Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Lots of infections, cleared lots, need a check please [Solved]

Started by hdb , Aug 23 2014 12:39 PM

  • This topic is locked This topic is locked

#1
hdb
Posted 23 August 2014 - 12:39 PM

hdb

    New Member

  • Member
  • Pip
  • 4 posts

Hi, I'm helping a relative with their system which could not connect at all to the internet.  After investigation I found that there was actually an internet

connection (could ping various sites) and the problem was with the browsers (both IE and Chrome couldn't show any webpage, nor the router homepage either).

 

I started by removing a lot (10-15) unwanted programs via Control Panel.  Things like Optimize Pro, various toolbars, system cleaners and anything else that

looked dodgy and I didn't recognise.  This helped a lot and I was then able to connect to the internet.  I also removed several unwanted search engine configs

from within IE and changed the homepage back to google (it had been hijacked to something else).

 

I continued by downloading the free trial version of Malwarebytes Anti-Malware and ran a full scan including root kits.  It found a ton of bad stuff (over 700

items) which I fixed and quarantined.  Sadly it kept crashing when saving the log so I just fixed the errors without saving a log. The system is running much better now, but I wanted your help to check it thoroughly any case any nasties are still hanging around.  I've run OTL and paste the logs below.

 

Thanks in advance!

 

OTL logfile created on: 23/08/2014 19:25:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hilary\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.40% Memory free
4.22 Gb Paging File | 3.11 Gb Available in Paging File | 73.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.94 Gb Total Space | 48.00 Gb Free Space | 34.55% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.94 Gb Free Space | 59.45% Space Free | Partition Type: NTFS
 
Computer Name: HILARY-PC | User Name: Hilary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/23 12:17:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hilary\Desktop\OTL.exe
PRC - [2014/08/01 18:23:19 | 000,543,232 | ---- | M] () -- C:\Program Files\005\cyycfhtzro32.exe
PRC - [2014/07/31 21:20:42 | 000,150,528 | ---- | M] () -- C:\Program Files\60DFCCEC-70F7-413B-8AA4-F82B76E1EB9F\etmajyzoqm.exe
PRC - [2014/03/26 21:14:49 | 000,309,704 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/09/13 01:46:58 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2013/08/14 15:19:56 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/05/14 10:03:20 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/05 16:57:30 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbacoms.exe
PRC - [2007/03/05 16:57:16 | 000,435,696 | ---- | M] () -- C:\Program Files\Dell AIO Printer A940\DLBAmon.exe
PRC - [2006/11/05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/02 13:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007/03/05 16:57:16 | 000,435,696 | ---- | M] () -- C:\Program Files\Dell AIO Printer A940\DLBAmon.exe
MOD - [2006/11/05 10:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 10:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Windows\System32\LEXBCES.EXE -- (LexBceS)
SRV - [2014/07/09 23:05:17 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 16:57:30 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbacoms.exe -- (dlba_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\xelmutfv.sys -- (xelmutfv)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vumexiim.sys -- (vumexiim)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vptvqoso.sys -- (vptvqoso)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vboqrgom.sys -- (vboqrgom)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\uixfiulj.sys -- (uixfiulj)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\sxmdndos.sys -- (sxmdndos)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\skbaqiyb.sys -- (skbaqiyb)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qwqeerwf.sys -- (qwqeerwf)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qdcobhbt.sys -- (qdcobhbt)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\pvypmauo.sys -- (pvypmauo)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\orvqgttq.sys -- (orvqgttq)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\odnnqtgy.sys -- (odnnqtgy)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nzkmecot.sys -- (nzkmecot)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nagakxhf.sys -- (nagakxhf)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lsdrogei.sys -- (lsdrogei)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lfxdgvkz.sys -- (lfxdgvkz)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lcuqnixc.sys -- (lcuqnixc)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ksveguat.sys -- (ksveguat)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\kdejfrjs.sys -- (kdejfrjs)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hxscnvsk.sys -- (hxscnvsk)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\heiosjxs.sys -- (heiosjxs)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\fpbgoyvy.sys -- (fpbgoyvy)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\foazpmva.sys -- (foazpmva)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\fhqbmfjv.sys -- (fhqbmfjv)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\eotdmpkj.sys -- (eotdmpkj)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\eikmtwri.sys -- (eikmtwri)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\edyaqciv.sys -- (edyaqciv)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\edxxxclv.sys -- (edxxxclv)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\cpzvszvp.sys -- (cpzvszvp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\bmsjvacq.sys -- (bmsjvacq)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\blmrmocs.sys -- (blmrmocs)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\aovubnyc.sys -- (aovubnyc)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\akehetmj.sys -- (akehetmj)
DRV - [2014/08/23 18:37:58 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/07/31 21:20:42 | 000,047,488 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\System32\drivers\netfilter.sys -- (netfilter)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2007/05/21 12:35:14 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.tb.ask...or={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUK
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...&p={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2830576
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=2080719
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.c...w=%s&tbid=60195
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\URLSearchHook: {4c60e5ab-5c68-4c59-abaa-885010b24b32} - No CLSID value found
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - No CLSID value found
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.c...rms}&tbid=60195
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}: "URL" = http://search.alot.c...rsion=2.4.4.414
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://inboxtoolbar....id=80150&lng=en
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{ECA5A14E-416F-473C-BF09-C4EBF2CD7CB8}: "URL" = http://www.fastbrows...AA-74C2D19A5434}
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49686;https=127.0.0.1:49686
 
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=2080719
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://inboxtoolbar....tb_id&%language
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.g...smb&ibd=2080719
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - No CLSID value found
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}: "URL" = http://search.alot.c...rsion=2.4.4.414
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://inboxtoolbar....id=80150&lng=en
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{ECA5A14E-416F-473C-BF09-C4EBF2CD7CB8}: "URL" = http://www.fastbrows...AA-74C2D19A5434}
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/13 01:48:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/13 01:48:58 | 000,000,000 | ---D | M]
 
[2011/05/12 21:09:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Webpage Screenshot Bar = C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\akgpcdalpfphjmfifkmfbpdmgdmeeaeo\184\
CHR - Extension: YouTube = C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2021.112_0\
CHR - Extension: RealDownloader = C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google Wallet = C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\..\Toolbar\WebBrowser: (no name) - {EECBB8D2-B448-4B01-A402-969E4D5847E5} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\..\Toolbar\WebBrowser: (no name) - {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\..\Toolbar\WebBrowser: (no name) - {F5046A39-68F3-4732-995F-EB2EA26D93FB} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\..\Toolbar\WebBrowser: (no name) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {DA7A20CF-BEF4-4342-AD78-0240FDF87055} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {EECBB8D2-B448-4B01-A402-969E4D5847E5} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {F5046A39-68F3-4732-995F-EB2EA26D93FB} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\d748a8eb-249d-45df-94be-4c3f146eb0f6.exe /check File not found
O4 - HKLM..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" File not found
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [dlbamon.exe] C:\Program Files\Dell AIO Printer A940\dlbamon.exe ()
O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe File not found
O4 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Freddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Users\Freddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk =  File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_60)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1948A7C4-9CD6-4EE0-AE34-5A824B23E3E0}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hilary\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hilary\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/23 19:17:42 | 001,094,656 | ---- | C] (Farbar) -- C:\Users\Hilary\Desktop\FRST.exe
[2014/08/23 19:17:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hilary\Desktop\OTL.exe
[2014/08/23 12:37:21 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/08/23 12:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/08/23 12:36:57 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/08/23 12:36:57 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/08/23 12:36:57 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/08/23 12:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/08/23 12:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/08/23 12:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\saVVinoshoop
[2014/08/23 12:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\a6c8f175e9040f28
[2014/08/23 12:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\saVVinoshoop
[2014/08/23 11:32:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/08/23 11:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\predm
[2014/08/13 23:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Kromtech
[2014/08/12 19:46:46 | 000,000,000 | ---D | C] -- C:\Users\Hilary\2014-08-12 Fred Snr with Fred Junior
[2014/08/08 23:34:22 | 000,000,000 | ---D | C] -- C:\Users\Hilary\2014-08-08
[2014/08/06 22:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/08/06 22:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/06 22:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/08/06 22:34:56 | 000,000,000 | ---D | C] -- C:\Users\Hilary\AppData\Roaming\systweak
[2014/08/06 22:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2014/08/06 22:33:21 | 000,000,000 | ---D | C] -- C:\Users\Hilary\AppData\Roaming\Store
[2014/08/06 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\Hilary\AppData\Roaming\Nosibay
[2014/08/06 22:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginServices
[2014/08/06 22:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\SupTab
[2014/08/06 22:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsMangerProtect
[2014/08/01 19:59:00 | 000,000,000 | ---D | C] -- C:\Users\Hilary\AppData\Local\BrowserSafeguard
[2014/08/01 18:29:50 | 000,000,000 | ---D | C] -- C:\Users\Hilary\Documents\Optimizer Pro
[2014/08/01 18:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\AllDaySavings
[2014/08/01 18:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\60DFCCEC-70F7-413B-8AA4-F82B76E1EB9F
[2014/08/01 18:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\005
[2014/08/01 18:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2014/07/31 21:20:42 | 000,047,488 | ---- | C] (NetFilterSDK.com) -- C:\Windows\System32\drivers\netfilter.sys
[3 C:\Users\Hilary\Documents\*.tmp files -> C:\Users\Hilary\Documents\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/23 19:29:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/23 19:15:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3207182459-3137103681-3292432866-1001UA.job
[2014/08/23 19:05:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/23 18:37:58 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/08/23 18:36:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/23 18:36:07 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/23 18:36:07 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/23 18:36:02 | 000,430,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/08/23 18:35:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/23 18:35:47 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/23 14:15:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3207182459-3137103681-3292432866-1001Core.job
[2014/08/23 12:37:10 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/23 12:31:44 | 011,112,998 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/08/23 12:31:44 | 005,454,510 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/08/23 12:17:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hilary\Desktop\OTL.exe
[2014/08/23 12:16:12 | 001,094,656 | ---- | M] (Farbar) -- C:\Users\Hilary\Desktop\FRST.exe
[2014/08/23 11:39:32 | 000,001,114 | ---- | M] () -- C:\Users\Hilary\Desktop\Live PC Help.lnk
[2014/08/23 11:31:02 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/23 11:31:02 | 000,001,769 | ---- | M] () -- C:\Users\Hilary\Desktop\Search.lnk
[2014/08/23 11:31:02 | 000,001,623 | ---- | M] () -- C:\Users\Public\Desktop\t.lnk
[2014/08/23 11:30:58 | 000,001,957 | ---- | M] () -- C:\Users\Hilary\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/08/23 11:30:58 | 000,001,793 | ---- | M] () -- C:\Users\Hilary\Application Data\Microsoft\Internet Explorer\Quick Launch\Search.lnk
[2014/08/23 11:30:58 | 000,000,905 | ---- | M] () -- C:\Users\Hilary\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/08/23 11:28:34 | 000,000,889 | ---- | M] () -- C:\Users\Hilary\Desktop\Continue Live Installation.lnk
[2014/08/23 11:27:07 | 000,001,666 | ---- | M] () -- C:\Windows\System32\${LOGFILE}
[2014/08/21 00:04:58 | 000,139,488 | ---- | M] () -- C:\Windows\System32\XMLOperations.xml
[2014/08/20 11:10:41 | 000,018,872 | ---- | M] () -- C:\Windows\System32\drivers\SPPD.sys
[2014/08/14 01:09:48 | 000,000,082 | ---- | M] () -- C:\Windows\MPLAYER.INI
[2014/08/05 19:14:10 | 000,018,280 | ---- | M] () -- C:\Windows\System32\roboot.exe
[2014/07/31 21:20:42 | 000,047,488 | ---- | M] (NetFilterSDK.com) -- C:\Windows\System32\drivers\netfilter.sys
[3 C:\Users\Hilary\Documents\*.tmp files -> C:\Users\Hilary\Documents\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/23 12:37:10 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/23 12:32:28 | 000,196,992 | ---- | C] () -- C:\Program Files\65res.dll
[2014/08/23 11:39:32 | 000,001,114 | ---- | C] () -- C:\Users\Hilary\Desktop\Live PC Help.lnk
[2014/08/23 11:26:50 | 000,001,666 | ---- | C] () -- C:\Windows\System32\${LOGFILE}
[2014/08/21 00:04:58 | 000,139,488 | ---- | C] () -- C:\Windows\System32\XMLOperations.xml
[2014/08/20 12:01:31 | 000,001,799 | ---- | C] () -- C:\Users\Hilary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2014/08/20 12:01:31 | 000,001,793 | ---- | C] () -- C:\Users\Hilary\Application Data\Microsoft\Internet Explorer\Quick Launch\Search.lnk
[2014/08/20 12:01:30 | 000,001,769 | ---- | C] () -- C:\Users\Hilary\Desktop\Search.lnk
[2014/08/07 09:35:44 | 000,000,889 | ---- | C] () -- C:\Users\Hilary\Desktop\Continue Live Installation.lnk
[2014/08/01 18:21:37 | 000,018,872 | ---- | C] () -- C:\Windows\System32\drivers\SPPD.sys
[2013/08/04 11:23:41 | 000,018,280 | ---- | C] () -- C:\Windows\System32\roboot.exe
[2011/08/28 18:13:00 | 000,000,000 | ---- | C] () -- C:\Users\Hilary\AppData\Local\{241BA565-FF54-43DE-8375-635FDF00606D}
[2011/08/28 08:50:31 | 000,000,000 | ---- | C] () -- C:\Users\Hilary\AppData\Local\{78F80A1E-B1CD-4AB4-A608-5407DE546126}
[2011/08/26 21:22:22 | 000,000,000 | ---- | C] () -- C:\Users\Hilary\AppData\Local\{5A4016F7-34AD-4090-93F1-18D43AB0B958}
[2011/07/04 11:37:39 | 000,000,000 | ---- | C] () -- C:\Users\Hilary\AppData\Local\{9087D3F3-8EB3-49ED-B192-3FBA587B1E90}
[2011/07/03 17:35:10 | 000,000,000 | ---- | C] () -- C:\Users\Hilary\AppData\Local\{DBCFDFA1-FD11-4F0A-BF2D-45BBFF5118A6}
[2011/07/03 17:35:10 | 000,000,000 | ---- | C] () -- C:\Users\Hilary\AppData\Local\{B60FB86A-C8F6-4797-B9D5-4CEC758822D9}
[2011/05/08 17:42:21 | 000,000,632 | RHS- | C] () -- C:\Users\Hilary\ntuser.pol
[2009/10/19 20:57:21 | 000,001,356 | ---- | C] () -- C:\Users\Hilary\AppData\Local\d3d9caps.dat
[2009/04/15 18:00:09 | 025,262,434 | ---- | C] () -- C:\Users\Hilary\15-04-2009 17;56;00.pdf
[2008/07/23 12:38:32 | 000,006,144 | ---- | C] () -- C:\Users\Hilary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 14:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009/05/10 16:57:20 | 000,000,000 | ---D | M] -- C:\Users\Freddie\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/10/16 21:54:11 | 000,000,000 | ---D | M] -- C:\Users\Freddie\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/22 17:28:52 | 000,000,000 | ---D | M] -- C:\Users\Freddie\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2010/12/12 16:20:56 | 000,000,000 | ---D | M] -- C:\Users\Freddie\AppData\Roaming\Exent Technologies
[2011/01/01 16:22:46 | 000,000,000 | ---D | M] -- C:\Users\Freddie\AppData\Roaming\Kalydo
[2012/07/15 15:29:36 | 000,000,000 | ---D | M] -- C:\Users\Freddie\AppData\Roaming\MusicNet
[2008/10/19 14:27:03 | 000,000,000 | ---D | M] -- C:\Users\Freddie\AppData\Roaming\PeerNetworking
[2014/08/20 10:10:25 | 000,000,000 | ---D | M] -- C:\Users\Freddie\AppData\Roaming\System Speedup
[2014/08/23 19:18:02 | 000,000,000 | ---D | M] -- C:\Users\Freddie\AppData\Roaming\Systweak
[2014/02/21 12:42:17 | 000,000,000 | ---D | M] -- C:\Users\Hilary\AppData\Roaming\Astro Gemini Software
[2009/04/20 21:47:33 | 000,000,000 | ---D | M] -- C:\Users\Hilary\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/09/03 21:23:48 | 000,000,000 | ---D | M] -- C:\Users\Hilary\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/29 22:08:34 | 000,000,000 | ---D | M] -- C:\Users\Hilary\AppData\Roaming\MusicNet
[2009/01/18 20:19:00 | 000,000,000 | ---D | M] -- C:\Users\Hilary\AppData\Roaming\MyFamily.com
[2014/07/12 16:38:50 | 000,000,000 | ---D | M] -- C:\Users\Hilary\AppData\Roaming\Oracle
[2014/08/23 12:31:22 | 000,000,000 | ---D | M] -- C:\Users\Hilary\AppData\Roaming\Store
[2014/08/23 11:39:30 | 000,000,000 | ---D | M] -- C:\Users\Hilary\AppData\Roaming\systweak
 
========== Purity Check ==========
 
 

< End of report >


  • 0

Advertisements

#2
Essexboy
Posted 23 August 2014 - 01:03 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, you are correct it was badly infected. What antivirus are they using ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]

:OTL
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\xelmutfv.sys -- (xelmutfv)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vumexiim.sys -- (vumexiim)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vptvqoso.sys -- (vptvqoso)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vboqrgom.sys -- (vboqrgom)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\uixfiulj.sys -- (uixfiulj)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\sxmdndos.sys -- (sxmdndos)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\skbaqiyb.sys -- (skbaqiyb)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qwqeerwf.sys -- (qwqeerwf)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qdcobhbt.sys -- (qdcobhbt)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\pvypmauo.sys -- (pvypmauo)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\orvqgttq.sys -- (orvqgttq)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\odnnqtgy.sys -- (odnnqtgy)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nzkmecot.sys -- (nzkmecot)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nagakxhf.sys -- (nagakxhf)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lsdrogei.sys -- (lsdrogei)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lfxdgvkz.sys -- (lfxdgvkz)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lcuqnixc.sys -- (lcuqnixc)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ksveguat.sys -- (ksveguat)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\kdejfrjs.sys -- (kdejfrjs)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hxscnvsk.sys -- (hxscnvsk)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\heiosjxs.sys -- (heiosjxs)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\fpbgoyvy.sys -- (fpbgoyvy)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\foazpmva.sys -- (foazpmva)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\fhqbmfjv.sys -- (fhqbmfjv)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\eotdmpkj.sys -- (eotdmpkj)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\eikmtwri.sys -- (eikmtwri)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\edyaqciv.sys -- (edyaqciv)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\edxxxclv.sys -- (edxxxclv)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\cpzvszvp.sys -- (cpzvszvp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\bmsjvacq.sys -- (bmsjvacq)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\blmrmocs.sys -- (blmrmocs)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\aovubnyc.sys -- (aovubnyc)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\akehetmj.sys -- (akehetmj)
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...&p={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2830576
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=2080719
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.c...w=%s&tbid=60195!!~~~~~~~~~~ie-sucks~~~~~~~~~~~~!!IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\URLSearchHook: {4c60e5ab-5c68-4c59-abaa-885010b24b32} - No CLSID value found
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - No CLSID value found
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.c...rms}&tbid=60195
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}: "URL" = http://search.alot.c...rsion=2.4.4.414
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://inboxtoolbar....id=80150&lng=en
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{ECA5A14E-416F-473C-BF09-C4EBF2CD7CB8}: "URL" = http://www.fastbrows...AA-74C2D19A5434}
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49686;https=127.0.0.1:49686
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=2080719
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://inboxtoolbar....tb_id&%language!!~~~~~~~~~~ie-sucks~~~~~~~~~~~~!!IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.g...smb&ibd=2080719
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - No CLSID value found
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}: "URL" = http://search.alot.c...rsion=2.4.4.414
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://inboxtoolbar....id=80150&lng=en
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{ECA5A14E-416F-473C-BF09-C4EBF2CD7CB8}: "URL" = http://www.fastbrows...AA-74C2D19A5434}
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\..\Toolbar\WebBrowser: (no name) - {EECBB8D2-B448-4B01-A402-969E4D5847E5} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\..\Toolbar\WebBrowser: (no name) - {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\..\Toolbar\WebBrowser: (no name) - {F5046A39-68F3-4732-995F-EB2EA26D93FB} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\..\Toolbar\WebBrowser: (no name) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {DA7A20CF-BEF4-4342-AD78-0240FDF87055} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {EECBB8D2-B448-4B01-A402-969E4D5847E5} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {F5046A39-68F3-4732-995F-EB2EA26D93FB} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe File not found
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\d748a8eb-249d-45df-94be-4c3f146eb0f6.exe /check File not found
O4 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe File not found
O4 - Startup: C:\Users\Freddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk =  File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
[2014/08/23 12:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\saVVinoshoop
[2014/08/23 12:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\a6c8f175e9040f28
[2014/08/23 12:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\saVVinoshoop
[2014/08/06 22:34:56 | 000,000,000 | ---D | C] -- C:\Users\Hilary\AppData\Roaming\systweak
[2014/08/06 22:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2014/08/06 22:33:21 | 000,000,000 | ---D | C] -- C:\Users\Hilary\AppData\Roaming\Store
[2014/08/06 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\Hilary\AppData\Roaming\Nosibay
[2014/08/06 22:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginServices
[2014/08/06 22:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\SupTab
[2014/08/06 22:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsMangerProtect
[2014/08/01 19:59:00 | 000,000,000 | ---D | C] -- C:\Users\Hilary\AppData\Local\BrowserSafeguard
[2014/08/01 18:29:50 | 000,000,000 | ---D | C] -- C:\Users\Hilary\Documents\Optimizer Pro
[2014/08/01 18:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\AllDaySavings
[2014/08/01 18:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\60DFCCEC-70F7-413B-8AA4-F82B76E1EB9F
[2014/08/01 18:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\005
[2014/08/01 18:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2014/07/31 21:20:42 | 000,047,488 | ---- | C] (NetFilterSDK.com) -- C:\Windows\System32\drivers\netfilter.sys
[2014/08/23 11:39:32 | 000,001,114 | ---- | M] () -- C:\Users\Hilary\Desktop\Live PC Help.lnk

:Files
C:\Program Files\005
C:\Program Files\60DFCCEC-70F7-413B-8AA4-F82B76E1EB9F

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
FINALLY

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
hdb
Posted 24 August 2014 - 06:29 AM

hdb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Hi, thanks very much for your help.  Sadly it appears they are only running MSE and nothing else.  If you can recommend some better (free) protection that would be great.

 

I ran OTL fix, but it failed (not responding and crashed) twice on the [emptytemp] part.  On the 3rd attempt it did get through it and restarted fine.  The adware log is pasted below:

 

# AdwCleaner v3.308 - Report created 24/08/2014 at 13:15:13
# Updated 20/08/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Hilary - HILARY-PC
# Running from : C:\Users\Hilary\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Free Ride Games
Folder Deleted : C:\ProgramData\iMesh
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh
Folder Deleted : C:\Program Files\BearShare Applications
Folder Deleted : C:\Program Files\predm
Folder Deleted : C:\Program Files\RebateInformer
Folder Deleted : C:\Users\Freddie\AppData\Local\Browsersafeguard
Folder Deleted : C:\Users\Freddie\AppData\Local\Conduit
Folder Deleted : C:\Users\Freddie\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Freddie\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Freddie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Freddie\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Freddie\AppData\LocalLow\FromDocToPDF_65
Folder Deleted : C:\Users\Freddie\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Freddie\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\Freddie\AppData\LocalLow\InboxAce_1g
Folder Deleted : C:\Users\Freddie\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Freddie\AppData\LocalLow\RadioRage_4j
Folder Deleted : C:\Users\Freddie\AppData\LocalLow\RebateInformer
Folder Deleted : C:\Users\Freddie\AppData\LocalLow\SiteRanker
Folder Deleted : C:\Users\Freddie\AppData\LocalLow\vmntoolbar
Folder Deleted : C:\Users\Freddie\AppData\Roaming\System Speedup
Folder Deleted : C:\Users\Freddie\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Hilary\AppData\Local\iac
Folder Deleted : C:\Users\Hilary\AppData\Local\PackageAware
Folder Deleted : C:\Users\Hilary\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Hilary\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Hilary\AppData\LocalLow\iac
Folder Deleted : C:\Users\Hilary\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Joan Jurin\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Joan Jurin\AppData\LocalLow\vmntoolbar
File Deleted : C:\Windows\system32\conduitEngine.tmp
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Users\Hilary\Desktop\Continue Live Installation.lnk

***** [ Scheduled Tasks ] *****

Task Deleted : LaunchApp

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\savoiNshop.savoiNshop
Key Deleted : HKLM\SOFTWARE\Classes\savoiNshop.savoiNshop.2.3
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1320680
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2769713
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2769726
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2830576
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3297951
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10273591-D084-4328-A7D0-49E051FCDE7B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4467989E-CDDF-EBD6-23D3-8393891656CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{395C94B1-59E6-4C65-8AF2-0F6763BC70A6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4467989E-CDDF-EBD6-23D3-8393891656CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7459F1D0-9FB6-4D71-AA7B-9DECB34EB704}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Nosibay
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Store
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\alot
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\System Speedup_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\1A594BF8F3A4D1C4DB72F3A32B6E7636
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16563

-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\Freddie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

[ File : C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MEC06C225-C174-4A61-AF75-B5F4664B280E&SearchSource=58&CUI=&UM=6&UP=SPD446278C-266C-4884-8B49-FA249BAE4162&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://www.istart123.com/web/?type=ds&ts=1407360688&from=adks&uid=WDCXWD1600AAJS-75B4A0_WD-WMAT2053157331573&q={searchTerms}
Deleted [Search Provider] : hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxpME1_IVPTybtl3fgNM1z8adx4RkqY1CfpusGiGLsGrQF2fT7a0XyUe-yjxp_nbVzytWPC_igSPQnb9OiPIv7hA5VcByq6F41mOH-y6PkfYF8KMHGHP9V5ydGwCttN1o8gQkoCSS88ZPyjDPCMFbLaMlEWAFu3jc-w,,&q={searchTerms}

*************************

AdwCleaner[R0].txt - [13614 octets] - [24/08/2014 13:13:51]
AdwCleaner[S0].txt - [13761 octets] - [24/08/2014 13:15:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13822 octets] ##########

 

Farbar log to follow.....


  • 0

#4
hdb
Posted 24 August 2014 - 06:33 AM

hdb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2014 01
Ran by Hilary (administrator) on HILARY-PC on 24-08-2014 13:26:51
Running from C:\Users\Hilary\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
( ) C:\Windows\System32\dlbacoms.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Dell AIO Printer A940\DLBAmon.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-14] (Realtek Semiconductor)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [Dell AIO Printer A940] => "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
HKLM\...\Run: [dlbamon.exe] => C:\Program Files\Dell AIO Printer A940\dlbamon.exe [435696 2007-03-05] ()
HKLM\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\real\realplayer\update\realsched.exe [295512 2013-09-13] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [205480 2007-08-30] (Macrovision Corporation)
HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-07-19] (Google Inc.)
HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Freddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicyUsers\S-1-5-21-3207182459-3137103681-3292432866-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://inboxtoolbar....aspx?tbid=80150
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://inboxtoolbar....aspx?tbid=80150
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-08]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-13]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage:
CHR StartupUrls: "hxxp://www.google.co.uk/"
CHR DefaultSearchKeyword: search.yahoo.com
CHR DefaultSearchProvider: Web
CHR DefaultSearchURL: http://feed.safefind...&q={searchTerms}
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\system32\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Webpage Screenshot Bar) - C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\akgpcdalpfphjmfifkmfbpdmgdmeeaeo [2014-08-23]
CHR Extension: (YouTube) - C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-30]
CHR Extension: (Google Search) - C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-30]
CHR Extension: (avast! Online Security) - C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-28]
CHR Extension: (RealDownloader) - C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-23]
CHR Extension: (Google Wallet) - C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]
CHR Extension: (Gmail) - C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-30]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 dlba_device; C:\Windows\system32\dlbacoms.exe [538096 2007-03-05] ( )
S2 gupdate1c99c334269bfd8; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-03-03] (Google Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
S4 LexBceS; C:\Windows\System32\LEXBCES.EXE [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [110296 2014-08-23] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 netfilter; system32\drivers\netfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 13:26 - 2014-08-24 13:29 - 00017433 _____ () C:\Users\Hilary\Downloads\FRST.txt
2014-08-24 13:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-24 13:13 - 2014-08-24 13:21 - 00000000 ____D () C:\AdwCleaner
2014-08-24 13:01 - 2014-08-24 13:01 - 00000000 ____D () C:\_OTL
2014-08-24 13:00 - 2014-08-24 13:26 - 00000000 ____D () C:\FRST
2014-08-24 13:00 - 2014-08-24 13:05 - 00602112 _____ (OldTimer Tools) C:\Users\Hilary\Downloads\OTL.exe
2014-08-24 12:59 - 2014-08-24 13:00 - 01095168 _____ (Farbar) C:\Users\Hilary\Downloads\FRST (1).exe
2014-08-24 12:59 - 2014-08-24 12:59 - 01095168 _____ (Farbar) C:\Users\Hilary\Downloads\FRST.exe
2014-08-24 12:58 - 2014-08-24 12:58 - 01364531 _____ () C:\Users\Hilary\Downloads\AdwCleaner.exe
2014-08-23 18:34 - 2014-08-23 19:20 - 00001228 _____ () C:\Users\Hilary\Desktop\Tim1.txt
2014-08-23 12:37 - 2014-08-23 18:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-23 12:37 - 2014-08-23 12:37 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-23 12:37 - 2014-08-23 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-23 12:36 - 2014-08-23 12:37 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-23 12:36 - 2014-08-23 12:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-23 12:36 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-23 12:36 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-23 12:36 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-23 11:26 - 2014-08-23 11:27 - 00001666 _____ () C:\Windows\system32\${LOGFILE}
2014-08-21 00:04 - 2014-08-21 00:04 - 00139488 _____ () C:\Windows\system32\XMLOperations.xml
2014-08-20 12:01 - 2014-08-23 11:31 - 00001799 _____ () C:\Users\Hilary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-20 12:01 - 2014-08-23 11:31 - 00001769 _____ () C:\Users\Hilary\Desktop\Search.lnk
2014-08-14 19:16 - 2014-06-26 23:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 19:16 - 2014-06-26 23:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 19:16 - 2014-06-26 23:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 19:15 - 2014-06-06 05:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 23:45 - 2014-07-25 05:26 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 23:45 - 2014-07-25 03:53 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 23:45 - 2014-07-24 19:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 23:45 - 2014-07-24 18:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 23:45 - 2014-07-24 18:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 23:45 - 2014-07-24 18:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 23:45 - 2014-07-24 18:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 23:45 - 2014-07-24 18:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 23:45 - 2014-07-24 18:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-13 23:45 - 2014-07-24 18:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 23:45 - 2014-07-24 18:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 23:45 - 2014-07-24 18:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 23:45 - 2014-07-24 18:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 23:45 - 2014-07-24 18:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 23:45 - 2014-07-24 18:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 23:45 - 2014-07-24 18:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 23:45 - 2014-07-24 18:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 23:45 - 2014-07-24 18:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 23:45 - 2014-07-24 18:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 23:45 - 2014-07-24 18:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-13 23:45 - 2014-07-24 18:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-13 23:45 - 2014-07-24 18:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-13 23:45 - 2014-07-24 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 23:45 - 2014-07-08 01:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 23:45 - 2014-06-14 01:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 23:45 - 2014-06-14 01:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 23:45 - 2014-06-02 11:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 23:45 - 2014-06-02 11:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 23:45 - 2014-06-02 11:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 23:45 - 2014-06-02 11:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-13 23:45 - 2014-06-02 09:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 23:26 - 2014-08-13 23:26 - 00000000 ____D () C:\ProgramData\Kromtech
2014-08-12 19:46 - 2014-08-12 19:46 - 00000000 ____D () C:\Users\Hilary\2014-08-12 Fred Snr with Fred Junior
2014-08-08 23:34 - 2014-08-08 23:43 - 00000000 ____D () C:\Users\Hilary\2014-08-08
2014-08-06 22:43 - 2014-08-06 22:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-06 22:43 - 2014-08-06 22:42 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-06 22:42 - 2014-08-06 22:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-06 22:42 - 2014-08-06 22:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-06 22:42 - 2014-08-06 22:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-06 22:42 - 2014-08-06 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 22:42 - 2014-08-06 22:42 - 00000000 ____D () C:\Program Files\Java
2014-08-06 22:33 - 2014-08-06 22:33 - 00000374 _____ () C:\Users\Hilary\AppData\Roaming\WindApp.installation.log
2014-08-06 22:32 - 2014-08-06 22:33 - 00009060 _____ () C:\Users\Hilary\AppData\Roaming\Bubble Dock.installation.log
2014-08-06 22:32 - 2014-08-06 22:32 - 00000097 _____ () C:\Users\Hilary\AppData\Roaming\WindApp.boostrap.log
2014-08-01 18:21 - 2014-08-20 11:10 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 13:29 - 2014-08-24 13:26 - 00017433 _____ () C:\Users\Hilary\Downloads\FRST.txt
2014-08-24 13:29 - 2009-07-01 05:13 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-24 13:27 - 2008-07-19 15:55 - 01739811 _____ () C:\Windows\WindowsUpdate.log
2014-08-24 13:26 - 2014-08-24 13:00 - 00000000 ____D () C:\FRST
2014-08-24 13:24 - 2009-07-01 05:13 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-24 13:23 - 2008-01-21 03:47 - 00649828 _____ () C:\Windows\PFRO.log
2014-08-24 13:23 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-24 13:23 - 2006-11-02 13:47 - 00430504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-24 13:23 - 2006-11-02 13:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-24 13:23 - 2006-11-02 13:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-24 13:22 - 2006-11-02 14:01 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-24 13:21 - 2014-08-24 13:13 - 00000000 ____D () C:\AdwCleaner
2014-08-24 13:15 - 2011-09-04 18:06 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3207182459-3137103681-3292432866-1001UA.job
2014-08-24 13:05 - 2014-08-24 13:00 - 00602112 _____ (OldTimer Tools) C:\Users\Hilary\Downloads\OTL.exe
2014-08-24 13:05 - 2012-04-01 18:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-24 13:01 - 2014-08-24 13:01 - 00000000 ____D () C:\_OTL
2014-08-24 13:00 - 2014-08-24 12:59 - 01095168 _____ (Farbar) C:\Users\Hilary\Downloads\FRST (1).exe
2014-08-24 12:59 - 2014-08-24 12:59 - 01095168 _____ (Farbar) C:\Users\Hilary\Downloads\FRST.exe
2014-08-24 12:58 - 2014-08-24 12:58 - 01364531 _____ () C:\Users\Hilary\Downloads\AdwCleaner.exe
2014-08-24 12:55 - 2008-07-23 09:47 - 00119416 _____ () C:\Users\Hilary\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-23 23:48 - 2008-07-22 19:48 - 00000000 ____D () C:\Users\Hilary\Documents\Word Docs
2014-08-23 19:20 - 2014-08-23 18:34 - 00001228 _____ () C:\Users\Hilary\Desktop\Tim1.txt
2014-08-23 18:37 - 2014-08-23 12:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-23 14:15 - 2011-09-04 18:06 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3207182459-3137103681-3292432866-1001Core.job
2014-08-23 12:37 - 2014-08-23 12:37 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-23 12:37 - 2014-08-23 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-23 12:37 - 2014-08-23 12:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-23 12:36 - 2014-08-23 12:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-23 12:31 - 2006-11-02 11:33 - 00006568 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-23 12:30 - 2006-11-02 13:52 - 00071611 _____ () C:\Windows\setupact.log
2014-08-23 11:31 - 2014-08-20 12:01 - 00001799 _____ () C:\Users\Hilary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-23 11:31 - 2014-08-20 12:01 - 00001769 _____ () C:\Users\Hilary\Desktop\Search.lnk
2014-08-23 11:31 - 2012-11-30 10:18 - 00001933 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-23 11:31 - 2008-07-23 09:47 - 00000911 _____ () C:\Users\Hilary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-23 11:31 - 2008-07-19 14:59 - 00001623 _____ () C:\Users\Public\Desktop\t.lnk
2014-08-23 11:27 - 2014-08-23 11:26 - 00001666 _____ () C:\Windows\system32\${LOGFILE}
2014-08-23 11:27 - 2008-07-19 15:04 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-08-21 00:04 - 2014-08-21 00:04 - 00139488 _____ () C:\Windows\system32\XMLOperations.xml
2014-08-20 11:10 - 2014-08-01 18:21 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-08-20 10:32 - 2011-09-11 16:13 - 00002054 _____ () C:\Users\Freddie\Desktop\Google Chrome.lnk
2014-08-15 19:32 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-14 21:03 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-08-14 19:26 - 2008-07-23 10:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 19:24 - 2013-08-14 19:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 19:18 - 2006-11-02 11:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-14 01:09 - 2008-07-23 10:42 - 00000082 _____ () C:\Windows\MPLAYER.INI
2014-08-14 01:09 - 2006-11-02 11:23 - 00000250 _____ () C:\Windows\win.ini
2014-08-14 01:08 - 2008-07-22 19:45 - 00000000 ____D () C:\Users\Hilary\Documents\Family Trees
2014-08-13 23:26 - 2014-08-13 23:26 - 00000000 ____D () C:\ProgramData\Kromtech
2014-08-12 19:46 - 2014-08-12 19:46 - 00000000 ____D () C:\Users\Hilary\2014-08-12 Fred Snr with Fred Junior
2014-08-12 19:46 - 2008-07-23 09:46 - 00000000 ____D () C:\Users\Hilary
2014-08-10 20:24 - 2008-07-27 15:10 - 00000000 ____D () C:\Users\Freddie\AppData\Local\Google
2014-08-10 20:16 - 2013-08-13 17:51 - 00001280 _____ () C:\Users\Freddie\Desktop\Clean Registry for Free!.lnk
2014-08-08 23:43 - 2014-08-08 23:34 - 00000000 ____D () C:\Users\Hilary\2014-08-08
2014-08-06 22:43 - 2014-08-06 22:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-06 22:42 - 2014-08-06 22:43 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-06 22:42 - 2014-08-06 22:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-06 22:42 - 2014-08-06 22:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-06 22:42 - 2014-08-06 22:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-06 22:42 - 2014-08-06 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 22:42 - 2014-08-06 22:42 - 00000000 ____D () C:\Program Files\Java
2014-08-06 22:33 - 2014-08-06 22:33 - 00000374 _____ () C:\Users\Hilary\AppData\Roaming\WindApp.installation.log
2014-08-06 22:33 - 2014-08-06 22:32 - 00009060 _____ () C:\Users\Hilary\AppData\Roaming\Bubble Dock.installation.log
2014-08-06 22:32 - 2014-08-06 22:32 - 00000097 _____ () C:\Users\Hilary\AppData\Roaming\WindApp.boostrap.log
2014-08-04 22:30 - 2012-08-21 01:46 - 00000000 ____D () C:\Users\Hilary\AppData\Local\Deployment
2014-08-01 17:15 - 2008-07-23 14:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 05:26 - 2014-08-13 23:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-25 03:53 - 2014-08-13 23:45 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3207182459-3137103681-3292432866-1000\$5824b0f283b9b1f34b60d626b57aa38c

Files to move or delete:
====================
C:\Users\Freddie\jagex_runescape_preferences.dat
C:\Users\Freddie\jagex_runescape_preferences2.dat
C:\Users\Public\RemoveSGP0.exe

Some content of TEMP:
====================
C:\Users\Hilary\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-24 13:30

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-08-2014 01
Ran by Hilary at 2014-08-24 13:31:03
Running from C:\Users\Hilary\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 8.1.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.2.602 - Adobe Systems, Inc.)
BBC iPlayer Desktop (HKLM\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.15 - British Broadcasting Corp.)
BBC iPlayer Desktop (Version: 3.2.15 - British Broadcasting Corp.) Hidden
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell AIO Printer A940 (HKLM\...\Dell AIO Printer A940) (Version:  - Dell, Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Family History Resource File Viewer 3.0 (HKLM\...\{9D25E39B-C68A-4D38-B231-6AA2B43F16D7}) (Version: 3.0.2.0000 - The Church of Jesus Christ of Latter-day Saints)
Family Tree Maker 2006 (HKLM\...\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}) (Version:  - )
FTMVistaUpdater (HKLM\...\{EE295D30-A10C-44F6-B14C-05E0D99429E4}) (Version: 1.0.0 - Family Tree Maker)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)
Intel® PRO Network Connections 12.1.11.0 (Version:  - Intel) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
LDC Driving Test Complete (HKLM\...\LDC Driving Test Complete3.5) (Version: 3.5 - Teaching Driving Ltd)
Lizardtech DjVu Control (HKLM\...\{105CFC7C-6992-11D5-BD9D-000102C10FD8}) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (HKLM\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Flight Simulator X (Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Office 2007 Help Tab (HKLM\...\{0533A3FE-9EBF-498E-91A8-F6B717441B18}) (Version: 1.0.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NBI Second Edition (HKLM\...\NBI Second Edition) (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Activation Module (HKLM\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{10E73AE7-88E6-11D1-B85F-444553540000}\InprocServer32 -> C:\Program Files\rfviewer\Support Files\GoBackRf.ocx (The LDS Church)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{1993F72C-F937-11D1-B85F-444553540000}\InprocServer32 -> C:\Program Files\rfviewer\Support Files\GoBackRf.ocx (The LDS Church)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{64288591-1AE5-11D0-97DF-0000C09400C4}\InprocServer32 -> C:\Windows\system32\SPLITTER.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{7EBDAAE0-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{7EBDAAE1-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{7EBDAAE2-8120-11CF-899F-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msstkprp.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{9F9ACF42-1ACF-11D0-97DF-0000C09400C4}\InprocServer32 -> C:\Windows\system32\SPLITTER.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\Hilary\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\Windows\system32\MSVBVM60.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{F7BA9F14-0A5D-11D0-97C9-0000C09400C4}\InprocServer32 -> C:\Windows\system32\SPLITTER.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3207182459-3137103681-3292432866-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)

==================== Restore Points  =========================

02-08-2014 11:47:28 Scheduled Checkpoint
03-08-2014 08:05:26 Scheduled Checkpoint
04-08-2014 12:38:31 Scheduled Checkpoint
05-08-2014 15:32:10 Windows Update
06-08-2014 14:37:45 Scheduled Checkpoint
09-08-2014 10:06:40 Windows Update
13-08-2014 09:41:24 Windows Update
14-08-2014 18:00:54 Windows Update
18-08-2014 21:58:27 Windows Update
23-08-2014 09:36:35 Windows Update
23-08-2014 10:31:35 Removed LPT System Updater Service
23-08-2014 10:36:27 Removed SafeFinder Smartbar
23-08-2014 22:46:33 Scheduled Checkpoint
24-08-2014 11:37:33 OTL Restore Point - 24/08/2014 12:37:33
24-08-2014 12:01:12 OTL Restore Point - 24/08/2014 13:01:12

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2014-08-24 13:01 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08F968FE-1DEF-41D5-AD77-DE803EC27736} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {1371250F-B884-4B4B-A6E3-AA17451FD743} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-03] (Google Inc.)
Task: {175D1766-7C6A-4FD2-8A32-B1E9270B6678} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2390EEE6-ED75-4C95-8778-FE1292BE57E5} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {59754AA7-2AAE-44A5-A3F1-4CD9E04F9B4D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3207182459-3137103681-3292432866-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {7AD3E74C-0B45-4845-8030-3EB2A9624B69} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3207182459-3137103681-3292432866-1001Core => C:\Users\Freddie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-09] (Google Inc.)
Task: {7D5AC455-3693-4FAA-89B4-B22A8FB71D64} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-03] (Google Inc.)
Task: {7D791ADB-CE1D-46A9-A32D-9992CBC60B80} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3207182459-3137103681-3292432866-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {7E636C7D-BB2B-45CD-BA85-F3F91AC680F9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3207182459-3137103681-3292432866-1001UA => C:\Users\Freddie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-09] (Google Inc.)
Task: {8E66C6D4-915C-48A3-8CA2-8472E995EF37} - System32\Tasks\GoogleUpdateTaskMachine => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-03] (Google Inc.)
Task: {9B14EE73-FFA0-457D-94B3-207643DE2087} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3207182459-3137103681-3292432866-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A7AC17C9-A287-4ED7-9B85-A4D778BDD3E8} - System32\Tasks\0 => Iexplore.exe
Task: {B09807F5-1A2B-4D49-A2A0-C06684AF4833} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3207182459-3137103681-3292432866-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C35BD25B-53A6-413F-8D0E-1B11ACEEE60B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3207182459-3137103681-3292432866-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F208F818-6FD2-4B87-BB00-DB0B68149CD2} - System32\Tasks\4798 => Wscript.exe C:\Users\Hilary\AppData\Local\Temp\launchie.vbs //B

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3207182459-3137103681-3292432866-1001Core.job => C:\Users\Freddie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3207182459-3137103681-3292432866-1001UA.job => C:\Users\Freddie\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-08-11 21:27 - 2007-02-20 08:27 - 00102400 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dlbapp5c.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2006-11-05 10:28 - 2006-11-05 10:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2006-11-05 10:58 - 2006-11-05 10:58 - 00516096 _____ () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
2008-08-11 21:27 - 2007-03-05 16:57 - 00435696 _____ () C:\Program Files\Dell AIO Printer A940\DLBAmon.exe
2007-04-15 22:56 - 2007-04-15 22:56 - 00389120 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\adobexmp.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Freddie\Documents\386017_10150374591592672_614452671_8397427_1284528693_n.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Freddie\Documents\Downloads:Roxio EMC Stream
AlternateDataStreams: C:\Users\Freddie\Documents\Electronic Arts:Roxio EMC Stream
AlternateDataStreams: C:\Users\Freddie\Documents\LDW:Roxio EMC Stream
AlternateDataStreams: C:\Users\Freddie\Documents\My Received Files:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Hilary^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: EA Core => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: iMesh => "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" --lightmode
MSCONFIG\startupreg: Safer-Surf => C:\Program Files\ver0Safer-Surf\Safer-Surf.exe
MSCONFIG\startupreg: TalkTalk => "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
MSCONFIG\startupreg: TelevisionFanatic Browser Plugin Loader => C:\PROGRA~1\TELEVI~2\bar\1.bin\64brmon.exe
MSCONFIG\startupreg: TelevisionFanatic Search Scope Monitor => "C:\PROGRA~1\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: WindApp => "C:\Users\Hilary\AppData\Roaming\Store\WindApp\WindApp Update.exe" /winstartup

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/24/2014 01:25:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 9.0.8112.16563 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 3e8
Start Time: 01cfbf965cd5f7db
Termination Time: 15

Error: (08/24/2014 01:24:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/24/2014 01:11:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/24/2014 01:04:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application OTL.exe, version 3.2.69.0, time stamp 0x2a425e19, faulting module RPCRT4.dll, version 6.0.6002.18882, time stamp 0x51dd2d9c, exception code 0xc0000005, fault offset 0x000afaf5,
process id 0x1684, application start time 0xOTL.exe0.

Error: (08/24/2014 00:55:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/24/2014 00:52:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/24/2014 00:49:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application OTL.exe, version 3.2.69.0, time stamp 0x2a425e19, faulting module RPCRT4.dll, version 6.0.6002.18882, time stamp 0x51dd2d9c, exception code 0xc0000005, fault offset 0x000afaf5,
process id 0x107c, application start time 0xOTL.exe0.

Error: (08/24/2014 00:35:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 9.0.8112.16563 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: d28
Start Time: 01cfbf6d5e0f0286
Termination Time: 47

Error: (08/24/2014 08:25:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/24/2014 00:32:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (08/24/2014 01:24:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: netfilter

Error: (08/24/2014 01:11:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: netfilter

Error: (08/24/2014 00:55:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: netfilter

Error: (08/24/2014 00:52:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: netfilter

Error: (08/23/2014 08:32:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (08/23/2014 06:39:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate1c99c334269bfd8)%%1053

Error: (08/23/2014 06:39:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Google Update Service (gupdate1c99c334269bfd8)

Error: (08/23/2014 11:47:52 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (08/23/2014 11:42:26 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:40:47 on 23/08/2014 was unexpected.

Error: (08/23/2014 11:36:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: RBClientService1150001Restart the service

Microsoft Office Sessions:
=========================
Error: (05/16/2014 01:01:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14936 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (02/15/2014 09:51:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16745 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/16/2013 02:44:07 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4272 seconds with 1200 seconds of active time.  This session ended with a crash.

Error: (10/06/2013 01:26:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 393 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (07/07/2012 11:48:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 38199 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (01/02/2012 00:57:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 45457 seconds with 780 seconds of active time.  This session ended with a crash.

Error: (08/09/2010 09:44:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6886 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (10/03/2009 00:29:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1280 seconds with 1140 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-08-24 13:30:27.213
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-24 13:30:26.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-24 13:30:25.809
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-24 13:30:25.076
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-24 13:30:24.156
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-24 13:30:23.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-24 13:30:22.752
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-24 13:30:22.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-23 19:28:54.745
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-23 19:28:54.121
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 57%
Total physical RAM: 2036.45 MB
Available physical RAM: 860.02 MB
Total Pagefile: 4320.16 MB
Available Pagefile: 2962.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.56 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:138.94 GB) (Free:49.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: E0000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=138.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#5
Essexboy
Posted 24 August 2014 - 06:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The OTL freeze was probably due to the amount of temp files, it cleared over 1.5 Gb of data there

Looking better now but still some to remove. How is the computer behaving ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicyUsers\S-1-5-21-3207182459-3137103681-3292432866-1001\User: Group Policy restriction detected <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://inboxtoolbar....aspx?tbid=80150
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://inboxtoolbar....aspx?tbid=80150
CHR DefaultSearchURL: http://feed.safefind...q={searchTerms}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (avast! Online Security) - C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-28]
C:\$Recycle.Bin\S-1-5-21-3207182459-3137103681-3292432866-1000\$5824b0f283b9b1f34b60d626b57aa38c
C:\Users\Freddie\jagex_runescape_preferences.dat
C:\Users\Freddie\jagex_runescape_preferences2.dat
C:\Users\Public\RemoveSGP0.exe
Task: {175D1766-7C6A-4FD2-8A32-B1E9270B6678} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Program Files\AVAST Software
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {A7AC17C9-A287-4ED7-9B85-A4D778BDD3E8} - System32\Tasks\0 => Iexplore.exe
Task: {F208F818-6FD2-4B87-BB00-DB0B68149CD2} - System32\Tasks\4798 => Wscript.exe C:\Users\Hilary\AppData\Local\Temp\launchie.vbs //B
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

Reference an Antivirus I would recommend Avast as it is the one I use and can assist in setting up. There is also AVG and Avira, let me know which you would like
  • 0

#6
hdb
Posted 25 August 2014 - 09:00 AM

hdb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Hi again, I've installed Avast (free version) now.  Here's the log you requested.  Computer is running much better, stil a little slow at times (boot up and boot down and opening IE) but it is a fairly old system.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:24-08-2014 01
Ran by Hilary at 2014-08-25 14:59:16 Run:1
Running from C:\Users\Hilary\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicyUsers\S-1-5-21-3207182459-3137103681-3292432866-1001\User: Group Policy restriction detected <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://inboxtoolbar....aspx?tbid=80150
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://inboxtoolbar....aspx?tbid=80150
CHR DefaultSearchURL: http://feed.safefind...q={searchTerms}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (avast! Online Security) - C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-28]
C:\$Recycle.Bin\S-1-5-21-3207182459-3137103681-3292432866-1000\$5824b0f283b9b1f34b60d626b57aa38c
C:\Users\Freddie\jagex_runescape_preferences.dat
C:\Users\Freddie\jagex_runescape_preferences2.dat
C:\Users\Public\RemoveSGP0.exe
Task: {175D1766-7C6A-4FD2-8A32-B1E9270B6678} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Program Files\AVAST Software
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {A7AC17C9-A287-4ED7-9B85-A4D778BDD3E8} - System32\Tasks\0 => Iexplore.exe
Task: {F208F818-6FD2-4B87-BB00-DB0B68149CD2} - System32\Tasks\4798 => Wscript.exe C:\Users\Hilary\AppData\Local\Temp\launchie.vbs //B
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3207182459-3137103681-3292432866-1001\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\SearchAssistant => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\CustomizeSearch => value deleted successfully.
Chrome DefaultSearchURL deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-3207182459-3137103681-3292432866-1000\$5824b0f283b9b1f34b60d626b57aa38c => Directory moved successfully.
C:\Users\Freddie\jagex_runescape_preferences.dat => Moved successfully.
C:\Users\Freddie\jagex_runescape_preferences2.dat => Moved successfully.
C:\Users\Public\RemoveSGP0.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{175D1766-7C6A-4FD2-8A32-B1E9270B6678}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{175D1766-7C6A-4FD2-8A32-B1E9270B6678}" => Key deleted successfully.
C:\Windows\System32\Tasks\avast! Emergency Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update" => Key deleted successfully.
"C:\Program Files\AVAST Software" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7AC17C9-A287-4ED7-9B85-A4D778BDD3E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7AC17C9-A287-4ED7-9B85-A4D778BDD3E8}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F208F818-6FD2-4B87-BB00-DB0B68149CD2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F208F818-6FD2-4B87-BB00-DB0B68149CD2}" => Key deleted successfully.
C:\Windows\System32\Tasks\4798 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4798" => Key deleted successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

{1813A45A-6E91-4E06-93D0-C3409061AB32} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 2.1 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====


  • 0

#7
Essexboy
Posted 25 August 2014 - 09:47 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Vista does have a bit of a reputation for slowing down after a while

I would recommend a hard drive defragmentation to see if that helps any

Also if need be I can give instructions for using xbootmgr to reduce your startup times http://www.msfn.org/...a-or-windows-7/


Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#8
Essexboy
Posted 27 August 2014 - 03:11 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP