Hello,
-I ran Spybot Search and Destroy, updated, and nothing found.
-I rebooted to try to get the dialogue box with 'virus' found but it did not re-appear.
-I tried to run avast! (my main virus scanner, scheduled to run weekly on a full scan) but a dialogue box says "This program is blocked by group policy" even when I try to run it as an adminstrator on a right click menu. This laptop I have used less, now that I have a work laptop (but others use it) and I do not know the last time a full scan was run.
-I downloaded and ran MBAM, and nothing was found.
-ASWmbr is still running but not adding to logfile. New files it is scanning appearin the dialogue box, but not the logfile.
aswMBR [in message]
MBAM.txt [in message]
DDS [in message] + attach.txt [attached]
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-06-26 23:11:46
-----------------------------
23:11:46.452 OS Version: Windows x64 6.1.7600
23:11:46.452 Number of processors: 4 586 0x2505
23:11:46.468 ComputerName: EDANDLOU2-PC UserName: Ed and Lou 2
23:11:48.792 Initialize success
23:11:48.917 VM: initialized successfully
23:11:48.948 VM: Intel CPU supported
23:11:51.830 VM: supported disk I/O iaStor.sys
23:11:56.807 AVAST engine defs: 14062602
23:11:59.661 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:11:59.661 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
23:11:59.786 VM: Disk 0 MBR read successfully
23:11:59.802 Disk 0 MBR scan
23:11:59.802 Disk 0 Windows 7 default MBR code
23:11:59.817 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
23:11:59.849 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
23:11:59.849 Disk 0 Boot: NTFS code=1
23:11:59.864 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290143 MB offset 30926848
23:11:59.989 Disk 0 scanning C:\Windows\system32\drivers
23:12:12.765 Service scanning
23:12:47.088 Modules scanning
23:12:47.088 Disk 0 trace - called modules:
23:12:47.135 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:12:47.150 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c31060]
23:12:47.150 3 CLASSPNP.SYS[fffff88001a5843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004942050]
23:12:47.962 AVAST engine scan C:\Windows
23:12:50.192 AVAST engine scan C:\Windows\system32
23:15:27.113 AVAST engine scan C:\Windows\system32\drivers
23:15:42.557 AVAST engine scan C:\Users\Ed and Lou 2
23:17:59.260 Disk 0 MBR has been saved successfully to "C:\Users\Ed and Lou 2\Desktop\MBR.dat"
23:17:59.260 The log file has been saved successfully to "C:\Users\Ed and Lou 2\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-06-26 23:11:46
-----------------------------
23:11:46.452 OS Version: Windows x64 6.1.7600
23:11:46.452 Number of processors: 4 586 0x2505
23:11:46.468 ComputerName: EDANDLOU2-PC UserName: Ed and Lou 2
23:11:48.792 Initialize success
23:11:48.917 VM: initialized successfully
23:11:48.948 VM: Intel CPU supported
23:11:51.830 VM: supported disk I/O iaStor.sys
23:11:56.807 AVAST engine defs: 14062602
23:11:59.661 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:11:59.661 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
23:11:59.786 VM: Disk 0 MBR read successfully
23:11:59.802 Disk 0 MBR scan
23:11:59.802 Disk 0 Windows 7 default MBR code
23:11:59.817 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
23:11:59.849 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
23:11:59.849 Disk 0 Boot: NTFS code=1
23:11:59.864 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290143 MB offset 30926848
23:11:59.989 Disk 0 scanning C:\Windows\system32\drivers
23:12:12.765 Service scanning
23:12:47.088 Modules scanning
23:12:47.088 Disk 0 trace - called modules:
23:12:47.135 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:12:47.150 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c31060]
23:12:47.150 3 CLASSPNP.SYS[fffff88001a5843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004942050]
23:12:47.962 AVAST engine scan C:\Windows
23:12:50.192 AVAST engine scan C:\Windows\system32
23:15:27.113 AVAST engine scan C:\Windows\system32\drivers
23:15:42.557 AVAST engine scan C:\Users\Ed and Lou 2
23:17:59.260 Disk 0 MBR has been saved successfully to "C:\Users\Ed and Lou 2\Desktop\MBR.dat"
23:17:59.260 The log file has been saved successfully to "C:\Users\Ed and Lou 2\Desktop\aswMBR.txt"
23:24:44.252 Disk 0 MBR has been saved successfully to "C:\Users\Ed and Lou 2\Desktop\MBR.dat"
23:24:44.252 The log file has been saved successfully to "C:\Users\Ed and Lou 2\Desktop\aswMBR.txt"
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 26/06/2014
Scan Time: 22:44:51
Logfile: scan.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.06.26.09
Rootkit Database: v2014.06.23.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7
CPU: x64
File System: NTFS
User: Ed and Lou 2
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 280895
Time Elapsed: 9 min, 41 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.55.2
Run by Ed and Lou 2 at 23:01:36 on 2014-06-26
.
============== Running Processes ================
.
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Users\Ed and Lou 2\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bq.bp.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{D34D4A84-3E9D-40D5-A6D9-93A100A1B04F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D34D4A84-3E9D-40D5-A6D9-93A100A1B04F}\A5978554C4F57303932357B656 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - <no file>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R? aswVmm;avast! VM Monitor
R? btusbflt;Bluetooth USB Filter
R? btwl2cap;Bluetooth L2CAP Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? LVRS64;Logitech RightSound Filter Driver
R? LVUVC64;Logitech QuickCam E3500(UVC)
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
S? AERTFilters;Andrea RT Filters Service
S? aswMonFlt;aswMonFlt
S? aswRvrt;avast! Revert
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswStm;aswStm
S? avast! Antivirus;avast! Antivirus
S? BcmVWL;Broadcom Virtual Wireless
S? CtClsFlt;Creative Camera Class Upper Filter Driver
S? cvhsvc;Client Virtualization Handler
S? DockLoginService;Dock Login Service
S? gfibto;gfibto
S? HECIx64;Intel(R) Management Engine Interface
S? Impcd;Impcd
S? IntcDAud;Intel(R) Display Audio
S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller
S? LVPr2M64;Logitech LVPr2M64 Driver
S? LVPrcS64;Process Monitor
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MBAMSwissArmy;MBAMSwissArmy
S? MBAMWebAccessControl;MBAMWebAccessControl
S? PSI;PSI
S? PxHlpa64;PxHlpa64
S? SBSDWSCService;SBSD Security Center Service
S? Secunia PSI Agent;Secunia PSI Agent
S? Secunia Update Agent;Secunia Update Agent
S? Sftfs;Sftfs
S? sftlist;Application Virtualization Client
S? Sftplay;Sftplay
S? Sftredir;Sftredir
S? Sftvol;Sftvol
S? sftvsa;Application Virtualization Service Agent
S? TomTomHOMEService;TomTomHOMEService
S? UNS;Intel(R) Management & Security Application User Notification Service
.
=============== Created Last 30 ================
.
2014-06-26 21:42:49 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-26 21:41:57 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-26 21:41:57 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-26 21:41:57 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-26 21:41:57 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-26 21:41:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-26 20:54:01 -------- d-----w- C:\Users\Ed and Lou 2\AppData\Local\Apple
2014-06-26 06:26:07 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98C5FE22-C830-4559-8C3D-0AAC2DC16A15}\mpengine.dll
2014-06-20 22:57:57 -------- d-----w- C:\ProgramData\F321AC108F210EF99933826ED58525E0
2014-06-19 16:46:29 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-05-28 15:58:15 -------- d-----w- C:\Users\Ed and Lou 2\AppData\Local\Skype
.
==================== Find3M ====================
.
2014-05-29 22:39:11 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-29 22:39:11 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-03 06:45:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-16 03:02:58 354656 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2014-03-31 08:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 23:03:18.44 ===============
shelf life
2014-06-27, 04:45
See if you can run your AV in safe mode. To reach safe mode tap the f8 key after you restart your computer. Chose the first option from the list; Safe Mode.
Do a full scan in safe mode. Reboot machine normally, download and run adwcleaner:
Please download Adwcleaner.exe (http://www.bleepingcomputer.com/download/adwcleaner/) to your desktop.
Double click on AdwCleaner.exe, select OK, then Run
Click on the Scan button
Once its done click on the Report button
Copy and paste the contents of the log file in your reply
You can also find the logfile at C:\AdwCleaner[R1].txt as well
Exit AdwCleaner with the X (close) button. click ok at the final prompt.
I've booted in Safe Mode (no networking) and run avast! twice, with no malware found. I rebooted normally, but can't load avast!. I've run adwcleaner and the logfile is below.
# AdwCleaner v3.213 - Report created 27/06/2014 at 21:31:57
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : Ed and Lou 2 - EDANDLOU2-PC
# Running from : C:\Users\Ed and Lou 2\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found : C:\Program Files (x86)\adawaretb
Folder Found : C:\Program Files (x86)\Toolbar Cleaner
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\Users\Ed and Lou 2\AppData\LocalLow\adawaretb
Folder Found : C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\adawaretb
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\Software\Toolbar Cleaner
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16476
-\\ Mozilla Firefox v29.0.1 (en-US)
[ File : C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [1791 octets] - [27/06/2014 21:31:57]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1851 octets] ##########
shelf life
2014-06-28, 02:47
ok thanks for the info. Two things:
First you can rerun adwcleaner like you did before. Click the scan button, once the scan is done click the clean button. After the reboot a log will be displayed showing the removed items which you can copy/paste in your reply.
Next: We will get another download to use:
Please download Farbar Recovery Scan Tool and save it to your Desktop.
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Looks like you will need to get the 64bit version
Right-click the FRST icon on your desktop then click "Run as administrator"
When the tool opens-click Yes to the disclaimer.
Press the Scan button.
When finished, it will produce a log called FRST.txt in the same directory the tool was run from.(your desktop)
Please copy and paste the log in your next reply.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
Hello,
First, I am not completely confident that ERUNT has backed up the registry. A few times at start up a few warning boxes showed up, and the last one mentioned something like " the registry will be restored but a new OS will be needed to....". I was going to screen-shot it but it did not arrive for both of the last two start ups.
I have done as you said:
1. adwcleaner, scan and clean [log in text]
2. FRST , scan only
[B]# AdwCleaner v3.213 - Report created 28/06/2014 at 07:45:51
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : Ed and Lou 2 - EDANDLOU2-PC
# Running from : C:\Users\Ed and Lou 2\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Users\Ed and Lou 2\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\adawaretb
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16476
-\\ Mozilla Firefox v29.0.1 (en-US)
[ File : C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [1943 octets] - [27/06/2014 21:31:57]
AdwCleaner[R1].txt - [2003 octets] - [28/06/2014 07:44:44]
AdwCleaner[S0].txt - [1856 octets] - [28/06/2014 07:45:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1916 octets] ##########
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 01
Ran by Ed and Lou 2 (administrator) on EDANDLOU2-PC on 28-06-2014 08:04:33
Running from C:\Users\Ed and Lou 2\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Ed and Lou 2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-08] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-14] (Realtek Semiconductor)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM-x32\...\Run: [DellSupportCenter] => c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-06] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1729037807-3945438059-1432830009-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Ed and Lou 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe (No File)
Startup: C:\Users\Ed and Lou 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ed and Lou 2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ed and Lou 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120703223727.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120703223727.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://bq.bp.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default
FF DefaultSearchEngine: Bing
FF Homepage: hxxp://www.google.co.uk/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Lavasoft Search Plugin - C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-11-28]
FF Extension: DownloadHelper - C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-28]
FF Extension: Tube Enhancer Plus - C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2014-02-27]
FF Extension: Modify Headers - C:\Users\Ed and Lou 2\AppData\Roaming\Mozilla\Firefox\Profiles\wfdrlyc3.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2012-04-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-09]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
Chrome:
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-02]
CHR Extension: (Google Drive) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-02]
CHR Extension: (YouTube) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-02]
CHR Extension: (Google Search) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-02]
CHR Extension: (ProxMate - Improve your Internet!) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-03-02]
CHR Extension: (Google Wallet) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (Gmail) - C:\Users\Ed and Lou 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-02]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-20] (AVAST Software)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-06-27] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-06-27] (Secunia)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-20] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-20] (AVAST Software)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-11-28] (GFI Software)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 aswVmm; \??\C:\Users\EDANDL~1\AppData\Local\Temp\aswVmm.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-28 08:04 - 2014-06-28 08:05 - 00023032 _____ () C:\Users\Ed and Lou 2\Desktop\FRST.txt
2014-06-28 08:03 - 2014-06-28 08:04 - 00000000 ____D () C:\FRST
2014-06-28 07:55 - 2014-06-28 07:55 - 02083328 _____ (Farbar) C:\Users\Ed and Lou 2\Desktop\FRST64.exe
2014-06-28 07:53 - 2014-06-28 07:53 - 00002000 _____ () C:\Users\Ed and Lou 2\Desktop\AdwCleaner[S0].txt
2014-06-27 21:32 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-27 21:31 - 2014-06-28 07:45 - 00000000 ____D () C:\AdwCleaner
2014-06-27 21:31 - 2014-06-27 21:31 - 01342659 _____ () C:\Users\Ed and Lou 2\Desktop\AdwCleaner.exe
2014-06-26 22:42 - 2014-06-28 07:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-26 22:42 - 2014-06-26 22:42 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 22:42 - 2014-06-26 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 22:41 - 2014-06-26 22:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-26 22:41 - 2014-06-26 22:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 22:41 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-26 22:41 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-26 22:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-26 21:54 - 2014-06-26 21:54 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Local\Apple
2014-06-21 02:50 - 2014-06-21 02:50 - 05185536 _____ (AVAST Software) C:\Users\Ed and Lou 2\Desktop\aswMBR.exe
2014-06-21 02:38 - 2014-06-21 02:38 - 00688992 ____R (Swearware) C:\Users\Ed and Lou 2\Desktop\dds.scr
2014-06-21 02:37 - 2014-06-21 02:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-21 02:37 - 2014-06-21 02:37 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-20 23:57 - 2014-06-26 21:47 - 00000000 ____D () C:\ProgramData\F321AC108F210EF99933826ED58525E0
2014-06-03 01:33 - 2014-06-03 01:33 - 512601434 _____ () C:\Windows\MEMORY.DMP
2014-06-03 01:33 - 2014-06-03 01:33 - 00279096 _____ () C:\Windows\Minidump\060314-21730-01.dmp
2014-06-03 01:33 - 2014-06-03 01:33 - 00000000 ____D () C:\Windows\Minidump
2014-05-29 22:25 - 2014-05-29 23:49 - 00000145 _____ () C:\Users\Ed and Lou 2\Desktop\Remortgage May 2014 FACTS.txt
==================== One Month Modified Files and Folders =======
2014-06-28 08:05 - 2014-06-28 08:04 - 00023032 _____ () C:\Users\Ed and Lou 2\Desktop\FRST.txt
2014-06-28 08:04 - 2014-06-28 08:03 - 00000000 ____D () C:\FRST
2014-06-28 08:03 - 2011-02-12 12:07 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-28 07:55 - 2014-06-28 07:55 - 02083328 _____ (Farbar) C:\Users\Ed and Lou 2\Desktop\FRST64.exe
2014-06-28 07:54 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-28 07:54 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-28 07:53 - 2014-06-28 07:53 - 00002000 _____ () C:\Users\Ed and Lou 2\Desktop\AdwCleaner[S0].txt
2014-06-28 07:51 - 2009-07-14 06:10 - 01491988 _____ () C:\Windows\WindowsUpdate.log
2014-06-28 07:49 - 2014-06-26 22:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 07:48 - 2014-05-03 07:34 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Roaming\DropboxMaster
2014-06-28 07:48 - 2013-01-23 22:21 - 00000000 ___RD () C:\Users\Ed and Lou 2\Dropbox
2014-06-28 07:48 - 2013-01-23 22:18 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Roaming\Dropbox
2014-06-28 07:47 - 2011-02-12 12:07 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-28 07:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-28 07:47 - 2009-07-14 05:51 - 00161077 _____ () C:\Windows\setupact.log
2014-06-28 07:46 - 2010-08-25 00:06 - 00895298 _____ () C:\Windows\PFRO.log
2014-06-28 07:45 - 2014-06-27 21:31 - 00000000 ____D () C:\AdwCleaner
2014-06-27 23:12 - 2012-07-20 16:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-27 21:31 - 2014-06-27 21:31 - 01342659 _____ () C:\Users\Ed and Lou 2\Desktop\AdwCleaner.exe
2014-06-27 21:24 - 2012-11-27 23:19 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-27 17:35 - 2013-10-31 10:26 - 00002174 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-27 17:19 - 2010-10-04 22:17 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{991DD349-1CA5-4023-A8EE-0372A0D9409B}
2014-06-27 02:57 - 2011-02-12 12:07 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-27 02:57 - 2011-02-12 12:07 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-26 22:42 - 2014-06-26 22:42 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 22:42 - 2014-06-26 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 22:42 - 2014-06-26 22:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-26 22:42 - 2009-07-14 06:13 - 00005392 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-26 22:41 - 2014-06-26 22:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 21:58 - 2013-05-30 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-26 21:54 - 2014-06-26 21:54 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Local\Apple
2014-06-26 21:47 - 2014-06-20 23:57 - 00000000 ____D () C:\ProgramData\F321AC108F210EF99933826ED58525E0
2014-06-21 02:50 - 2014-06-21 02:50 - 05185536 _____ (AVAST Software) C:\Users\Ed and Lou 2\Desktop\aswMBR.exe
2014-06-21 02:38 - 2014-06-21 02:38 - 00688992 ____R (Swearware) C:\Users\Ed and Lou 2\Desktop\dds.scr
2014-06-21 02:38 - 2012-07-18 17:11 - 00000000 ____D () C:\Windows\ERDNT
2014-06-21 02:37 - 2014-06-21 02:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-21 02:37 - 2014-06-21 02:37 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-21 00:13 - 2009-07-14 03:34 - 00449915 ____R () C:\Windows\system32\Drivers\etc\hosts.20140626-215315.backup
2014-06-20 22:02 - 2010-08-27 21:40 - 00000000 ___RD () C:\Users\Ed and Lou 2\Documents\EM
2014-06-16 22:08 - 2010-08-27 21:06 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Roaming\SoftGrid Client
2014-06-16 21:00 - 2013-03-02 13:23 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-11 23:29 - 2013-08-01 21:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 23:27 - 2010-08-31 10:15 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-09 12:43 - 2011-03-04 22:24 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-06-09 12:43 - 2011-03-04 22:22 - 00000000 ____D () C:\ProgramData\DivX
2014-06-09 12:42 - 2013-12-01 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-06-03 01:33 - 2014-06-03 01:33 - 512601434 _____ () C:\Windows\MEMORY.DMP
2014-06-03 01:33 - 2014-06-03 01:33 - 00279096 _____ () C:\Windows\Minidump\060314-21730-01.dmp
2014-06-03 01:33 - 2014-06-03 01:33 - 00000000 ____D () C:\Windows\Minidump
2014-06-02 22:10 - 2011-01-11 20:43 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Roaming\vlc
2014-05-30 09:03 - 2010-08-27 20:11 - 00000000 ____D () C:\Users\Ed and Lou 2
2014-05-29 23:49 - 2014-05-29 22:25 - 00000145 _____ () C:\Users\Ed and Lou 2\Desktop\Remortgage May 2014 FACTS.txt
2014-05-29 23:39 - 2012-07-20 16:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-29 23:39 - 2012-04-02 08:10 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-29 23:39 - 2011-11-18 18:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-29 10:59 - 2010-08-28 08:38 - 00000000 ____D () C:\Users\Ed and Lou 2\AppData\Roaming\Skype
Some content of TEMP:
====================
C:\Users\Ed and Lou 2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3nhebb.dll
C:\Users\Ed and Lou 2\AppData\Local\Temp\Quarantine.exe
C:\Users\Ed and Lou 2\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-20 18:28
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2014 01
Ran by Ed and Lou 2 at 2014-06-28 08:05:23
Running from C:\Users\Ed and Lou 2\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
AC3Filter 1.62b (HKLM-x32\...\AC3Filter_is1) (Version: 1.62b - Alexander Vigovsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11,2,392,0 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM-x32\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 1.1.500.0 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.5123.5005 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.2 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
Secunia PSI (3.0.0.2004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.2004 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8312 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.20.0 - Synaptics Incorporated)
TomTom HOME 2.8.1.2218 (HKLM-x32\...\TomTom HOME) (Version: 2.8.1.2218 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio C++ 9.0 Runtime (HKLM-x32\...\{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}) (Version: 1.0.0 - TomTom International B.V.)
VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
30-05-2014 23:02:48 Scheduled Checkpoint
03-06-2014 15:30:43 Windows Update
06-06-2014 19:30:08 Windows Update
10-06-2014 16:19:48 Windows Update
11-06-2014 22:26:28 Windows Update
17-06-2014 16:46:28 Windows Update
20-06-2014 17:09:53 Windows Update
26-06-2014 06:17:39 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2014-06-26 21:53 - 00449915 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {679BF396-A3E5-462F-8BC0-E96E4F4A64EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12] (Google Inc.)
Task: {79F94D2B-EDA2-445B-81BC-76297DE269F6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {81DCD538-AD3D-4D8E-A88F-71E265473207} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {AA11C434-D979-44B7-9F2B-EACC83FD024F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-12] (Google Inc.)
Task: {ACAD5FFE-DA23-4314-A68D-01686709FBB7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-20] (AVAST Software)
Task: {B0406793-82DF-487D-961A-E943A802EB13} - System32\Tasks\{9399B6F6-5579-4FB9-8B5D-D050D833BD88} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {B1A32DBB-B5E4-4295-88E3-9CCFB363512C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D5C34925-43A5-43E4-B4BE-35F09A444BA1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-29] (Adobe Systems Incorporated)
Task: {DB978A67-8D8F-43F9-A0B6-E8140C6C4291} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2009-10-14 14:36 - 2009-10-14 14:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 14:34 - 2009-10-14 14:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-06-27 21:24 - 2014-06-27 18:38 - 02787840 _____ () C:\Program Files\AVAST Software\Avast\defs\14062701\algo.dll
2014-06-28 07:47 - 2014-06-28 07:47 - 00043008 _____ () c:\Users\Ed and Lou 2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3nhebb.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Ed and Lou 2\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Password 2.lnk => C:\Windows\pss\Password 2.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Update => C:\Users\Ed and Lou 2\AppData\Roaming\toip0_tmp.exe
==================== Faulty Device Manager Devices =============
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/27/2014 00:02:14 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Error: (06/26/2014 11:57:45 PM) (Source: SideBySide) (EventID: 75) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.
Error: (06/26/2014 10:42:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (06/26/2014 10:42:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (06/26/2014 09:50:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (06/26/2014 09:50:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (06/26/2014 07:23:54 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error: (06/26/2014 07:18:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (06/26/2014 07:18:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (06/21/2014 07:39:27 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
System errors:
=============
Error: (06/27/2014 05:50:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (06/27/2014 05:36:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (06/27/2014 05:33:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (06/27/2014 05:33:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (06/27/2014 05:33:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (06/27/2014 05:33:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (06/27/2014 05:33:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (06/27/2014 05:33:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (06/27/2014 05:33:49 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (06/27/2014 05:33:49 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Microsoft Office Sessions:
=========================
Error: (06/27/2014 00:02:14 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
Error: (06/26/2014 11:57:45 PM) (Source: SideBySide) (EventID: 75) (User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2
Error: (06/26/2014 10:42:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (06/26/2014 10:42:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (06/26/2014 09:50:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (06/26/2014 09:50:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (06/26/2014 07:23:54 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error: (06/26/2014 07:18:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (06/26/2014 07:18:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (06/21/2014 07:39:27 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
CodeIntegrity Errors:
===================================
Date: 2012-07-18 22:51:12.309
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-07-18 22:51:12.231
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 43%
Total physical RAM: 3892.52 MB
Available physical RAM: 2191.15 MB
Total Pagefile: 7783.15 MB
Available Pagefile: 5834.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:157.13 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: F6996217)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
==================== End Of Log ============================
shelf life
2014-06-28, 17:03
ok thanks for the info. We will use FRST once more with one change.
Copy paste whats below in the box into Notepad (Start>All Programs> Accessories>Notepad). Save it to your desktop as: fixlist.txt
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Next start FRST like last time but this time press the Fix button once, rather than the scan button like last time. The tool will run automatically, when its done it will create a FixLog.txt file on your desktop which you can copy/paste in your reply.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-06-2014 01
Ran by Ed and Lou 2 at 2014-06-28 23:19:02 Run:1
Running from C:\Users\Ed and Lou 2\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
*****************
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
==== End of Fixlog ====
shelf life
2014-06-29, 02:53
You should be able to run Avast now with no problems. If all is good on your end I think we can end this thing.
I ran avast! immediately when I read grouppolicy changed, full scan, no problems.
Can I ask, what was it? How can I avoid this again, other than all previous advice on this [wonderful] forum?
shelf life
2014-06-29, 16:10
Something changed permissions so antivirus software wouldnt run. What or exactly how you got it cant really say. May have happened after I told you to allow that UAC prompt you were getting back in your first post.
You can delete the FRST icon and associated files from your desktop. Theres also a FRST folder in your root drive, usually C: that you can delete also.
Keep and use Malwarebytes, remember the free version must be updated manually and a scan started manually. Secunia is a good tool for staying updated. Looks like you are doing all the right things.
Some tips in link. Happy Safe Surfing out there.
OK, many thanks, very much appreciated.
Ed