Hi, I'm helping a relative with their system which could not connect at all to the internet. After investigation I found that there was actually an internet
connection (could ping various sites) and the problem was with the browsers (both IE and Chrome couldn't show any webpage, nor the router homepage either).
I started by removing a lot (10-15) unwanted programs via Control Panel. Things like Optimize Pro, various toolbars, system cleaners and anything else that
looked dodgy and I didn't recognise. This helped a lot and I was then able to connect to the internet. I also removed several unwanted search engine configs
from within IE and changed the homepage back to google (it had been hijacked to something else).
I continued by downloading the free trial version of Malwarebytes Anti-Malware and ran a full scan including root kits. It found a ton of bad stuff (over 700
items) which I fixed and quarantined. Sadly it kept crashing when saving the log so I just fixed the errors without saving a log. The system is running much better now, but I wanted your help to check it thoroughly any case any nasties are still hanging around. I've run OTL and paste the logs below.
Thanks in advance!
OTL logfile created on: 23/08/2014 19:25:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hilary\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.40% Memory free
4.22 Gb Paging File | 3.11 Gb Available in Paging File | 73.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.94 Gb Total Space | 48.00 Gb Free Space | 34.55% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.94 Gb Free Space | 59.45% Space Free | Partition Type: NTFS
Computer Name: HILARY-PC | User Name: Hilary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/08/23 12:17:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hilary\Desktop\OTL.exe
PRC - [2014/08/01 18:23:19 | 000,543,232 | ---- | M] () -- C:\Program Files\005\cyycfhtzro32.exe
PRC - [2014/07/31 21:20:42 | 000,150,528 | ---- | M] () -- C:\Program Files\60DFCCEC-70F7-413B-8AA4-F82B76E1EB9F\etmajyzoqm.exe
PRC - [2014/03/26 21:14:49 | 000,309,704 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/09/13 01:46:58 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2013/08/14 15:19:56 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/05/14 10:03:20 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/05 16:57:30 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbacoms.exe
PRC - [2007/03/05 16:57:16 | 000,435,696 | ---- | M] () -- C:\Program Files\Dell AIO Printer A940\DLBAmon.exe
PRC - [2006/11/05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/02 13:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
========== Modules (No Company Name) ==========
MOD - [2007/03/05 16:57:16 | 000,435,696 | ---- | M] () -- C:\Program Files\Dell AIO Printer A940\DLBAmon.exe
MOD - [2006/11/05 10:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 10:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\Windows\System32\LEXBCES.EXE -- (LexBceS)
SRV - [2014/07/09 23:05:17 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 16:57:30 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbacoms.exe -- (dlba_device)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\xelmutfv.sys -- (xelmutfv)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vumexiim.sys -- (vumexiim)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vptvqoso.sys -- (vptvqoso)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vboqrgom.sys -- (vboqrgom)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\uixfiulj.sys -- (uixfiulj)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\sxmdndos.sys -- (sxmdndos)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\skbaqiyb.sys -- (skbaqiyb)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qwqeerwf.sys -- (qwqeerwf)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qdcobhbt.sys -- (qdcobhbt)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\pvypmauo.sys -- (pvypmauo)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\orvqgttq.sys -- (orvqgttq)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\odnnqtgy.sys -- (odnnqtgy)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nzkmecot.sys -- (nzkmecot)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nagakxhf.sys -- (nagakxhf)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lsdrogei.sys -- (lsdrogei)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lfxdgvkz.sys -- (lfxdgvkz)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lcuqnixc.sys -- (lcuqnixc)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ksveguat.sys -- (ksveguat)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\kdejfrjs.sys -- (kdejfrjs)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hxscnvsk.sys -- (hxscnvsk)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\heiosjxs.sys -- (heiosjxs)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\fpbgoyvy.sys -- (fpbgoyvy)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\foazpmva.sys -- (foazpmva)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\fhqbmfjv.sys -- (fhqbmfjv)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\eotdmpkj.sys -- (eotdmpkj)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\eikmtwri.sys -- (eikmtwri)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\edyaqciv.sys -- (edyaqciv)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\edxxxclv.sys -- (edxxxclv)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\cpzvszvp.sys -- (cpzvszvp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\bmsjvacq.sys -- (bmsjvacq)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\blmrmocs.sys -- (blmrmocs)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\aovubnyc.sys -- (aovubnyc)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\akehetmj.sys -- (akehetmj)
DRV - [2014/08/23 18:37:58 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/07/31 21:20:42 | 000,047,488 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\System32\drivers\netfilter.sys -- (netfilter)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2007/05/21 12:35:14 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.tb.ask...or={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUK
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...&p={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2830576
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=2080719
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.c...w=%s&tbid=60195
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\URLSearchHook: {4c60e5ab-5c68-4c59-abaa-885010b24b32} - No CLSID value found
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - No CLSID value found
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.c...rms}&tbid=60195
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}: "URL" = http://search.alot.c...rsion=2.4.4.414
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://inboxtoolbar....id=80150&lng=en
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{ECA5A14E-416F-473C-BF09-C4EBF2CD7CB8}: "URL" = http://www.fastbrows...AA-74C2D19A5434}
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49686;https=127.0.0.1:49686
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=2080719
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://inboxtoolbar....tb_id&%language
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.g...smb&ibd=2080719
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - No CLSID value found
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}: "URL" = http://search.alot.c...rsion=2.4.4.414
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://inboxtoolbar....id=80150&lng=en
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{ECA5A14E-416F-473C-BF09-C4EBF2CD7CB8}: "URL" = http://www.fastbrows...AA-74C2D19A5434}
IE - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/13 01:48:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/13 01:48:58 | 000,000,000 | ---D | M]
[2011/05/12 21:09:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Webpage Screenshot Bar = C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\akgpcdalpfphjmfifkmfbpdmgdmeeaeo\184\
CHR - Extension: YouTube = C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2021.112_0\
CHR - Extension: RealDownloader = C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google Wallet = C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Hilary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\..\Toolbar\WebBrowser: (no name) - {EECBB8D2-B448-4B01-A402-969E4D5847E5} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\..\Toolbar\WebBrowser: (no name) - {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\..\Toolbar\WebBrowser: (no name) - {F5046A39-68F3-4732-995F-EB2EA26D93FB} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\..\Toolbar\WebBrowser: (no name) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {DA7A20CF-BEF4-4342-AD78-0240FDF87055} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {EECBB8D2-B448-4B01-A402-969E4D5847E5} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {F5046A39-68F3-4732-995F-EB2EA26D93FB} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No CLSID value found.
O3 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\d748a8eb-249d-45df-94be-4c3f146eb0f6.exe /check File not found
O4 - HKLM..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" File not found
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [dlbamon.exe] C:\Program Files\Dell AIO Printer A940\dlbamon.exe ()
O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe File not found
O4 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Freddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Users\Freddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-3207182459-3137103681-3292432866-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_60)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1948A7C4-9CD6-4EE0-AE34-5A824B23E3E0}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hilary\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hilary\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/08/23 19:17:42 | 001,094,656 | ---- | C] (Farbar) -- C:\Users\Hilary\Desktop\FRST.exe
[2014/08/23 19:17:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hilary\Desktop\OTL.exe
[2014/08/23 12:37:21 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/08/23 12:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/08/23 12:36:57 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/08/23 12:36:57 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/08/23 12:36:57 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/08/23 12:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/08/23 12:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/08/23 12:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\saVVinoshoop
[2014/08/23 12:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\a6c8f175e9040f28
[2014/08/23 12:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\saVVinoshoop
[2014/08/23 11:32:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/08/23 11:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\predm
[2014/08/13 23:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Kromtech
[2014/08/12 19:46:46 | 000,000,000 | ---D | C] -- C:\Users\Hilary\2014-08-12 Fred Snr with Fred Junior
[2014/08/08 23:34:22 | 000,000,000 | ---D | C] -- C:\Users\Hilary\2014-08-08
[2014/08/06 22:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/08/06 22:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/06 22:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/08/06 22:34:56 | 000,000,000 | ---D | C] -- C:\Users\Hilary\AppData\Roaming\systweak
[2014/08/06 22:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2014/08/06 22:33:21 | 000,000,000 | ---D | C] -- C:\Users\Hilary\AppData\Roaming\Store
[2014/08/06 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\Hilary\AppData\Roaming\Nosibay
[2014/08/06 22:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginServices
[2014/08/06 22:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\SupTab
[2014/08/06 22:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsMangerProtect
[2014/08/01 19:59:00 | 000,000,000 | ---D | C] -- C:\Users\Hilary\AppData\Local\BrowserSafeguard
[2014/08/01 18:29:50 | 000,000,000 | ---D | C] -- C:\Users\Hilary\Documents\Optimizer Pro
[2014/08/01 18:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\AllDaySavings
[2014/08/01 18:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\60DFCCEC-70F7-413B-8AA4-F82B76E1EB9F
[2014/08/01 18:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\005
[2014/08/01 18:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2014/07/31 21:20:42 | 000,047,488 | ---- | C] (NetFilterSDK.com) -- C:\Windows\System32\drivers\netfilter.sys
[3 C:\Users\Hilary\Documents\*.tmp files -> C:\Users\Hilary\Documents\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/08/23 19:29:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/23 19:15:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3207182459-3137103681-3292432866-1001UA.job
[2014/08/23 19:05:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/23 18:37:58 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/08/23 18:36:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/23 18:36:07 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/23 18:36:07 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/23 18:36:02 | 000,430,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/08/23 18:35:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/23 18:35:47 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/23 14:15:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3207182459-3137103681-3292432866-1001Core.job
[2014/08/23 12:37:10 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/23 12:31:44 | 011,112,998 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/08/23 12:31:44 | 005,454,510 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/08/23 12:17:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hilary\Desktop\OTL.exe
[2014/08/23 12:16:12 | 001,094,656 | ---- | M] (Farbar) -- C:\Users\Hilary\Desktop\FRST.exe
[2014/08/23 11:39:32 | 000,001,114 | ---- | M] () -- C:\Users\Hilary\Desktop\Live PC Help.lnk
[2014/08/23 11:31:02 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/23 11:31:02 | 000,001,769 | ---- | M] () -- C:\Users\Hilary\Desktop\Search.lnk
[2014/08/23 11:31:02 | 000,001,623 | ---- | M] () -- C:\Users\Public\Desktop\t.lnk
[2014/08/23 11:30:58 | 000,001,957 | ---- | M] () -- C:\Users\Hilary\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/08/23 11:30:58 | 000,001,793 | ---- | M] () -- C:\Users\Hilary\Application Data\Microsoft\Internet Explorer\Quick Launch\Search.lnk
[2014/08/23 11:30:58 | 000,000,905 | ---- | M] () -- C:\Users\Hilary\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/08/23 11:28:34 | 000,000,889 | ---- | M] () -- C:\Users\Hilary\Desktop\Continue Live Installation.lnk
[2014/08/23 11:27:07 | 000,001,666 | ---- | M] () -- C:\Windows\System32\${LOGFILE}
[2014/08/21 00:04:58 | 000,139,488 | ---- | M] () -- C:\Windows\System32\XMLOperations.xml
[2014/08/20 11:10:41 | 000,018,872 | ---- | M] () -- C:\Windows\System32\drivers\SPPD.sys
[2014/08/14 01:09:48 | 000,000,082 | ---- | M] () -- C:\Windows\MPLAYER.INI
[2014/08/05 19:14:10 | 000,018,280 | ---- | M] () -- C:\Windows\System32\roboot.exe
[2014/07/31 21:20:42 | 000,047,488 | ---- | M] (NetFilterSDK.com) -- C:\Windows\System32\drivers\netfilter.sys
[3 C:\Users\Hilary\Documents\*.tmp files -> C:\Users\Hilary\Documents\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/08/23 12:37:10 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/23 12:32:28 | 000,196,992 | ---- | C] () -- C:\Program Files\65res.dll
[2014/08/23 11:39:32 | 000,001,114 | ---- | C] () -- C:\Users\Hilary\Desktop\Live PC Help.lnk
[2014/08/23 11:26:50 | 000,001,666 | ---- | C] () -- C:\Windows\System32\${LOGFILE}
[2014/08/21 00:04:58 | 000,139,488 | ---- | C] () -- C:\Windows\System32\XMLOperations.xml
[2014/08/20 12:01:31 | 000,001,799 | ---- | C] () -- C:\Users\Hilary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2014/08/20 12:01:31 | 000,001,793 | ---- | C] () -- C:\Users\Hilary\Application Data\Microsoft\Internet Explorer\Quick Launch\Search.lnk
[2014/08/20 12:01:30 | 000,001,769 | ---- | C] () -- C:\Users\Hilary\Desktop\Search.lnk
[2014/08/07 09:35:44 | 000,000,889 | ---- | C] () -- C:\Users\Hilary\Desktop\Continue Live Installation.lnk
[2014/08/01 18:21:37 | 000,018,872 | ---- | C] () -- C:\Windows\System32\drivers\SPPD.sys
[2013/08/04 11:23:41 | 000,018,280 | ---- | C] () -- C:\Windows\System32\roboot.exe
[2011/08/28 18:13:00 | 000,000,000 | ---- | C] () -- C:\Users\Hilary\AppData\Local\{241BA565-FF54-43DE-8375-635FDF00606D}
[2011/08/28 08:50:31 | 000,000,000 | ---- | C] () -- C:\Users\Hilary\AppData\Local\{78F80A1E-B1CD-4AB4-A608-5407DE546126}
[2011/08/26 21:22:22 | 000,000,000 | ---- | C] () -- C:\Users\Hilary\AppData\Local\{5A4016F7-34AD-4090-93F1-18D43AB0B958}
[2011/07/04 11:37:39 | 000,000,000 | ---- | C] () -- C:\Users\Hilary\AppData\Local\{9087D3F3-8EB3-49ED-B192-3FBA587B1E90}
[2011/07/03 17:35:10 | 000,000,000 | ---- | C] () -- C:\Users\Hilary\AppData\Local\{DBCFDFA1-FD11-4F0A-BF2D-45BBFF5118A6}
[2011/07/03 17:35:10 | 000,000,000 | ---- | C] () -- C:\Users\Hilary\AppData\Local\{B60FB86A-C8F6-4797-B9D5-4CEC758822D9}
[2011/05/08 17:42:21 | 000,000,632 | RHS- | C] () -- C:\Users\Hilary\ntuser.pol
[2009/10/19 20:57:21 | 000,001,356 | ---- | C] () -- C:\Users\Hilary\AppData\Local\d3d9caps.dat
[2009/04/15 18:00:09 | 025,262,434 | ---- | C] () -- C:\Users\Hilary\15-04-2009 17;56;00.pdf
[2008/07/23 12:38:32 | 000,006,144 | ---- | C] () -- C:\Users\Hilary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 14:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2009/05/10 16:57:20 | 000,000,000 | ---D | M] -- C:\Users\Freddie\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/10/16 21:54:11 | 000,000,000 | ---D | M] -- C:\Users\Freddie\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/22 17:28:52 | 000,000,000 | ---D | M] -- C:\Users\Freddie\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2010/12/12 16:20:56 | 000,000,000 | ---D | M] -- C:\Users\Freddie\AppData\Roaming\Exent Technologies
[2011/01/01 16:22:46 | 000,000,000 | ---D | M] -- C:\Users\Freddie\AppData\Roaming\Kalydo
[2012/07/15 15:29:36 | 000,000,000 | ---D | M] -- C:\Users\Freddie\AppData\Roaming\MusicNet
[2008/10/19 14:27:03 | 000,000,000 | ---D | M] -- C:\Users\Freddie\AppData\Roaming\PeerNetworking
[2014/08/20 10:10:25 | 000,000,000 | ---D | M] -- C:\Users\Freddie\AppData\Roaming\System Speedup
[2014/08/23 19:18:02 | 000,000,000 | ---D | M] -- C:\Users\Freddie\AppData\Roaming\Systweak
[2014/02/21 12:42:17 | 000,000,000 | ---D | M] -- C:\Users\Hilary\AppData\Roaming\Astro Gemini Software
[2009/04/20 21:47:33 | 000,000,000 | ---D | M] -- C:\Users\Hilary\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/09/03 21:23:48 | 000,000,000 | ---D | M] -- C:\Users\Hilary\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/29 22:08:34 | 000,000,000 | ---D | M] -- C:\Users\Hilary\AppData\Roaming\MusicNet
[2009/01/18 20:19:00 | 000,000,000 | ---D | M] -- C:\Users\Hilary\AppData\Roaming\MyFamily.com
[2014/07/12 16:38:50 | 000,000,000 | ---D | M] -- C:\Users\Hilary\AppData\Roaming\Oracle
[2014/08/23 12:31:22 | 000,000,000 | ---D | M] -- C:\Users\Hilary\AppData\Roaming\Store
[2014/08/23 11:39:30 | 000,000,000 | ---D | M] -- C:\Users\Hilary\AppData\Roaming\systweak
========== Purity Check ==========
< End of report >