View Full Version : win32.downloader.gen malware is on my computer I cant' remove it
countsixty4
2013-12-30, 12:33
Hi
I have tried on several occasions to remove win32.downloader.gen with Spybot in administrator mode, but each time it failed to remove it. Can you help?
I have not downloaded ERUNT as my operating system is Windows 7. I have attached the necessary reports except for the attach.txt as my computer will only zip it with WinRAR.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Peter at 16:57:00 on 2013-12-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4079.2290 [GMT 8:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\Rundll32.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmwj.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
uURLSearchHooks: NCH_EN Toolbar: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
uURLSearchHooks: NCH_EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
mURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
mURLSearchHooks: NCH_EN Toolbar: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
mURLSearchHooks: NCH_EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: NCH_EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll
BHO: NCH_EN Toolbar: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: WiseConvert Toolbar: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
TB: NCH_EN Toolbar: {A87CB3E3-4DB9-439D-B96B-576F5AE8459D} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll
TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
TB: NCH_EN Toolbar: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
TB: NCH_EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [BigPond Connection Client] C:\Program Files (x86)\Telstra\BigPond Connection Client\BigPondCC.exe
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Peter\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LauncherCM205b] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe" /S FX DocuPrint CM205 b
mRun: [DocuPrint CM205b RUN] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe"
mRun: [StatusAuto CM205b Run] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe" RUNSTART
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.0.0.138 10.0.0.138
TCP: Interfaces\{89FA3560-13FB-4846-A7E5-4193B079001D} : DHCPNameServer = 10.0.0.138 10.0.0.138
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]
R0 DLACDBHE;DLACDBHE;C:\Windows\System32\drivers\DLACDBHE.SYS [2011-8-7 18040]
R0 DRVECDB;DRVECDB;C:\Windows\System32\drivers\DRVECDB.SYS [2011-8-7 123992]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-8-7 52856]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-9-25 148792]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 46368]
R1 DLARTL_E;DLARTL_E;C:\Windows\System32\drivers\DLARTL_E.SYS [2011-8-7 41336]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-27 204288]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 DLABMFSE;DLABMFSE;C:\Windows\System32\drivers\DLABMFSE.SYS [2011-8-7 44920]
R2 DLABOIOE;DLABOIOE;C:\Windows\System32\drivers\DLABOIOE.SYS [2011-8-7 42616]
R2 DLADResE;DLADResE;C:\Windows\System32\drivers\DLADResE.SYS [2011-8-7 10232]
R2 DLAIFS_E;DLAIFS_E;C:\Windows\System32\drivers\DLAIFS_E.SYS [2011-8-7 146552]
R2 DLAOPIOE;DLAOPIOE;C:\Windows\System32\drivers\DLAOPIOE.SYS [2011-8-7 35320]
R2 DLAPoolE;DLAPoolE;C:\Windows\System32\drivers\DLAPoolE.SYS [2011-8-7 20088]
R2 DLAUDF_E;DLAUDF_E;C:\Windows\System32\drivers\DLAUDF_E.SYS [2011-8-7 144248]
R2 DLAUDFAE;DLAUDFAE;C:\Windows\System32\drivers\DLAUDFAE.SYS [2011-8-7 136056]
R2 DRVEDDM;DRVEDDM;C:\Windows\System32\drivers\DRVEDDM.SYS [2011-8-7 64120]
R2 FXNADB;FXcnStatutsDatabase;C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe [2010-11-20 86528]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2013-7-18 389896]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-7 1153368]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-3 2655768]
R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [2013-12-9 1771544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-8-3 115216]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-3-7 40832]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-3-7 65280]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-11-1 87040]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
R3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-3 413800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-8-6 1025352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 massfilter;Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2012-1-16 9216]
S3 massfilter_lte;LTE Device Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_LTE.sys [2012-1-16 18456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-7 1255736]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2012-4-25 29288]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2012-4-25 29288]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2012-4-25 29288]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2012-4-25 29288]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2012-4-25 29288]
.
=============== Created Last 30 ================
.
2013-12-29 10:47:40 -------- d-----w- C:\Program Files\Enigma Software Group
2013-12-29 10:35:16 -------- d-----w- C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-12-29 10:35:16 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-12-11 12:07:00 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-11 12:07:00 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 12:06:59 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-11 12:06:59 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 09:26:05 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-11 09:26:05 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-11 09:26:03 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-09 09:11:17 -------- d-----w- C:\Windows\pss
2013-12-03 09:52:16 -------- d-----w- C:\Users\Peter\AppData\Roaming\JLAdventCalendarEdwardian2013
2013-12-03 09:52:13 -------- d-----w- C:\Program Files (x86)\JL Edwardian Advent Calendar
.
==================== Find3M ====================
.
2013-12-11 11:36:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 11:36:26 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-11 05:44:07 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-11-04 13:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 16:57:16.46 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-30 17:08:23
-----------------------------
17:08:23.967 OS Version: Windows x64 6.1.7601 Service Pack 1
17:08:23.967 Number of processors: 4 586 0x2A07
17:08:23.968 ComputerName: PETER-PC UserName: Peter
17:08:26.939 Initialize success
17:12:20.057 AVAST engine defs: 13122900
17:12:22.333 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5
17:12:22.334 Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 3
17:12:22.427 Disk 0 MBR read successfully
17:12:22.428 Disk 0 MBR scan
17:12:22.430 Disk 0 Windows 7 default MBR code
17:12:22.433 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:12:22.437 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
17:12:22.450 Disk 0 scanning C:\Windows\system32\drivers
17:12:32.870 Service scanning
17:12:47.897 Modules scanning
17:12:47.901 Disk 0 trace - called modules:
17:12:47.924 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:12:47.927 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004715060]
17:12:47.929 3 CLASSPNP.SYS[fffff880019bf43f] -> nt!IofCallDriver -> [0xfffffa8004104520]
17:12:47.932 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-5[0xfffffa80040fb060]
17:12:52.689 AVAST engine scan C:\Windows
17:12:54.378 AVAST engine scan C:\Windows\system32
17:14:56.710 AVAST engine scan C:\Windows\system32\drivers
17:15:09.708 AVAST engine scan C:\Users\Peter
17:26:10.537 AVAST engine scan C:\ProgramData
17:28:09.590 Scan finished successfully
17:28:32.173 Disk 0 MBR has been saved successfully to "C:\Users\Peter\Desktop\MBR.dat"
17:28:32.175 The log file has been saved successfully to "C:\Users\Peter\Desktop\aswMBR.txt"
:welcome:
Nothing going on thats very malicious, just some junk toolbars, you have conduit which is related to what Spybot found
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
countsixty4
2014-01-02, 02:34
# AdwCleaner v1.606 - Logfile created 01/02/2014 at 09:33:35
# Updated 10/05/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Peter - PETER-PC
# Running from : C:\Users\Peter\Desktop\adwcleaner-1.606-en.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Peter\AppData\Local\Conduit
Folder Found : C:\Users\Peter\AppData\LocalLow\Conduit
Folder Found : C:\Users\Peter\AppData\LocalLow\PriceGong
Folder Found : C:\ProgramData\APN
Folder Found : C:\Program Files (x86)\Conduit
***** [Registry] *****
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3282495
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
***** [Registre - GUID] *****
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.11.9600.16428
[OK] Registry is clean.
-\\ Google Chrome v31.0.1650.63
File : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found : "description": "The fastest way to search the web.",
*************************
AdwCleaner[R1].txt - [2276 octets] - [02/01/2014 09:16:24]
AdwCleaner[R2].txt - [2221 octets] - [02/01/2014 09:33:35]
########## EOF - C:\AdwCleaner[R2].txt - [2349 octets] ##########
Good Morning,
Thanks for the log. Snow heading my way soon plus got called into work :lip: so take your time with these tools, run them in the order listed, AdwCleaner, Junkware Removal and the follow up with Malwarebytes, let me see the logs for each please, they may not fit all in one reply so take as many replies as you need
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
countsixty4
2014-01-03, 05:46
Hello Ken 545
Thank you so much for your help so far. It sounds as if you have some malware in your life, ie Work & Snow. It is a pleasant 28 degrees here but heading for 37 over the weekend.
Attached are the requested files.
Good Morning,
Looks like Malwarebytes removed AdwCleaner, no big deal , I will have to alert them about this
Lets take a more in depth look at your system and see if anything else needs to be removed, if you can just copy and paste the logs its easier for us to analyze
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
countsixty4
2014-01-04, 12:55
Hi Ken545
When I open my desktop I get the following message box:
Run Dll
There was a problem starting C:\Users\Peter\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
Is this something that needs to be fixed?
OTL logfile created on: 04-Jan-14 7:27:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
3.98 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 66.07% Memory free
7.97 Gb Paging File | 6.24 Gb Available in Paging File | 78.38% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 817.92 Gb Free Space | 87.81% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 63.22 Gb Free Space | 27.14% Space Free | Partition Type: NTFS
Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Peter\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater17.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (FXNADB) -- C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (massfilter_lte) -- C:\Windows\SysNative\drivers\massfilter_LTE.sys (HandSet Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RxFilter) -- C:\Windows\SysNative\drivers\RxFilter.sys (Sonic Solutions)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (DLADResE) -- C:\Windows\SysNative\drivers\DLADResE.SYS (Roxio)
DRV:64bit: - (DLABMFSE) -- C:\Windows\SysNative\drivers\DLABMFSE.SYS (Roxio)
DRV:64bit: - (DLAUDF_E) -- C:\Windows\SysNative\drivers\DLAUDF_E.SYS (Roxio)
DRV:64bit: - (DLAUDFAE) -- C:\Windows\SysNative\drivers\DLAUDFAE.SYS (Roxio)
DRV:64bit: - (DLAOPIOE) -- C:\Windows\SysNative\drivers\DLAOPIOE.SYS (Roxio)
DRV:64bit: - (DLABOIOE) -- C:\Windows\SysNative\drivers\DLABOIOE.SYS (Roxio)
DRV:64bit: - (DLAPoolE) -- C:\Windows\SysNative\drivers\DLAPoolE.SYS (Roxio)
DRV:64bit: - (DLAIFS_E) -- C:\Windows\SysNative\drivers\DLAIFS_E.SYS (Roxio)
DRV:64bit: - (DRVECDB) -- C:\Windows\SysNative\drivers\DRVECDB.SYS (Sonic Solutions)
DRV:64bit: - (DLACDBHE) -- C:\Windows\SysNative\drivers\DLACDBHE.SYS (Roxio)
DRV:64bit: - (DLARTL_E) -- C:\Windows\SysNative\drivers\DLARTL_E.SYS (Roxio)
DRV:64bit: - (DRVEDDM) -- C:\Windows\SysNative\drivers\DRVEDDM.SYS (Roxio)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKLM\..\URLSearchHook: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - No CLSID value found
IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.com.au/tickler/default.aspx
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 5B D5 82 D6 53 CC 01 [binary data]
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\URLSearchHook: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - No CLSID value found
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/search?q={searchTerms}&rlz=1I7ADRA_enAU445
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11 [2013-06-27 21:45:52 | 000,000,000 | ---D | M]
[2013-07-03 15:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013-12-22 09:53:34 | 000,450,701 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15468 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DocuPrint CM205b RUN] C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe (Fuji Xerox Co., Ltd.)
O4 - HKLM..\Run: [LauncherCM205b] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe" /S FX DocuPrint CM205 b File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StatusAuto CM205b Run] C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe (Fuji Xerox Co., Ltd)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1962708451-3323433082-481659391-1000..\Run: [BigPond Connection Client] C:\Program Files (x86)\Telstra\BigPond Connection Client\BigPondCC.exe (Telstra Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..Trusted Domains: bigpond.com ([register] https in Local intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89FA3560-13FB-4846-A7E5-4193B079001D}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-12-29 18:48:02 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007-05-10 08:48:26 | 000,000,032 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014-01-03 11:47:08 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2014-01-03 11:46:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-01-03 11:26:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013-12-29 18:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013-12-29 18:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013-12-17 18:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013-12-11 20:06:59 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013-12-11 20:06:59 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013-12-11 20:06:59 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013-12-11 20:06:58 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013-12-11 20:05:36 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-12-11 20:05:36 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-12-11 20:05:36 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-12-11 20:05:36 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013-12-11 20:05:36 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013-12-11 20:05:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-12-11 20:05:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013-12-11 20:05:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-12-11 20:05:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013-12-11 20:05:35 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013-12-11 20:05:35 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013-12-11 20:05:35 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013-12-11 20:05:35 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013-12-11 20:05:34 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013-12-11 20:05:34 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013-12-11 20:05:32 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-12-11 17:26:05 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013-12-11 17:26:05 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013-12-11 17:25:59 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013-12-11 17:25:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013-12-11 17:25:55 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013-12-11 17:25:08 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013-12-11 17:25:08 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013-12-11 17:25:06 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013-12-11 17:25:06 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013-12-11 17:25:06 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013-12-11 17:25:06 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013-12-11 17:25:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013-12-11 17:25:05 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013-12-09 17:11:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012-02-20 05:03:48 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Peter\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Peter\Documents\*.tmp files -> C:\Users\Peter\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014-01-04 19:26:37 | 000,001,095 | ---- | M] () -- C:\Users\Peter\Desktop\OTL - Shortcut.lnk
[2014-01-04 19:12:03 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-01-04 19:12:03 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-01-04 19:04:50 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-01-04 19:04:50 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014-01-04 19:04:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-01-04 19:04:46 | 3207,946,240 | -HS- | M] () -- C:\hiberfil.sys
[2014-01-04 19:04:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014-01-03 20:44:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-01-03 20:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-01-03 11:46:48 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-01-02 09:15:58 | 000,001,062 | ---- | M] () -- C:\Users\Peter\Desktop\Optimizer Pro.lnk
[2014-01-02 09:15:12 | 000,581,957 | ---- | M] () -- C:\Users\Peter\Desktop\adwcleaner-1.606-en.exe
[2013-12-30 17:28:32 | 000,000,512 | ---- | M] () -- C:\Users\Peter\Desktop\MBR.dat
[2013-12-29 18:48:02 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013-12-22 09:55:47 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013-12-22 09:53:34 | 000,450,701 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013-12-17 18:47:04 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013-12-15 12:54:16 | 000,001,170 | ---- | M] () -- C:\Users\Peter\Documents\cc_20131215_125403.reg
[2013-12-15 12:52:20 | 000,450,701 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131222-095334.backup
[2013-12-12 20:44:15 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-12-12 20:44:15 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-12-12 20:44:15 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-12-12 20:38:17 | 000,493,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-12-11 19:36:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-12-11 19:36:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-12-08 19:18:57 | 000,450,701 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131215-125220.backup
[2013-12-06 19:29:35 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Peter\Documents\*.tmp files -> C:\Users\Peter\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014-01-04 19:26:37 | 000,001,095 | ---- | C] () -- C:\Users\Peter\Desktop\OTL - Shortcut.lnk
[2014-01-03 11:46:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-01-02 09:15:58 | 000,001,062 | ---- | C] () -- C:\Users\Peter\Desktop\Optimizer Pro.lnk
[2014-01-02 09:15:12 | 000,581,957 | ---- | C] () -- C:\Users\Peter\Desktop\adwcleaner-1.606-en.exe
[2013-12-30 17:28:32 | 000,000,512 | ---- | C] () -- C:\Users\Peter\Desktop\MBR.dat
[2013-12-29 18:48:02 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013-12-17 18:47:04 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013-12-15 12:54:08 | 000,001,170 | ---- | C] () -- C:\Users\Peter\Documents\cc_20131215_125403.reg
[2012-03-11 08:28:27 | 000,145,452 | ---- | C] () -- C:\Users\Peter\AppData\Local\rx_audio.Cache
[2012-02-20 05:03:48 | 000,099,384 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\inst.exe
[2012-02-20 05:03:48 | 000,007,859 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\pcouffin.cat
[2012-02-20 05:03:48 | 000,001,167 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\pcouffin.inf
[2011-08-16 07:55:52 | 000,643,372 | ---- | C] () -- C:\Users\Peter\AppData\Local\rx_image.Cache
[2011-07-25 17:48:58 | 000,074,293 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Setup.1.2.exe
========== ZeroAccess Check ==========
[2009-07-14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012-10-13 09:54:32 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012-10-13 09:54:32 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013-10-23 12:18:00 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\AVG2014
[2013-10-28 14:58:11 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\calibre
[2013-03-08 15:02:35 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\canon
[2013-03-08 15:11:11 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Canon_Inc_IC
[2011-11-21 05:28:03 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\dBpoweramp
[2012-06-19 11:42:58 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DVDFab
[2011-11-28 05:51:09 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\foobar2000
[2012-04-25 19:03:03 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\iSkysoft Video Converter Ultimate
[2013-12-03 17:52:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\JLAdventCalendarEdwardian2013
[2012-12-17 16:05:20 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\KompoZer
[2011-08-07 09:02:52 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Leadertech
[2013-11-01 17:14:18 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Sierra Wireless
[2011-08-06 11:20:02 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Telstra
[2012-10-11 17:15:58 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TuneUp Software
[2012-04-25 11:40:52 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Vso
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Ulead DVD MovieFactory 4.0 SE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(8).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(4).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(27).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(25).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(23).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(22).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(21).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(2).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(18).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(16).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(15).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(14).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(13).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(12).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(1).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Rosi & Luke front cover.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Rosi & Luke back cover.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\PDRMUSIC.TMP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\CyberLink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\VirtualDubMod_1_5_10_2_All_inclusive[1]:Roxio EMC Stream
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:07F6D9E4
< End of report >
countsixty4
2014-01-04, 12:58
OTL Extras logfile created on: 04-Jan-14 7:27:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
3.98 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 66.07% Memory free
7.97 Gb Paging File | 6.24 Gb Available in Paging File | 78.38% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 817.92 Gb Free Space | 87.81% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 63.22 Gb Free Space | 27.14% Space Free | Partition Type: NTFS
Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL" "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL" "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002E933D-F799-4F33-8C93-AB86CFC37CC3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{04F76A98-3673-4926-94D9-477657EC42B9}" = rport=139 | protocol=6 | dir=out | app=system |
"{07BB2559-266C-4B9D-9187-3B15720F0715}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0F284880-CD2F-421E-AE3A-BEA3F4056EA2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20554749-5A66-4E6E-BFC3-45F3A32DA430}" = lport=137 | protocol=17 | dir=in | app=system |
"{23021A7F-7305-448C-9118-12D4E518ADB2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25F5EDA5-AEEC-48DC-84FD-B134D4EBC276}" = rport=10243 | protocol=6 | dir=out | app=system |
"{27AB7E71-ADCE-46D6-A01C-AF5F08E47821}" = lport=139 | protocol=6 | dir=in | app=system |
"{3C7AE2A9-893A-4C0A-A8C4-F3AF88CE5A7D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{510B577C-7FA3-485F-A903-9EDA0AD08C11}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5320A077-3F50-4EE8-8EED-FF82D8555FD5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56EC47B4-3C13-4BEB-ADBC-EBC748A4D6B5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{60D7DA44-5E52-4622-BDF7-9A8E73F45607}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{646AFBC6-526B-4D39-9DAE-6ECBA837BEC5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{682B9565-9970-49AA-A43E-6D3E8FD1D0DD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9093F76A-6762-44F7-9540-B2309C154B51}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{94935C2B-1C01-4002-8722-77409AEFED6A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1E87A06-8EC1-4528-B9AC-6633BF382770}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C2803B32-DF84-4053-AB24-0E524F7B8B12}" = rport=138 | protocol=17 | dir=out | app=system |
"{C2FE3AF8-B3D2-4BD6-9932-BF412ED2F893}" = lport=138 | protocol=17 | dir=in | app=system |
"{C3DDECBD-2314-4F75-BD66-EB5224E8BFB6}" = rport=137 | protocol=17 | dir=out | app=system |
"{CD769B20-1FB0-48D3-BE8C-3071634977B4}" = rport=445 | protocol=6 | dir=out | app=system |
"{EE55EBFB-B427-4CD0-93BD-EBE7E9A7C6AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{FA53BEAA-636A-4A46-A564-269AAB5A6359}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EEB33D-8007-4774-BCF1-2B551CAE446D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{086D2797-2B40-46AD-8C18-39502C8BAD70}" = protocol=17 | dir=in | app=c:\program files (x86)\sightspeed\sightspeed.exe |
"{1417F5B4-9C15-48FA-8959-28DC86C79E78}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{1DBA30DF-9CBF-4D04-BBC4-548B0F85172D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E486F40-0A52-49E4-94E9-A5520003F1CB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{201778FB-2E6B-47F4-94C4-E2CECCDD9D22}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3276C8DF-9E9F-405A-8C7E-3375B03E82E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36F1C8AA-3320-4C27-87A7-6E54A6068C24}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{4052509F-F31E-4CA5-A03A-CBDF73569726}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{43AA221E-F1FD-4070-9EC7-9B9B34361AE0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{535EFB8B-FA67-48CC-970A-AC591582CB05}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{5E555471-F641-438C-AD58-897F5B9B4825}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6A795FE3-B19E-4340-B73B-D61F90D827AE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D0F8478-B8F5-4443-818A-DB3B634DEE4A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{79FEBBBE-636C-476C-B7C4-D6C5E23FDFFF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{7A4AB451-E12D-443B-A612-BC48EF8FE5C8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7CFF09D3-57B4-4CD9-BC33-894A18D01FEE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7FAD1268-4DCE-4D8A-A1B1-1102324F6DA0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{855A5253-0BAB-41CC-A08C-23FFDD0287F6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{896D8F0A-1EA2-41F4-B1CE-F4F94461D42E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9524DEB1-E8CE-4E7C-A164-FA12DDA7E0D2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A2C8FB26-5E92-442E-8332-2830639E2033}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A92F5B4E-1800-4A8A-A0F0-8EF0A69940FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B45F724F-FDDF-4D69-8BFE-0FB5B400B81B}" = protocol=6 | dir=out | app=system |
"{B855DA91-166F-43B3-A1D5-A8852CE093D3}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{B8904B28-06D5-41AA-9BBC-2E3A50735C03}" = protocol=6 | dir=in | app=c:\program files (x86)\sightspeed\sightspeed.exe |
"{BE6DB68C-F975-4DCE-BCA3-5D493754962D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{C3606067-2387-44A2-8B1B-8F0C983BD4DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C72AD438-59B8-443A-B6E2-101F496754EA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD95F040-6B9C-4FFE-8057-FBF0835851C8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D5F780D3-CD9D-44F1-AC06-12E5B5B7B5D0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA62FAAB-1A50-4C25-9EA2-EFE5F3D15EA4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F7D4F5B7-D3C8-4582-951D-E0A05AD2C5DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{A53A46DB-CCAD-456E-978B-9BC86B51185B}E:\pf1\360share pro\jre\bin\javaw.exe" = protocol=6 | dir=in | app=e:\pf1\360share pro\jre\bin\javaw.exe |
"TCP Query User{ABA1BB30-A57D-4B44-BDF9-C0189B34AB7F}C:\program files\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files\calibre2\calibre.exe |
"UDP Query User{6FFF54AC-CC25-4898-B2CE-F4EFCCD0175B}E:\pf1\360share pro\jre\bin\javaw.exe" = protocol=17 | dir=in | app=e:\pf1\360share pro\jre\bin\javaw.exe |
"UDP Query User{D1D1E4BC-2C7B-48B6-A1BC-40957DD657D5}C:\program files\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files\calibre2\calibre.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C1EF09-B5B7-4082-B1F4-C35CE7A7FCA9}" = ZTE LTE Device USB Driver
"{05169250-8EF1-98E7-3C46-ECCC5CDD09F5}" = ccc-utility64
"{21328306-39D4-D363-001B-1C7E142A93D8}" = AMD Drag and Drop Transcoding
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2496B756-C386-B088-7644-55F16C18A6E7}" = ATI Catalyst Install Manager
"{2599B6F1-92AC-472C-BE60-9F17565E4938}" = PowerDirector
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{3520B663-C056-D2F8-77E2-4F0CA41D3803}" = WMV9/VC-1 Video Playback
"{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7F624BD1-4FE0-432F-B928-68302E156D04}" = AVG 2014
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{AAE78E39-FAAF-4C19-A63E-BDED7428FDE1}" = Roxio Drag-to-Disc
"{D0CE4A83-018E-C14F-734C-6BEBF469C681}" = ATI AVIVO64 Codecs
"{DF6697A2-7829-4E44-AEB8-667D86CB3472}" = calibre 64bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2014
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NewBlue Art Effects for PowerDirector" = Newblue Art Effects for PowerDirector
"WinRAR archiver" = WinRAR 4.20 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0053CC02-9A68-C88E-6890-0A749DF9BD7B}" = CCC Help Thai
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio RecordNow Tools
"{03AD770A-1530-437E-967F-ADD4E5B23164}" = CyberLink PowerDirector 11 Content Pack Essential
"{0805B720-5CD0-143C-E569-149D546A92FA}" = CCC Help Chinese Traditional
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio RecordNow Data
"{11B79EBE-12F0-7F67-028C-28763D04522C}" = CCC Help Polish
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19901F0F-3857-5E46-FF17-9B5653860B75}" = CCC Help Turkish
"{1E6A4185-C2E8-1AB7-6C05-806C015FFE7E}" = CCC Help Czech
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2187FAB6-013A-4983-825F-F57F7BBBA373}_is1" = Solitaire XP version 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2747BEA4-A2E1-6513-7524-4DBBC7823E4A}" = CCC Help Chinese Standard
"{2E443D29-FB41-07FB-21E9-852D477570BE}" = CCC Help English
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{37672760-7930-4911-9685-227E29AE2C55}" = CyberLink PowerDirector 11 Content Pack Premium
"{3776754C-4283-DF7D-F28A-0221CD5F07AE}" = CCC Help Russian
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}" = Ulead DVD MovieFactory 4.0 SE
"{451D691A-D425-01D3-B1C7-0A3161878ECE}" = CCC Help Hungarian
"{47FDE7DF-E065-EBF3-5CA1-44BB75F05F6A}" = CCC Help Japanese
"{49E54A90-948C-D78B-CECE-9A7B380491F0}" = CCC Help Norwegian
"{4A93AD88-E424-F6A3-5620-697FA89AAD14}" = CCC Help Korean
"{4C6B0067-4399-7F36-4C34-18D861D7662E}" = CCC Help French
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{55DE01D1-9E39-292C-8DF8-9F753992D548}" = CCC Help Swedish
"{5A4B0298-6C1A-E615-BE09-D65A63AAB2ED}" = Catalyst Control Center Graphics Previews Common
"{5B893587-00A8-4A4E-83F0-8AFA7BFC7C1A}" = PVR Plus
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio RecordNow Copy
"{625304B0-2976-473B-AD81-5CA376093F03}" = Xingtone Ringtone Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{651D7652-9070-4B67-94C0-C5CA8CA4CEDD}" = ArcSoft ShowBiz DVD 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{787F2DC2-1699-44FA-A72F-9107166AF9CC}" = Roxio Content 9
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79922D4F-BF47-42A2-902E-EF81B7A3750D}" = Roxio XingTones
"{7A497FCE-53D2-8D70-C497-CD5585953F62}" = CCC Help Spanish
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio RecordNow Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio BDAV Plugin
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio Easy Media Creator 9 Suite
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A440AC73-43D1-D096-B7B8-051E4282F330}" = CCC Help Finnish
"{A8F9A0D8-A8F4-4C91-A7DF-90404DCD5B1E}" = Jacquie Lawson Edwardian Advent Calendar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A982D950-FAB9-744E-41BE-285082FF86C2}" = CCC Help Italian
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Roxio Media Experience
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}" = e-tax 2012
"{B39A18D0-296E-2B41-4CCC-58AF0B772F8E}" = CCC Help Greek
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C6526EF6-214D-20CC-E8B8-2E79BFC0D11E}" = CCC Help Dutch
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator 9 Home
"{CA212D9E-EDFB-B0D8-B1D5-05ED5838F6B7}" = ccc-core-static
"{DE9069FA-EF9E-25CD-67E7-0242935CCD49}" = HydraVision
"{DEDE10BE-6C0D-6941-95EA-0822D8DE1C90}" = CCC Help Portuguese
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E1D8FD24-8CC4-9038-0B15-ADBB922DA352}" = CCC Help Danish
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.7
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F60034B3-8D8A-42CA-91D4-00C048F88D6F}" = DocuPrint CM205 b
"{F6760F99-BFC8-476C-B0C7-6C11726F8E90}" = BigPond Connection Client
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA5E8C25-6204-76B9-AB27-866D6A2131C5}" = Catalyst Control Center Localization All
"{FB45F14F-E6F9-796D-86A3-C096B5BEF842}" = CCC Help German
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE33F0E4-33DD-E7E9-78CB-507306FD0463}" = Catalyst Control Center InstallProxy
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon Kindle" = Amazon Kindle
"AVG Secure Search" = AVG Security Toolbar
"CameraUserGuide-PSELPH110HS_IXUS125HS" = Canon PowerShot ELPH 110 HS_IXUS 125 HS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC 8
"DVDFab 8 Qt_is1" = DVDFab 8.1.7.8 (17/04/2012) Qt
"foobar2000" = foobar2000 v1.1.9
"GoldenVideos" = Golden Videos
"Google Chrome" = Google Chrome
"ImageBrowser EX" = Canon Utilities ImageBrowser EX
"InstallShield_{03AD770A-1530-437E-967F-ADD4E5B23164}" = CyberLink PowerDirector 11 Content Pack Essential
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"InstallShield_{37672760-7930-4911-9685-227E29AE2C55}" = CyberLink PowerDirector 11 Content Pack Premium
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.7
"InstallShield_{F60034B3-8D8A-42CA-91D4-00C048F88D6F}" = DocuPrint CM205 b
"JLAdventCalendarEdwardian2013" = Jacquie Lawson Edwardian Advent Calendar
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NCH_EN Toolbar" = NCH EN Toolbar
"Office14.SingleImage" = Microsoft Office Professional 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"SightSpeed" = SightSpeed
"TVEpaDrv" = Kaiser Baas USB VIDEO TO DVD MAKER BDA Driver
"VideoPad" = VideoPad Video Editor
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WiseConvert Toolbar" = WiseConvert Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03-Jan-14 12:25:26 AM | Computer Name = Peter-PC | Source = WinMgmt | ID = 10
Description =
Error - 03-Jan-14 1:12:44 AM | Computer Name = Peter-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 03-Jan-14 1:13:06 AM | Computer Name = Peter-PC | Source = SideBySide | ID = 16842816
Description = Activation context generation failed for "C:\Program Files (x86)\Roxio\Roxio
Easy Media Creator 9 Suite\VideoUI 9\tracelog.exe.Manifest".Error in manifest or
policy file "C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\VideoUI
9\tracelog.exe.Manifest" on line 10. The attribute uiaccess is not permitted in
this context on element requestedExecutionLevel.
Error - 04-Jan-14 7:04:51 AM | Computer Name = Peter-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 03-Jan-14 12:24:00 AM | Computer Name = Peter-PC | Source = DCOM | ID = 10010
Description =
Error - 03-Jan-14 9:11:44 AM | Computer Name = Peter-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Good Morning,
That start up error is related to Conduit which is PUP potentially unwanted program, we can fix it
First go into Programs and Features in the Control Panel and uninstall Optimizer Pro
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
O3 - HKLM\..\Toolbar: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found.
[2013-12-15 12:52:20 | 000,450,701 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131222-095334.backup
[2013-12-08 19:18:57 | 000,450,701 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131215-125220.backup
:Services
:Reg
:Files
ipconfig /flushdns /c
C:\Users\Peter\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then run a new scan with OTL and post the new log please and also let me know if that error is gone
countsixty4
2014-01-05, 12:34
Hello Ken545
logfile as requested, I could not find Optimizer Pro although the icon is still on the desktop. I looked in program filesx86 but couldn't find it. Could that have been removed by Malwarebytes also? The Conduit\backgroundContainer message came up on my screen after the reboot.
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a87cb3e3-4db9-439d-b96b-576f5ae8459d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a87cb3e3-4db9-439d-b96b-576f5ae8459d}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
C:\Windows\SysNative\drivers\etc\hosts.20131222-095334.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131215-125220.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Peter\Downloads\cmd.bat deleted successfully.
C:\Users\Peter\Downloads\cmd.txt deleted successfully.
File\Folder C:\Users\Peter\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: IrfanView
User: Peter
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: IrfanView
User: Peter
->Temp folder emptied: 165991245 bytes
->Temporary Internet Files folder emptied: 249456105 bytes
->Google Chrome cache emptied: 20590505 bytes
->Flash cache emptied: 58812 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1715816 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9304086 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95403 bytes
RecycleBin emptied: 34007 bytes
Total Files Cleaned = 427.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01052014_191323
Files\Folders moved on Reboot...
C:\Users\Peter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P33VQM2Y\I2U1TMKA.htm moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9JUZV5BU\showthread[1].htm moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\avg_secure_search.log scheduled to be moved on reboot.
C:\Windows\temp\TimeInfo.txt moved successfully.
C:\Windows\temp\TrcInfo.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Good Morning,
Just drag the Optimizer Pro icon to the trash.
Heads up on this one also, this one you may want to uninstall
SpyHunter - spyware remover of somewhat dubious repute
For this program you need the 64 bit version
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:folderfind
Conduit
:filefind
Conduit
:regfind
Conduit
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
countsixty4
2014-01-05, 13:24
Hi Ken545
Here is OTL new scan as requested
OTL logfile created on: 05-Jan-14 7:39:29 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
3.98 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.35% Memory free
7.97 Gb Paging File | 6.25 Gb Available in Paging File | 78.44% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 818.33 Gb Free Space | 87.86% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 63.22 Gb Free Space | 27.14% Space Free | Partition Type: NTFS
Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Peter\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater17.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (FXNADB) -- C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (massfilter_lte) -- C:\Windows\SysNative\drivers\massfilter_LTE.sys (HandSet Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RxFilter) -- C:\Windows\SysNative\drivers\RxFilter.sys (Sonic Solutions)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (DLADResE) -- C:\Windows\SysNative\drivers\DLADResE.SYS (Roxio)
DRV:64bit: - (DLABMFSE) -- C:\Windows\SysNative\drivers\DLABMFSE.SYS (Roxio)
DRV:64bit: - (DLAUDF_E) -- C:\Windows\SysNative\drivers\DLAUDF_E.SYS (Roxio)
DRV:64bit: - (DLAUDFAE) -- C:\Windows\SysNative\drivers\DLAUDFAE.SYS (Roxio)
DRV:64bit: - (DLAOPIOE) -- C:\Windows\SysNative\drivers\DLAOPIOE.SYS (Roxio)
DRV:64bit: - (DLABOIOE) -- C:\Windows\SysNative\drivers\DLABOIOE.SYS (Roxio)
DRV:64bit: - (DLAPoolE) -- C:\Windows\SysNative\drivers\DLAPoolE.SYS (Roxio)
DRV:64bit: - (DLAIFS_E) -- C:\Windows\SysNative\drivers\DLAIFS_E.SYS (Roxio)
DRV:64bit: - (DRVECDB) -- C:\Windows\SysNative\drivers\DRVECDB.SYS (Sonic Solutions)
DRV:64bit: - (DLACDBHE) -- C:\Windows\SysNative\drivers\DLACDBHE.SYS (Roxio)
DRV:64bit: - (DLARTL_E) -- C:\Windows\SysNative\drivers\DLARTL_E.SYS (Roxio)
DRV:64bit: - (DRVEDDM) -- C:\Windows\SysNative\drivers\DRVEDDM.SYS (Roxio)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKLM\..\URLSearchHook: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - No CLSID value found
IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.com.au/tickler/default.aspx
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 5B D5 82 D6 53 CC 01 [binary data]
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\URLSearchHook: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - No CLSID value found
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/search?q={searchTerms}&rlz=1I7ADRA_enAU445
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11 [2013-06-27 21:45:52 | 000,000,000 | ---D | M]
[2013-07-03 15:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014-01-05 19:13:24 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DocuPrint CM205b RUN] C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe (Fuji Xerox Co., Ltd.)
O4 - HKLM..\Run: [LauncherCM205b] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe" /S FX DocuPrint CM205 b File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StatusAuto CM205b Run] C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe (Fuji Xerox Co., Ltd)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1962708451-3323433082-481659391-1000..\Run: [BigPond Connection Client] C:\Program Files (x86)\Telstra\BigPond Connection Client\BigPondCC.exe (Telstra Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..Trusted Domains: bigpond.com ([register] https in Local intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89FA3560-13FB-4846-A7E5-4193B079001D}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-12-29 18:48:02 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007-05-10 08:48:26 | 000,000,032 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014-01-05 19:13:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-01-03 11:47:08 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2014-01-03 11:46:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-01-03 11:26:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013-12-29 18:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013-12-29 18:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013-12-17 18:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013-12-11 20:06:59 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013-12-11 20:06:59 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013-12-11 20:06:59 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013-12-11 20:06:58 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013-12-11 20:05:36 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-12-11 20:05:36 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-12-11 20:05:36 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-12-11 20:05:36 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013-12-11 20:05:36 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013-12-11 20:05:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-12-11 20:05:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013-12-11 20:05:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-12-11 20:05:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013-12-11 20:05:35 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013-12-11 20:05:35 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013-12-11 20:05:35 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013-12-11 20:05:35 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013-12-11 20:05:34 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013-12-11 20:05:34 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013-12-11 20:05:32 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-12-11 17:26:05 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013-12-11 17:26:05 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013-12-11 17:25:59 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013-12-11 17:25:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013-12-11 17:25:55 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013-12-11 17:25:08 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013-12-11 17:25:08 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013-12-11 17:25:06 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013-12-11 17:25:06 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013-12-11 17:25:06 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013-12-11 17:25:06 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013-12-11 17:25:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013-12-11 17:25:05 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013-12-09 17:11:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012-02-20 05:03:48 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Peter\AppData\Roaming\pcouffin.sys
[1 C:\Users\Peter\Documents\*.tmp files -> C:\Users\Peter\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014-01-05 19:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-01-05 19:23:26 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-01-05 19:23:26 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-01-05 19:16:15 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-01-05 19:16:15 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014-01-05 19:16:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-01-05 19:16:11 | 3207,946,240 | -HS- | M] () -- C:\hiberfil.sys
[2014-01-05 19:16:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014-01-05 19:13:24 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014-01-04 21:44:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-01-04 19:44:33 | 000,013,270 | ---- | M] () -- C:\Users\Peter\Desktop\Extras - Shortcut.lnk
[2014-01-04 19:44:26 | 000,025,142 | ---- | M] () -- C:\Users\Peter\Desktop\OTL.lnk
[2014-01-04 19:26:37 | 000,001,095 | ---- | M] () -- C:\Users\Peter\Desktop\OTL - Shortcut.lnk
[2014-01-03 11:46:48 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-01-02 09:15:58 | 000,001,062 | ---- | M] () -- C:\Users\Peter\Desktop\Optimizer Pro.lnk
[2014-01-02 09:15:12 | 000,581,957 | ---- | M] () -- C:\Users\Peter\Desktop\adwcleaner-1.606-en.exe
[2013-12-30 17:28:32 | 000,000,512 | ---- | M] () -- C:\Users\Peter\Desktop\MBR.dat
[2013-12-29 18:48:02 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013-12-22 09:55:47 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013-12-17 18:47:04 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013-12-15 12:54:16 | 000,001,170 | ---- | M] () -- C:\Users\Peter\Documents\cc_20131215_125403.reg
[2013-12-12 20:44:15 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-12-12 20:44:15 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-12-12 20:44:15 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-12-12 20:38:17 | 000,493,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-12-11 19:36:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-12-11 19:36:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\Peter\Documents\*.tmp files -> C:\Users\Peter\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014-01-04 19:44:33 | 000,013,270 | ---- | C] () -- C:\Users\Peter\Desktop\Extras - Shortcut.lnk
[2014-01-04 19:44:26 | 000,025,142 | ---- | C] () -- C:\Users\Peter\Desktop\OTL.lnk
[2014-01-04 19:26:37 | 000,001,095 | ---- | C] () -- C:\Users\Peter\Desktop\OTL - Shortcut.lnk
[2014-01-03 11:46:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-01-02 09:15:58 | 000,001,062 | ---- | C] () -- C:\Users\Peter\Desktop\Optimizer Pro.lnk
[2014-01-02 09:15:12 | 000,581,957 | ---- | C] () -- C:\Users\Peter\Desktop\adwcleaner-1.606-en.exe
[2013-12-30 17:28:32 | 000,000,512 | ---- | C] () -- C:\Users\Peter\Desktop\MBR.dat
[2013-12-29 18:48:02 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013-12-17 18:47:04 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013-12-15 12:54:08 | 000,001,170 | ---- | C] () -- C:\Users\Peter\Documents\cc_20131215_125403.reg
[2012-03-11 08:28:27 | 000,145,452 | ---- | C] () -- C:\Users\Peter\AppData\Local\rx_audio.Cache
[2012-02-20 05:03:48 | 000,099,384 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\inst.exe
[2012-02-20 05:03:48 | 000,007,859 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\pcouffin.cat
[2012-02-20 05:03:48 | 000,001,167 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\pcouffin.inf
[2011-08-16 07:55:52 | 000,643,372 | ---- | C] () -- C:\Users\Peter\AppData\Local\rx_image.Cache
[2011-07-25 17:48:58 | 000,074,293 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Setup.1.2.exe
========== ZeroAccess Check ==========
[2009-07-14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012-10-13 09:54:32 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012-10-13 09:54:32 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013-10-23 12:18:00 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\AVG2014
[2013-10-28 14:58:11 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\calibre
[2013-03-08 15:02:35 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\canon
[2013-03-08 15:11:11 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Canon_Inc_IC
[2011-11-21 05:28:03 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\dBpoweramp
[2012-06-19 11:42:58 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DVDFab
[2011-11-28 05:51:09 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\foobar2000
[2012-04-25 19:03:03 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\iSkysoft Video Converter Ultimate
[2013-12-03 17:52:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\JLAdventCalendarEdwardian2013
[2012-12-17 16:05:20 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\KompoZer
[2011-08-07 09:02:52 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Leadertech
[2013-11-01 17:14:18 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Sierra Wireless
[2011-08-06 11:20:02 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Telstra
[2012-10-11 17:15:58 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TuneUp Software
[2012-04-25 11:40:52 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Vso
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Ulead DVD MovieFactory 4.0 SE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(8).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(4).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(27).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(25).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(23).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(22).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(21).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(2).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(18).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(16).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(15).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(14).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(13).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(12).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(1).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Rosi & Luke front cover.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Rosi & Luke back cover.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\PDRMUSIC.TMP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\CyberLink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\VirtualDubMod_1_5_10_2_All_inclusive[1]:Roxio EMC Stream
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:07F6D9E4
< End of report >
Hi,
Did you see my previous reply ?
countsixty4
2014-01-06, 08:16
Hi Ken545
Here is SystemLook lofile as requested:
SystemLook 30.07.11 by jpshortstuff
Log created at 14:56 on 06/01/2014 by Peter
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== folderfind ==========
Searching for "Conduit"
C:\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit d------ [06:35 05/07/2013]
========== filefind ==========
Searching for "Conduit"
No files found.
========== regfind ==========
Searching for "Conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\BackgroundContainer\LogicFileManager]
"LogicFilePath"="C:\Users\Peter\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar]
"SearchServerUrl"="http://search.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar]
"Server"="users.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar]
"SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar]
"AppsDetectionUrlPattern"="http://appdownload.conduit.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ABTestUsage]
"ServiceUrl"="http://tb-test.conduit-data.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ClientLog]
"ServiceUrl"="http://clientlog.conduit-services.com/log/putlog"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\Configuration]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/?ctid=EB_TOOLBAR_ID&ver=EB_TOOLBAR_VERSION&client=ToolbarConfiguration"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\SearchApiByCountry]
"ServiceUrl"="http://c.api.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID&c=EB_COUNTRY_CODE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\SPStubConditionalDownload]
"ServiceUrl"="http://sp-download.conduit-services.com/ConditionalDownload?CTID=EB_TOOLBAR_ID&ToolbarRunMode=EB_TOOLBAR_RUN_MODE&ToolbarType=EB_PLATFORM&UAC=EB_UAC_MODE&IntegrityLevel=EB_INTEGRITY_LEVEL&WindowsVersion=EB_WINDOWS_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID&UM=UM_UNINSTALL_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarHiddenLoginJson]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/JsonLogin.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarHiddenSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarInstallationUsage]
"ServiceUrl"="http://installationusage.conduit-services.com/api/InstallationUsage"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarLoginJson]
"ServiceUrl"="http://login.toolbar.conduit-services.com/JsonLogin.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarSetupAPI]
"ServiceUrl"="http://setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarSetupAPIByCountry]
"ServiceUrl"="http://c.setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID/CC/EB_COUNTRY_CODE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\WebAppSettings]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\WebAppSettingsNC]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\WebAppValidation]
"ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495_CT3282495]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495_en]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\1221874546]
"dbname"="conduit_CT3282495_CT3282495"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\207869523]
"dbname"="conduit_CT3282495_CT3282495"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\2743962132]
"dbname"="conduit_CT3282495_CT3282495"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\2784547141]
"dbname"="conduit_CT3282495_en"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\2804318953]
"dbname"="conduit_CT3282495_CT3282495"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\3670599413]
"dbname"="conduit_CT3282495_CT3282495"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\3702336478]
"dbname"="conduit_CT3282495_CT3282495"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\4124516320]
"dbname"="conduit_CT3282495_CT3282495"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\418810096]
"dbname"="conduit_CT3282495_CT3282495"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\559079335]
"dbname"="conduit_CT3282495_CT3282495"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings]
"SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3282495&SearchSource=2&CUI=SB_CUI&UM=2&q=MYSEARCHTERM"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings]
"HomePageUrl"="http://www.nchsoftware.com/index.html?utm_source=Conduit&utm_medium=Toolbar&utm_campaign=Logo"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="http://search.conduit.com?SearchSource=10&ctid=CT3282495"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282495"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\Search\Settings]
"NotFoundUrl"="http://search.conduit.com/corse/?ctid=CT3282495&octid=EB_ORIGINAL_CTID&SearchSource=11&CUI=SB_CUI&SSPV=EB_SSPV&Lay=LAY_ID&UM=2&fq=FQ_TERM&SAT=SAT_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\SearchInNewTab]
"AboutTabsPageUrl"="http://search.conduit.com/?ctid=CT3282495&octid=EB_ORIGINAL_CTID&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=2"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.17.2.8/tbedrs.dll"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.13.3.505/tbedrs.dll"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\Weather]
"SearchServerUrl"="http://search.conduit.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>ASXX0089</LOCATION_ID><DAYS><DAY1><DATE>20140103</DATE><DAY>Friday</DAY><F_MIN>57</F_MIN><F_MAX>82</F_MAX><C_MIN>14</C_MIN><C_MAX>28</C_MAX><UV_DESCRIPTION>Extreme</UV_DESCRIPTION><UV_INDEX>11</UV_INDEX><SUNSET>7:26 pm</SUNSET><SUNRISE>5:15 am</SUNRISE><MOONRISE>7:11 am</MOONRISE><MOONSET>8:49 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Sunny</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/sunny_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20140104</DATE><DAY>Saturday </DAY><F_MIN>60</F_MIN><F_MAX>81</F_MAX><C_MIN>16</C_MIN><C_MAX>27</C_MAX><UV_DESCRIPTION>Extreme</UV_DESCRIPTION><UV_INDEX>11</UV_INDEX><SUNSET>7:26 pm</SUNSET><SUNRISE>5:16 am</SUNRISE><MOONRISE>8:20 am</MOONRISE><MOONSET>9:33 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Sunny</CONDITION_DESCRIPTION><CONDITION_ICON>http://weath
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar]
"SearchServerUrl"="http://search.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar]
"Server"="users.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar]
"SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar]
"AppsDetectionUrlPattern"="http://appdownload.conduit.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ABTestUsage]
"ServiceUrl"="http://tb-test.conduit-data.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ClientLog]
"ServiceUrl"="http://clientlog.conduit-services.com/log/putlog"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\Configuration]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/?ctid=EB_TOOLBAR_ID&ver=EB_TOOLBAR_VERSION&client=ToolbarConfiguration"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\NewClientErrorLog]
"ServiceUrl"="https://clientlog.conduit-services.com/log/putlog"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\SearchApiByCountry]
"ServiceUrl"="http://c.api.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID&c=EB_COUNTRY_CODE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\SPStubConditionalDownload]
"ServiceUrl"="http://sp-download.conduit-services.com/ConditionalDownload?CTID=EB_TOOLBAR_ID&ToolbarRunMode=EB_TOOLBAR_RUN_MODE&ToolbarType=EB_PLATFORM&UAC=EB_UAC_MODE&IntegrityLevel=EB_INTEGRITY_LEVEL&WindowsVersion=EB_WINDOWS_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID&UM=UM_UNINSTALL_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarHiddenLoginJson]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/JsonLogin.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarHiddenSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarInstallationUsage]
"ServiceUrl"="http://installationusage.conduit-services.com/api/InstallationUsage"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarLoginJson]
"ServiceUrl"="http://login.toolbar.conduit-services.com/JsonLogin.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarSetupAPI]
"ServiceUrl"="http://setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarSetupAPIByCountry]
"ServiceUrl"="http://c.setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID/CC/EB_COUNTRY_CODE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\WebAppSettings]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\WebAppSettingsNC]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\WebAppValidation]
"ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716_CT3196716]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716_en]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\1396760413]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\1756291191]
"dbname"="conduit_CT3196716_en"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\1759588808]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\2048674571]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\2542920421]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\2588623610]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\35701993]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\3632215138]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\3745922918]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\4005055407]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\4254929155]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\432442029]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\450061910]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\746067339]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings]
"SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=MYSEARCHTERM"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\BackHandStorage\http___app_mam_conduit_com_getapp_CT3196716_mam_html_ctid=CT3196716]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\BackHandStorage\http___app_mam_conduit_com_getapp_CT3196716_mam_html_ctid=CT3196716&smv=EB_SMV]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\BackHandStorage\http___facebook_conduitapps_com_v3_13_gadget_html]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\BackHandStorage\http___storage_conduit_com_16_319_CT3196716_BrowserFiles_04183567-f0f0-4f7f-b942-6b4ac6e3d1f4_html]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\BackHandStorage\http___storage_conduit_com_ps_SearchApp_embedded_html]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\BackHandStorage\http___storage_conduit_com_PS_ShoppingApp_V1_pgcb1_2_html_ctid=CT3196716]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\BackHandStorage\http___storage_conduit_com_ps_ShoppingApp_V3_embedded_html]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="http://search.conduit.com?SearchSource=10&ctid=CT3196716"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\SearchInNewTab]
"AboutTabsPageUrl"="http://search.conduit.com/?ctid=CT3196716&octid=EB_ORIGINAL_CTID&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=1"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.17.2.8/tbedrs.dll"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.13.3.505/tbedrs.dll"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\Weather]
"SearchServerUrl"="http://search.conduit.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>ASXX0032</LOCATION_ID><DAYS><DAY1><DATE>20130709</DATE><DAY>Tuesday</DAY><F_MIN>69</F_MIN><F_MAX>91</F_MAX><C_MIN>21</C_MIN><C_MAX>33</C_MAX><UV_DESCRIPTION>Very High</UV_DESCRIPTION><UV_INDEX>9</UV_INDEX><SUNSET>6:35 pm</SUNSET><SUNRISE>7:09 am</SUNRISE><MOONRISE>7:33 am</MOONRISE><MOONSET>7:25 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Windy</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/windy_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20130710</DATE><DAY>Wednesday</DAY><F_MIN>69</F_MIN><F_MAX>90</F_MAX><C_MIN>21</C_MIN><C_MAX>32</C_MAX><UV_DESCRIPTION>Very High</UV_DESCRIPTION><UV_INDEX>9</UV_INDEX><SUNSET>6:35 pm</SUNSET><SUNRISE>7:09 am</SUNRISE><MOONRISE>8:16 am</MOONRISE><MOONSET>8:13 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Windy</CONDITION_DESCRIPTION><CONDITION_ICON>http
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\app.mam.conduit.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\conduitapps.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\app.mam.conduit.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fastcontent.conduit.com]
[HKEY_CURRENT_USER\Software\NCH Software\Components\conduit]
[HKEY_CURRENT_USER\Software\NCH Software\GoldenVideos\Software]
"Toolbar"="conduit"
[HKEY_CURRENT_USER\Software\WiseConvert\toolbar]
"BrowserSuggestionsURL"="http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0D06B5EB-0413-430F-AE85-8836EE8B48E1}]
"AppPath"="C:\Users\Peter\AppData\Local\Conduit\CT3196716"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C558A4F5-C80D-4E33-B53D-49CF3120730E}]
"AppPath"="C:\Users\Peter\AppData\Local\Conduit\CT3282495"
[HKEY_LOCAL_MACHINE\SOFTWARE\NCH Software\Components\conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\NCH_EN\Communicator]
"Url"="http://servicemap.conduit-services.com/Toolbar/?ownerId=EB_ORIGINAL_CTID"
[HKEY_LOCAL_MACHINE\SOFTWARE\NCH_EN\Communicator]
"UsageUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_LOCAL_MACHINE\SOFTWARE\NCH_EN\toolbar]
"Server"="users.conduit.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\NCH_EN\toolbar]
"PlatformType"="ConduitToolbarMyStuff"
[HKEY_LOCAL_MACHINE\SOFTWARE\NCH_EN\toolbar]
"AutoUpdateHelperPath"="C:\Users\Peter\AppData\Local\Conduit\CT3282495\NCH_ENAutoUpdateHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\NCH_EN\toolbar]
"IsConduitAppsToolbar"="FALSE"
[HKEY_LOCAL_MACHINE\SOFTWARE\NCH_EN\toolbar]
"BrowserSearchURL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282495&CUI=UN88827341831831153&UM=2"
[HKEY_LOCAL_MACHINE\SOFTWARE\NCH_EN\toolbar]
"BrowserSuggestionsURL"="http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\WiseConvert\Communicator]
"Url"="http://servicemap.conduit-services.com/Toolbar/?ownerId=EB_ORIGINAL_CTID"
[HKEY_LOCAL_MACHINE\SOFTWARE\WiseConvert\Communicator]
"UsageUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_LOCAL_MACHINE\SOFTWARE\WiseConvert\toolbar]
"BrowserSearchURL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716"
[HKEY_LOCAL_MACHINE\SOFTWARE\WiseConvert\toolbar]
"Server"="users.conduit.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\WiseConvert\toolbar]
"PlatformType"="ConduitToolbarMyStuff"
[HKEY_LOCAL_MACHINE\SOFTWARE\WiseConvert\toolbar]
"AutoUpdateHelperPath"="C:\Users\Peter\AppData\Local\Conduit\CT3196716\WiseConvertAutoUpdateHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\WiseConvert\toolbar]
"IsConduitAppsToolbar"="FALSE"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\BackgroundContainer\LogicFileManager]
"LogicFilePath"="C:\Users\Peter\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar]
"SearchServerUrl"="http://search.conduit.com"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar]
"SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar]
"AppsDetectionUrlPattern"="http://appdownload.conduit.com/"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ABTestUsage]
"ServiceUrl"="http://tb-test.conduit-data.com"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ClientLog]
"ServiceUrl"="http://clientlog.conduit-services.com/log/putlog"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\Configuration]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/?ctid=EB_TOOLBAR_ID&ver=EB_TOOLBAR_VERSION&client=ToolbarConfiguration"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\SearchApiByCountry]
"ServiceUrl"="http://c.api.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID&c=EB_COUNTRY_CODE"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\SPStubConditionalDownload]
"ServiceUrl"="http://sp-download.conduit-services.com/ConditionalDownload?CTID=EB_TOOLBAR_ID&ToolbarRunMode=EB_TOOLBAR_RUN_MODE&ToolbarType=EB_PLATFORM&UAC=EB_UAC_MODE&IntegrityLevel=EB_INTEGRITY_LEVEL&WindowsVersion=EB_WINDOWS_VERSION"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID&UM=UM_UNINSTALL_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarHiddenLoginJson]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/JsonLogin.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarHiddenSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarInstallationUsage]
"ServiceUrl"="http://installationusage.conduit-services.com/api/InstallationUsage"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarLoginJson]
"ServiceUrl"="http://login.toolbar.conduit-services.com/JsonLogin.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarSetupAPI]
"ServiceUrl"="http://setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarSetupAPIByCountry]
"ServiceUrl"="http://c.setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID/CC/EB_COUNTRY_CODE"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\WebAppSettings]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\WebAppSettingsNC]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495\WebAppValidation]
countsixty4
2014-01-06, 08:21
Hi Ken545
The systemLook logfile was to big to send all in one go, so here is the second part.
"ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495_CT3282495]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\conduit_CT3282495_en]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\1221874546]
"dbname"="conduit_CT3282495_CT3282495"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\207869523]
"dbname"="conduit_CT3282495_CT3282495"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\2743962132]
"dbname"="conduit_CT3282495_CT3282495"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\2784547141]
"dbname"="conduit_CT3282495_en"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\2804318953]
"dbname"="conduit_CT3282495_CT3282495"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\3670599413]
"dbname"="conduit_CT3282495_CT3282495"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\3702336478]
"dbname"="conduit_CT3282495_CT3282495"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\4124516320]
"dbname"="conduit_CT3282495_CT3282495"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\418810096]
"dbname"="conduit_CT3282495_CT3282495"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Repository\MetaData\559079335]
"dbname"="conduit_CT3282495_CT3282495"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings]
"SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3282495&SearchSource=2&CUI=SB_CUI&UM=2&q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings]
"HomePageUrl"="http://www.nchsoftware.com/index.html?utm_source=Conduit&utm_medium=Toolbar&utm_campaign=Logo"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="http://search.conduit.com?SearchSource=10&ctid=CT3282495"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282495"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\Search\Settings]
"NotFoundUrl"="http://search.conduit.com/corse/?ctid=CT3282495&octid=EB_ORIGINAL_CTID&SearchSource=11&CUI=SB_CUI&SSPV=EB_SSPV&Lay=LAY_ID&UM=2&fq=FQ_TERM&SAT=SAT_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\SearchInNewTab]
"AboutTabsPageUrl"="http://search.conduit.com/?ctid=CT3282495&octid=EB_ORIGINAL_CTID&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=2"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.17.2.8/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.13.3.505/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\Weather]
"SearchServerUrl"="http://search.conduit.com/"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\toolbar\Settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>ASXX0089</LOCATION_ID><DAYS><DAY1><DATE>20140103</DATE><DAY>Friday</DAY><F_MIN>57</F_MIN><F_MAX>82</F_MAX><C_MIN>14</C_MIN><C_MAX>28</C_MAX><UV_DESCRIPTION>Extreme</UV_DESCRIPTION><UV_INDEX>11</UV_INDEX><SUNSET>7:26 pm</SUNSET><SUNRISE>5:15 am</SUNRISE><MOONRISE>7:11 am</MOONRISE><MOONSET>8:49 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Sunny</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/sunny_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20140104</DATE><DAY>Saturday </DAY><F_MIN>60</F_MIN><F_MAX>81</F_MAX><C_MIN>16</C_MIN><C_MAX>27</C_MAX><UV_DESCRIPTION>Extreme</UV_DESCRIPTION><UV_INDEX>11</UV_INDEX><SUNSET>7:26 pm</SUNSET><SUNRISE>5:16 am</SUNRISE><MOONRISE>8:20 am</MOONRISE><MOONSET>9:33 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Sunny</CONDITION_D
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar]
"SearchServerUrl"="http://search.conduit.com"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar]
"SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar]
"AppsDetectionUrlPattern"="http://appdownload.conduit.com/"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ABTestUsage]
"ServiceUrl"="http://tb-test.conduit-data.com"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ClientLog]
"ServiceUrl"="http://clientlog.conduit-services.com/log/putlog"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\Configuration]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/?ctid=EB_TOOLBAR_ID&ver=EB_TOOLBAR_VERSION&client=ToolbarConfiguration"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\NewClientErrorLog]
"ServiceUrl"="https://clientlog.conduit-services.com/log/putlog"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\SearchApiByCountry]
"ServiceUrl"="http://c.api.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID&c=EB_COUNTRY_CODE"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\SPStubConditionalDownload]
"ServiceUrl"="http://sp-download.conduit-services.com/ConditionalDownload?CTID=EB_TOOLBAR_ID&ToolbarRunMode=EB_TOOLBAR_RUN_MODE&ToolbarType=EB_PLATFORM&UAC=EB_UAC_MODE&IntegrityLevel=EB_INTEGRITY_LEVEL&WindowsVersion=EB_WINDOWS_VERSION"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID&UM=UM_UNINSTALL_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarHiddenLoginJson]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/JsonLogin.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarHiddenSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarInstallationUsage]
"ServiceUrl"="http://installationusage.conduit-services.com/api/InstallationUsage"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarLoginJson]
"ServiceUrl"="http://login.toolbar.conduit-services.com/JsonLogin.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarSetupAPI]
"ServiceUrl"="http://setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarSetupAPIByCountry]
"ServiceUrl"="http://c.setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID/CC/EB_COUNTRY_CODE"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\WebAppSettings]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\WebAppSettingsNC]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716\WebAppValidation]
"ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716_CT3196716]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\conduit_CT3196716_en]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\1396760413]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\1756291191]
"dbname"="conduit_CT3196716_en"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\1759588808]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\2048674571]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\2542920421]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\2588623610]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\35701993]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\3632215138]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\3745922918]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\4005055407]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\4254929155]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\432442029]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\450061910]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Repository\MetaData\746067339]
"dbname"="conduit_CT3196716_CT3196716"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings]
"SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\BackHandStorage\http___app_mam_conduit_com_getapp_CT3196716_mam_html_ctid=CT3196716]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\BackHandStorage\http___app_mam_conduit_com_getapp_CT3196716_mam_html_ctid=CT3196716&smv=EB_SMV]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\BackHandStorage\http___facebook_conduitapps_com_v3_13_gadget_html]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\BackHandStorage\http___storage_conduit_com_16_319_CT3196716_BrowserFiles_04183567-f0f0-4f7f-b942-6b4ac6e3d1f4_html]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\BackHandStorage\http___storage_conduit_com_ps_SearchApp_embedded_html]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\BackHandStorage\http___storage_conduit_com_PS_ShoppingApp_V1_pgcb1_2_html_ctid=CT3196716]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\BackHandStorage\http___storage_conduit_com_ps_ShoppingApp_V3_embedded_html]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="http://search.conduit.com?SearchSource=10&ctid=CT3196716"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\SearchInNewTab]
"AboutTabsPageUrl"="http://search.conduit.com/?ctid=CT3196716&octid=EB_ORIGINAL_CTID&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=1"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.17.2.8/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.13.3.505/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\Weather]
"SearchServerUrl"="http://search.conduit.com/"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\toolbar\Settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>ASXX0032</LOCATION_ID><DAYS><DAY1><DATE>20130709</DATE><DAY>Tuesday</DAY><F_MIN>69</F_MIN><F_MAX>91</F_MAX><C_MIN>21</C_MIN><C_MAX>33</C_MAX><UV_DESCRIPTION>Very High</UV_DESCRIPTION><UV_INDEX>9</UV_INDEX><SUNSET>6:35 pm</SUNSET><SUNRISE>7:09 am</SUNRISE><MOONRISE>7:33 am</MOONRISE><MOONSET>7:25 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Windy</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/windy_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20130710</DATE><DAY>Wednesday</DAY><F_MIN>69</F_MIN><F_MAX>90</F_MAX><C_MIN>21</C_MIN><C_MAX>32</C_MAX><UV_DESCRIPTION>Very High</UV_DESCRIPTION><UV_INDEX>9</UV_INDEX><SUNSET>6:35 pm</SUNSET><SUNRISE>7:09 am</SUNRISE><MOONRISE>8:16 am</MOONRISE><MOONSET>8:13 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Windy</CON
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\Microsoft\Internet Explorer\DOMStorage\app.mam.conduit.com]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\Microsoft\Internet Explorer\DOMStorage\conduitapps.com]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\app.mam.conduit.com]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fastcontent.conduit.com]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\NCH Software\Components\conduit]
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\NCH Software\GoldenVideos\Software]
"Toolbar"="conduit"
[HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\WiseConvert\toolbar]
"BrowserSuggestionsURL"="http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}"
-= EOF =-
Good Morning,
Thanks for the logs, we are going to make some changes in the windows registry so its important you back it up and with this tool and it can be restored if need be
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
Please download the installer for Registry Backup from here (http://www.bleepingcomputer.com/download/registry-backup/) or here (http://www.tweaking.com/files/setups/tweaking.com_registry_backup_setup.exe) and save to your desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TCRB-1.jpg
Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TBRB-2.jpg
Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.
A tutorial for Registry Backup explaining the various features be viewed here (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325).[/QUOTE]
Download AutoRuns (http://download.sysinternals.com/files/Autoruns.zip) and save it to your Desktop.
Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there.
Open the folder and double-click on autoruns.exe to launch it.Vista/Windows 7/8 users right-click and select Run As Administrator.
Please be patient as it scans and populates the entries.
When finished scanning, it will say Ready at the bottom.
In the top menu, click File > Find... and type the file name (background container.dll) related to the error message, then click Find Next.
Alternatively, you can scroll through the list and look for any entry related to background container.dll and conduit.
If found, right-click on the entry and choose delete.
Exit Autoruns and reboot your computer when done.
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
:Services
:Reg
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert]
[-HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN]
[-HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\BackgroundContainer]
:Files
C:\Program Files (x86)\NCH Software
:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then run a new scan with OTL and post the new log please
countsixty4
2014-01-07, 06:08
Hello Ken545
attached is OTL Runfix logfile
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\NCH_EN\toolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\WiseConvert\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\NCH_EN\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1962708451-3323433082-481659391-1000\Software\AppDataLow\Software\WiseConvert\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\BackgroundContainer\ deleted successfully.
========== FILES ==========
C:\Program Files (x86)\NCH Software\VideoPad\Help folder moved successfully.
C:\Program Files (x86)\NCH Software\VideoPad folder moved successfully.
C:\Program Files (x86)\NCH Software\GoldenVideos\Help folder moved successfully.
C:\Program Files (x86)\NCH Software\GoldenVideos folder moved successfully.
C:\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit folder moved successfully.
C:\Program Files (x86)\NCH Software\Components\NCHToolbars folder moved successfully.
C:\Program Files (x86)\NCH Software\Components\mp3el2 folder moved successfully.
C:\Program Files (x86)\NCH Software\Components\infozip2 folder moved successfully.
C:\Program Files (x86)\NCH Software\Components\ffmpeg16 folder moved successfully.
C:\Program Files (x86)\NCH Software\Components\ffmpeg15 folder moved successfully.
C:\Program Files (x86)\NCH Software\Components\ffmpeg10 folder moved successfully.
C:\Program Files (x86)\NCH Software\Components\aacenc3 folder moved successfully.
C:\Program Files (x86)\NCH Software\Components\aacdec3 folder moved successfully.
C:\Program Files (x86)\NCH Software\Components folder moved successfully.
C:\Program Files (x86)\NCH Software folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: IrfanView
User: Peter
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: IrfanView
User: Peter
->Temp folder emptied: 311157 bytes
->Temporary Internet Files folder emptied: 41709407 bytes
->Google Chrome cache emptied: 10333145 bytes
->Flash cache emptied: 492 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1743619 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 730022 bytes
Total Files Cleaned = 52.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01072014_125448
Files\Folders moved on Reboot...
C:\Users\Peter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J1E5UA5M\showthread[1].htm moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\avg_secure_search.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
countsixty4
2014-01-07, 06:30
Hello Ken545 again
Attached is OTL New Scan
OTL logfile created on: 07-Jan-14 1:10:17 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
3.98 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 65.72% Memory free
7.97 Gb Paging File | 6.22 Gb Available in Paging File | 78.11% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 819.02 Gb Free Space | 87.93% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 63.22 Gb Free Space | 27.14% Space Free | Partition Type: NTFS
Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Peter\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater17.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (FXNADB) -- C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (massfilter_lte) -- C:\Windows\SysNative\drivers\massfilter_LTE.sys (HandSet Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RxFilter) -- C:\Windows\SysNative\drivers\RxFilter.sys (Sonic Solutions)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (DLADResE) -- C:\Windows\SysNative\drivers\DLADResE.SYS (Roxio)
DRV:64bit: - (DLABMFSE) -- C:\Windows\SysNative\drivers\DLABMFSE.SYS (Roxio)
DRV:64bit: - (DLAUDF_E) -- C:\Windows\SysNative\drivers\DLAUDF_E.SYS (Roxio)
DRV:64bit: - (DLAUDFAE) -- C:\Windows\SysNative\drivers\DLAUDFAE.SYS (Roxio)
DRV:64bit: - (DLAOPIOE) -- C:\Windows\SysNative\drivers\DLAOPIOE.SYS (Roxio)
DRV:64bit: - (DLABOIOE) -- C:\Windows\SysNative\drivers\DLABOIOE.SYS (Roxio)
DRV:64bit: - (DLAPoolE) -- C:\Windows\SysNative\drivers\DLAPoolE.SYS (Roxio)
DRV:64bit: - (DLAIFS_E) -- C:\Windows\SysNative\drivers\DLAIFS_E.SYS (Roxio)
DRV:64bit: - (DRVECDB) -- C:\Windows\SysNative\drivers\DRVECDB.SYS (Sonic Solutions)
DRV:64bit: - (DLACDBHE) -- C:\Windows\SysNative\drivers\DLACDBHE.SYS (Roxio)
DRV:64bit: - (DLARTL_E) -- C:\Windows\SysNative\drivers\DLARTL_E.SYS (Roxio)
DRV:64bit: - (DRVEDDM) -- C:\Windows\SysNative\drivers\DRVEDDM.SYS (Roxio)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKLM\..\URLSearchHook: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - No CLSID value found
IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.com.au/tickler/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 5B D5 82 D6 53 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/search?q={searchTerms}&rlz=1I7ADRA_enAU445
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11 [2013-06-27 21:45:52 | 000,000,000 | ---D | M]
[2013-07-03 15:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014-01-07 12:54:49 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DocuPrint CM205b RUN] C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe (Fuji Xerox Co., Ltd.)
O4 - HKLM..\Run: [LauncherCM205b] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe" /S FX DocuPrint CM205 b File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StatusAuto CM205b Run] C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe (Fuji Xerox Co., Ltd)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [BigPond Connection Client] C:\Program Files (x86)\Telstra\BigPond Connection Client\BigPondCC.exe (Telstra Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bigpond.com ([register] https in Local intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89FA3560-13FB-4846-A7E5-4193B079001D}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-12-29 18:48:02 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2014-01-07 11:59:29 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2007-05-10 08:48:26 | 000,000,032 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014-01-07 11:59:29 | 000,000,000 | ---D | C] -- C:\Autoruns
[2014-01-07 11:52:46 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014-01-07 11:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014-01-07 11:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014-01-05 19:13:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-01-03 11:47:08 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2014-01-03 11:46:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-01-03 11:26:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013-12-29 18:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013-12-29 18:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013-12-17 18:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013-12-11 20:06:59 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013-12-11 20:06:59 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013-12-11 20:06:59 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013-12-11 20:06:58 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013-12-11 20:05:36 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-12-11 20:05:36 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-12-11 20:05:36 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-12-11 20:05:36 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013-12-11 20:05:36 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013-12-11 20:05:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-12-11 20:05:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013-12-11 20:05:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-12-11 20:05:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013-12-11 20:05:35 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013-12-11 20:05:35 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013-12-11 20:05:35 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013-12-11 20:05:35 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013-12-11 20:05:34 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013-12-11 20:05:34 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013-12-11 20:05:32 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-12-11 17:26:05 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013-12-11 17:26:05 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013-12-11 17:25:59 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013-12-11 17:25:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013-12-11 17:25:55 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013-12-11 17:25:08 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013-12-11 17:25:08 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013-12-11 17:25:06 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013-12-11 17:25:06 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013-12-11 17:25:06 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013-12-11 17:25:06 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013-12-11 17:25:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013-12-11 17:25:05 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013-12-09 17:11:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012-02-20 05:03:48 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Peter\AppData\Roaming\pcouffin.sys
[1 C:\Users\Peter\Documents\*.tmp files -> C:\Users\Peter\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014-01-07 13:04:34 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-01-07 13:04:34 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-01-07 12:57:24 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-01-07 12:57:24 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014-01-07 12:57:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-01-07 12:57:20 | 3207,946,240 | -HS- | M] () -- C:\hiberfil.sys
[2014-01-07 12:57:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014-01-07 12:54:49 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014-01-07 12:44:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-01-07 12:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-01-07 11:57:51 | 000,001,146 | ---- | M] () -- C:\Users\Peter\Desktop\autoruns - Shortcut.lnk
[2014-01-07 11:53:35 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-PETER-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014-01-07 11:52:06 | 000,002,235 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014-01-07 11:49:28 | 000,001,380 | ---- | M] () -- C:\Users\Peter\Desktop\tweaking.com_registry_backup_setup - Shortcut.lnk
[2014-01-05 20:29:31 | 000,000,757 | ---- | M] () -- C:\Users\Peter\Desktop\SystemLook - Shortcut.lnk
[2014-01-04 19:44:33 | 000,013,270 | ---- | M] () -- C:\Users\Peter\Desktop\Extras - Shortcut.lnk
[2014-01-04 19:44:26 | 000,025,142 | ---- | M] () -- C:\Users\Peter\Desktop\OTL.lnk
[2014-01-04 19:26:37 | 000,001,095 | ---- | M] () -- C:\Users\Peter\Desktop\OTL - Shortcut.lnk
[2014-01-03 11:46:48 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-01-02 09:15:12 | 000,581,957 | ---- | M] () -- C:\Users\Peter\Desktop\adwcleaner-1.606-en.exe
[2013-12-30 17:28:32 | 000,000,512 | ---- | M] () -- C:\Users\Peter\Desktop\MBR.dat
[2013-12-29 18:48:02 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013-12-22 09:55:47 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013-12-17 18:47:04 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013-12-15 12:54:16 | 000,001,170 | ---- | M] () -- C:\Users\Peter\Documents\cc_20131215_125403.reg
[2013-12-12 20:44:15 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-12-12 20:44:15 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-12-12 20:44:15 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-12-12 20:38:17 | 000,493,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-12-11 19:36:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-12-11 19:36:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\Peter\Documents\*.tmp files -> C:\Users\Peter\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014-01-07 11:57:51 | 000,001,146 | ---- | C] () -- C:\Users\Peter\Desktop\autoruns - Shortcut.lnk
[2014-01-07 11:53:35 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-PETER-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014-01-07 11:52:06 | 000,002,235 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014-01-07 11:49:28 | 000,001,380 | ---- | C] () -- C:\Users\Peter\Desktop\tweaking.com_registry_backup_setup - Shortcut.lnk
[2014-01-05 20:29:31 | 000,000,757 | ---- | C] () -- C:\Users\Peter\Desktop\SystemLook - Shortcut.lnk
[2014-01-04 19:44:33 | 000,013,270 | ---- | C] () -- C:\Users\Peter\Desktop\Extras - Shortcut.lnk
[2014-01-04 19:44:26 | 000,025,142 | ---- | C] () -- C:\Users\Peter\Desktop\OTL.lnk
[2014-01-04 19:26:37 | 000,001,095 | ---- | C] () -- C:\Users\Peter\Desktop\OTL - Shortcut.lnk
[2014-01-03 11:46:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-01-02 09:15:12 | 000,581,957 | ---- | C] () -- C:\Users\Peter\Desktop\adwcleaner-1.606-en.exe
[2013-12-30 17:28:32 | 000,000,512 | ---- | C] () -- C:\Users\Peter\Desktop\MBR.dat
[2013-12-29 18:48:02 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013-12-17 18:47:04 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013-12-15 12:54:08 | 000,001,170 | ---- | C] () -- C:\Users\Peter\Documents\cc_20131215_125403.reg
[2012-03-11 08:28:27 | 000,145,452 | ---- | C] () -- C:\Users\Peter\AppData\Local\rx_audio.Cache
[2012-02-20 05:03:48 | 000,099,384 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\inst.exe
[2012-02-20 05:03:48 | 000,007,859 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\pcouffin.cat
[2012-02-20 05:03:48 | 000,001,167 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\pcouffin.inf
[2011-08-16 07:55:52 | 000,643,372 | ---- | C] () -- C:\Users\Peter\AppData\Local\rx_image.Cache
[2011-07-25 17:48:58 | 000,074,293 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Setup.1.2.exe
========== ZeroAccess Check ==========
[2009-07-14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Ulead DVD MovieFactory 4.0 SE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(8).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(4).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(27).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(25).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(23).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(22).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(21).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(2).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(18).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(16).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(15).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(14).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(13).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(12).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(1).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Rosi & Luke front cover.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Rosi & Luke back cover.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\PDRMUSIC.TMP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\CyberLink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\VirtualDubMod_1_5_10_2_All_inclusive[1]:Roxio EMC Stream
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:07F6D9E4
< End of report >
Good Morning,
I see just 3 entries we need to remove, I also see SpyHunter on your log, have you decided to keep it or do you want to remove it ?
countsixty4
2014-01-08, 02:07
Hello Ken545
Yes I wish to remove Spyhunter, I've tried to remove it twice. I ran one scan with it but it did not even pick up win32.downloader.gen as a threat. Then I found out about the spybot forum and contacted you.
Thanks Pete
Hi,
First try uninstalling it with Revo Uninstaller Free
http://www.revouninstaller.com/revo_uninstaller_free_download.html
If it removes it or not, either way run a new scan with OTL and post a new log please
countsixty4
2014-01-08, 08:39
Hi Ken545
Revo Uninstaller did not find Spyhunter in its list.or when I did a search for it. I notice on the OTL file it only appears to have one entry which has file not found against it. This is how Conduit background container was shown in the file when we ran AutoRuns and once I deleted it from the registry the message no longer came up on my desktop. Maybe this is how we may get rid of it? Here is the new OTL logfiles>
OTL logfile created on: 08-Jan-14 3:25:38 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
3.98 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 41.44% Memory free
7.97 Gb Paging File | 5.78 Gb Available in Paging File | 72.52% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 817.94 Gb Free Space | 87.82% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 63.22 Gb Free Space | 27.14% Space Free | Partition Type: NTFS
Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Peter\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater17.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (FXNADB) -- C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (massfilter_lte) -- C:\Windows\SysNative\drivers\massfilter_LTE.sys (HandSet Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RxFilter) -- C:\Windows\SysNative\drivers\RxFilter.sys (Sonic Solutions)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (DLADResE) -- C:\Windows\SysNative\drivers\DLADResE.SYS (Roxio)
DRV:64bit: - (DLABMFSE) -- C:\Windows\SysNative\drivers\DLABMFSE.SYS (Roxio)
DRV:64bit: - (DLAUDF_E) -- C:\Windows\SysNative\drivers\DLAUDF_E.SYS (Roxio)
DRV:64bit: - (DLAUDFAE) -- C:\Windows\SysNative\drivers\DLAUDFAE.SYS (Roxio)
DRV:64bit: - (DLAOPIOE) -- C:\Windows\SysNative\drivers\DLAOPIOE.SYS (Roxio)
DRV:64bit: - (DLABOIOE) -- C:\Windows\SysNative\drivers\DLABOIOE.SYS (Roxio)
DRV:64bit: - (DLAPoolE) -- C:\Windows\SysNative\drivers\DLAPoolE.SYS (Roxio)
DRV:64bit: - (DLAIFS_E) -- C:\Windows\SysNative\drivers\DLAIFS_E.SYS (Roxio)
DRV:64bit: - (DRVECDB) -- C:\Windows\SysNative\drivers\DRVECDB.SYS (Sonic Solutions)
DRV:64bit: - (DLACDBHE) -- C:\Windows\SysNative\drivers\DLACDBHE.SYS (Roxio)
DRV:64bit: - (DLARTL_E) -- C:\Windows\SysNative\drivers\DLARTL_E.SYS (Roxio)
DRV:64bit: - (DRVEDDM) -- C:\Windows\SysNative\drivers\DRVEDDM.SYS (Roxio)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKLM\..\URLSearchHook: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - No CLSID value found
IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.com.au/tickler/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 5B D5 82 D6 53 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/search?q={searchTerms}&rlz=1I7ADRA_enAU445
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11 [2013-06-27 21:45:52 | 000,000,000 | ---D | M]
[2013-07-03 15:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014-01-07 12:54:49 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DocuPrint CM205b RUN] C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe (Fuji Xerox Co., Ltd.)
O4 - HKLM..\Run: [LauncherCM205b] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe" /S FX DocuPrint CM205 b File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StatusAuto CM205b Run] C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe (Fuji Xerox Co., Ltd)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [BigPond Connection Client] C:\Program Files (x86)\Telstra\BigPond Connection Client\BigPondCC.exe (Telstra Corporation)
O4 - HKCU..\Run: [Revo Uninstaller] C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe (VS Revo Group)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bigpond.com ([register] https in Local intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89FA3560-13FB-4846-A7E5-4193B079001D}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-12-29 18:48:02 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2014-01-07 11:59:29 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2007-05-10 08:48:26 | 000,000,032 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014-01-08 14:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014-01-08 14:55:06 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014-01-07 11:59:29 | 000,000,000 | ---D | C] -- C:\Autoruns
[2014-01-07 11:52:46 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014-01-07 11:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014-01-07 11:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014-01-05 19:13:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-01-03 11:47:08 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2014-01-03 11:46:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-01-03 11:26:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013-12-29 18:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013-12-29 18:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013-12-17 18:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013-12-11 20:06:59 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013-12-11 20:06:59 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013-12-11 20:06:59 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013-12-11 20:06:58 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013-12-11 20:05:36 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-12-11 20:05:36 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-12-11 20:05:36 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-12-11 20:05:36 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013-12-11 20:05:36 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013-12-11 20:05:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-12-11 20:05:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013-12-11 20:05:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-12-11 20:05:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013-12-11 20:05:35 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013-12-11 20:05:35 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013-12-11 20:05:35 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013-12-11 20:05:35 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013-12-11 20:05:34 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013-12-11 20:05:34 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013-12-11 20:05:32 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-12-11 17:26:05 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013-12-11 17:26:05 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013-12-11 17:25:59 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013-12-11 17:25:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013-12-11 17:25:55 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013-12-11 17:25:08 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013-12-11 17:25:08 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013-12-11 17:25:06 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013-12-11 17:25:06 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013-12-11 17:25:06 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013-12-11 17:25:06 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013-12-11 17:25:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013-12-11 17:25:05 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013-12-09 17:11:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012-02-20 05:03:48 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Peter\AppData\Roaming\pcouffin.sys
[1 C:\Users\Peter\Documents\*.tmp files -> C:\Users\Peter\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014-01-08 14:55:06 | 000,001,264 | ---- | M] () -- C:\Users\Peter\Desktop\Revo Uninstaller.lnk
[2014-01-08 14:53:13 | 000,001,155 | ---- | M] () -- C:\Users\Peter\Desktop\revosetup - Shortcut.lnk
[2014-01-08 14:44:15 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-01-08 14:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-01-08 09:06:58 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-01-08 09:06:58 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-01-08 08:59:43 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-01-08 08:59:43 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014-01-08 08:59:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-01-08 08:59:38 | 3207,946,240 | -HS- | M] () -- C:\hiberfil.sys
[2014-01-08 08:59:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014-01-07 12:54:49 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014-01-07 11:57:51 | 000,001,146 | ---- | M] () -- C:\Users\Peter\Desktop\autoruns - Shortcut.lnk
[2014-01-07 11:53:35 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-PETER-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014-01-07 11:52:06 | 000,002,235 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014-01-07 11:49:28 | 000,001,380 | ---- | M] () -- C:\Users\Peter\Desktop\tweaking.com_registry_backup_setup - Shortcut.lnk
[2014-01-05 20:29:31 | 000,000,757 | ---- | M] () -- C:\Users\Peter\Desktop\SystemLook - Shortcut.lnk
[2014-01-04 19:44:33 | 000,013,270 | ---- | M] () -- C:\Users\Peter\Desktop\Extras - Shortcut.lnk
[2014-01-04 19:44:26 | 000,025,142 | ---- | M] () -- C:\Users\Peter\Desktop\OTL.lnk
[2014-01-04 19:26:37 | 000,001,095 | ---- | M] () -- C:\Users\Peter\Desktop\OTL - Shortcut.lnk
[2014-01-03 11:46:48 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-01-02 09:15:12 | 000,581,957 | ---- | M] () -- C:\Users\Peter\Desktop\adwcleaner-1.606-en.exe
[2013-12-30 17:28:32 | 000,000,512 | ---- | M] () -- C:\Users\Peter\Desktop\MBR.dat
[2013-12-29 18:48:02 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013-12-22 09:55:47 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013-12-17 18:47:04 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013-12-15 12:54:16 | 000,001,170 | ---- | M] () -- C:\Users\Peter\Documents\cc_20131215_125403.reg
[2013-12-12 20:44:15 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-12-12 20:44:15 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-12-12 20:44:15 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-12-12 20:38:17 | 000,493,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-12-11 19:36:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-12-11 19:36:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\Peter\Documents\*.tmp files -> C:\Users\Peter\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014-01-08 14:55:06 | 000,001,264 | ---- | C] () -- C:\Users\Peter\Desktop\Revo Uninstaller.lnk
[2014-01-08 14:53:13 | 000,001,155 | ---- | C] () -- C:\Users\Peter\Desktop\revosetup - Shortcut.lnk
[2014-01-07 11:57:51 | 000,001,146 | ---- | C] () -- C:\Users\Peter\Desktop\autoruns - Shortcut.lnk
[2014-01-07 11:53:35 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-PETER-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014-01-07 11:52:06 | 000,002,235 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014-01-07 11:49:28 | 000,001,380 | ---- | C] () -- C:\Users\Peter\Desktop\tweaking.com_registry_backup_setup - Shortcut.lnk
[2014-01-05 20:29:31 | 000,000,757 | ---- | C] () -- C:\Users\Peter\Desktop\SystemLook - Shortcut.lnk
[2014-01-04 19:44:33 | 000,013,270 | ---- | C] () -- C:\Users\Peter\Desktop\Extras - Shortcut.lnk
[2014-01-04 19:44:26 | 000,025,142 | ---- | C] () -- C:\Users\Peter\Desktop\OTL.lnk
[2014-01-04 19:26:37 | 000,001,095 | ---- | C] () -- C:\Users\Peter\Desktop\OTL - Shortcut.lnk
[2014-01-03 11:46:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-01-02 09:15:12 | 000,581,957 | ---- | C] () -- C:\Users\Peter\Desktop\adwcleaner-1.606-en.exe
[2013-12-30 17:28:32 | 000,000,512 | ---- | C] () -- C:\Users\Peter\Desktop\MBR.dat
[2013-12-29 18:48:02 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013-12-17 18:47:04 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013-12-15 12:54:08 | 000,001,170 | ---- | C] () -- C:\Users\Peter\Documents\cc_20131215_125403.reg
[2012-03-11 08:28:27 | 000,145,452 | ---- | C] () -- C:\Users\Peter\AppData\Local\rx_audio.Cache
[2012-02-20 05:03:48 | 000,099,384 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\inst.exe
[2012-02-20 05:03:48 | 000,007,859 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\pcouffin.cat
[2012-02-20 05:03:48 | 000,001,167 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\pcouffin.inf
[2011-08-16 07:55:52 | 000,643,372 | ---- | C] () -- C:\Users\Peter\AppData\Local\rx_image.Cache
[2011-07-25 17:48:58 | 000,074,293 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Setup.1.2.exe
========== ZeroAccess Check ==========
[2009-07-14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Ulead DVD MovieFactory 4.0 SE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(8).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(4).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(27).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(25).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(23).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(22).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(21).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(2).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(18).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(16).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(15).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(14).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(13).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(12).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(1).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Rosi & Luke front cover.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Rosi & Luke back cover.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\PDRMUSIC.TMP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\CyberLink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\VirtualDubMod_1_5_10_2_All_inclusive[1]:Roxio EMC Stream
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:07F6D9E4
< End of report >
Good Morning,
Enigma Software Group - SpyHunter <--- Nice people, they dont even include an uninstall for there lousy product. Not your fault as most people are really not aware of whats the good programs, whats borderline and whats bad, SpyHunter isnt a virus its just a lousy program
Before we remove those entries lets see if there is more
You will need to download the 64 bit version of SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:folderfind
SpyHunter
:filefind
SpyHunter
:regfind
SpyHunter
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
countsixty4
2014-01-08, 13:43
Hi Ken545
I've just been viewing some of that weather you guys are coping over there. Negative 20 degrees and upward is hard to imagine. Still we've got the opposite here, 43 degrees forecast for Saturday, man that's hot! Attached is the SystemLook logfile for you.
SystemLook 30.07.11 by jpshortstuff
Log created at 20:32 on 08/01/2014 by Peter
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== folderfind ==========
Searching for "SpyHunter"
C:\Program Files\Enigma Software Group\SpyHunter d------ [10:47 29/12/2013]
========== filefind ==========
Searching for "SpyHunter"
No files found.
========== regfind ==========
Searching for "SpyHunter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
-= EOF =-
Yep, pretty cold, it was *6 when I got up this morning, but there is light at the end of the tunnel, supposed to warm up to about *25 today :)
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKLM\..\URLSearchHook: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - No CLSID value found
IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
O4 - HKLM..\Run: [] File not found
[2013-12-29 18:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
:Services
esgiguard
:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\esgiguard]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\esgiguard]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\esgiguard]
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then run a new scan with OTL and post the new log please
countsixty4
2014-01-09, 14:12
Hi Ken545
Nothing like a bit of sunshine to get the warmth back into your body! Here is the OTL RunFix logfile.
All processes killed
========== OTL ==========
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a87cb3e3-4db9-439d-b96b-576f5ae8459d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a87cb3e3-4db9-439d-b96b-576f5ae8459d}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully.
C:\Program Files\Enigma Software Group folder moved successfully.
========== SERVICES/DRIVERS ==========
Error: No service named esgiguard was found to stop!
Service\Driver key esgiguard not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\esgiguard\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\esgiguard\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\esgiguard\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Peter\Downloads\cmd.bat deleted successfully.
C:\Users\Peter\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: IrfanView
User: Peter
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: IrfanView
User: Peter
->Temp folder emptied: 468150 bytes
->Temporary Internet Files folder emptied: 56177131 bytes
->Google Chrome cache emptied: 27473170 bytes
->Flash cache emptied: 602 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39832437 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 1155 bytes
Total Files Cleaned = 118.00 mb
Error: Unable to interpret <[Reboot> in the current context!
OTL by OldTimer - Version 3.2.69.0 log created on 01092014_205615
Files\Folders moved on Reboot...
C:\Users\Peter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0C3W48LO\showthread[2].htm moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\avg_secure_search.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
countsixty4
2014-01-09, 14:25
Hi Ken545
Here is the OTL Scan Logfiles.
OTL logfile created on: 09-Jan-14 9:14:00 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
3.98 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 65.97% Memory free
7.97 Gb Paging File | 6.22 Gb Available in Paging File | 78.13% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 817.99 Gb Free Space | 87.82% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 63.22 Gb Free Space | 27.14% Space Free | Partition Type: NTFS
Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe ()
PRC - C:\Users\Peter\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (vToolbarUpdater17.3.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (FXNADB) -- C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (massfilter_lte) -- C:\Windows\SysNative\drivers\massfilter_LTE.sys (HandSet Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RxFilter) -- C:\Windows\SysNative\drivers\RxFilter.sys (Sonic Solutions)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (DLADResE) -- C:\Windows\SysNative\drivers\DLADResE.SYS (Roxio)
DRV:64bit: - (DLABMFSE) -- C:\Windows\SysNative\drivers\DLABMFSE.SYS (Roxio)
DRV:64bit: - (DLAUDF_E) -- C:\Windows\SysNative\drivers\DLAUDF_E.SYS (Roxio)
DRV:64bit: - (DLAUDFAE) -- C:\Windows\SysNative\drivers\DLAUDFAE.SYS (Roxio)
DRV:64bit: - (DLAOPIOE) -- C:\Windows\SysNative\drivers\DLAOPIOE.SYS (Roxio)
DRV:64bit: - (DLABOIOE) -- C:\Windows\SysNative\drivers\DLABOIOE.SYS (Roxio)
DRV:64bit: - (DLAPoolE) -- C:\Windows\SysNative\drivers\DLAPoolE.SYS (Roxio)
DRV:64bit: - (DLAIFS_E) -- C:\Windows\SysNative\drivers\DLAIFS_E.SYS (Roxio)
DRV:64bit: - (DRVECDB) -- C:\Windows\SysNative\drivers\DRVECDB.SYS (Sonic Solutions)
DRV:64bit: - (DLACDBHE) -- C:\Windows\SysNative\drivers\DLACDBHE.SYS (Roxio)
DRV:64bit: - (DLARTL_E) -- C:\Windows\SysNative\drivers\DLARTL_E.SYS (Roxio)
DRV:64bit: - (DRVEDDM) -- C:\Windows\SysNative\drivers\DRVEDDM.SYS (Roxio)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.com.au/tickler/default.aspx
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 5B D5 82 D6 53 CC 01 [binary data]
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\URLSearchHook: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - No CLSID value found
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/search?q={searchTerms}&rlz=1I7ADRA_enAU445
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11 [2013-06-27 21:45:52 | 000,000,000 | ---D | M]
[2013-07-03 15:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014-01-09 20:56:17 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3:64bit: - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DocuPrint CM205b RUN] C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe (Fuji Xerox Co., Ltd.)
O4 - HKLM..\Run: [LauncherCM205b] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe" /S FX DocuPrint CM205 b File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StatusAuto CM205b Run] C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe (Fuji Xerox Co., Ltd)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1962708451-3323433082-481659391-1000..\Run: [BigPond Connection Client] C:\Program Files (x86)\Telstra\BigPond Connection Client\BigPondCC.exe (Telstra Corporation)
O4 - HKU\S-1-5-21-1962708451-3323433082-481659391-1000..\Run: [Revo Uninstaller] C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe (VS Revo Group)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..Trusted Domains: bigpond.com ([register] https in Local intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89FA3560-13FB-4846-A7E5-4193B079001D}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-12-29 18:48:02 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2014-01-07 11:59:29 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2007-05-10 08:48:26 | 000,000,032 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014-01-08 14:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014-01-08 14:55:06 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014-01-07 11:59:29 | 000,000,000 | ---D | C] -- C:\Autoruns
[2014-01-07 11:52:46 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014-01-07 11:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014-01-07 11:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014-01-05 19:13:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-01-03 11:47:08 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2014-01-03 11:46:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-01-03 11:26:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013-12-29 18:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013-12-17 18:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013-12-11 20:06:59 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013-12-11 20:06:59 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013-12-11 20:06:59 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013-12-11 20:06:58 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013-12-11 20:05:36 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-12-11 20:05:36 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-12-11 20:05:36 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-12-11 20:05:36 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013-12-11 20:05:36 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013-12-11 20:05:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-12-11 20:05:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013-12-11 20:05:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-12-11 20:05:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013-12-11 20:05:35 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013-12-11 20:05:35 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013-12-11 20:05:35 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013-12-11 20:05:35 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013-12-11 20:05:34 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013-12-11 20:05:34 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013-12-11 20:05:32 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-12-11 17:26:05 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013-12-11 17:26:05 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013-12-11 17:25:59 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013-12-11 17:25:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013-12-11 17:25:55 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013-12-11 17:25:08 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013-12-11 17:25:08 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013-12-11 17:25:06 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013-12-11 17:25:06 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013-12-11 17:25:06 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013-12-11 17:25:06 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013-12-11 17:25:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013-12-11 17:25:05 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2012-02-20 05:03:48 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Peter\AppData\Roaming\pcouffin.sys
[1 C:\Users\Peter\Documents\*.tmp files -> C:\Users\Peter\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014-01-09 21:05:48 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-01-09 21:05:48 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-01-09 20:58:47 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-01-09 20:58:46 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014-01-09 20:58:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-01-09 20:58:34 | 3207,946,240 | -HS- | M] () -- C:\hiberfil.sys
[2014-01-09 20:58:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014-01-09 20:56:17 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014-01-09 20:44:15 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-01-09 20:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-01-08 14:55:06 | 000,001,264 | ---- | M] () -- C:\Users\Peter\Desktop\Revo Uninstaller.lnk
[2014-01-07 11:57:51 | 000,001,146 | ---- | M] () -- C:\Users\Peter\Desktop\autoruns - Shortcut.lnk
[2014-01-07 11:53:35 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-PETER-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014-01-07 11:52:06 | 000,002,235 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014-01-07 11:49:28 | 000,001,380 | ---- | M] () -- C:\Users\Peter\Desktop\tweaking.com_registry_backup_setup - Shortcut.lnk
[2014-01-05 20:29:31 | 000,000,757 | ---- | M] () -- C:\Users\Peter\Desktop\SystemLook - Shortcut.lnk
[2014-01-04 19:44:33 | 000,013,270 | ---- | M] () -- C:\Users\Peter\Desktop\Extras - Shortcut.lnk
[2014-01-04 19:44:26 | 000,025,142 | ---- | M] () -- C:\Users\Peter\Desktop\OTL.lnk
[2014-01-04 19:26:37 | 000,001,095 | ---- | M] () -- C:\Users\Peter\Desktop\OTL - Shortcut.lnk
[2014-01-03 11:46:48 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-01-02 09:15:12 | 000,581,957 | ---- | M] () -- C:\Users\Peter\Desktop\adwcleaner-1.606-en.exe
[2013-12-30 17:28:32 | 000,000,512 | ---- | M] () -- C:\Users\Peter\Desktop\MBR.dat
[2013-12-29 18:48:02 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013-12-22 09:55:47 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013-12-17 18:47:04 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013-12-15 12:54:16 | 000,001,170 | ---- | M] () -- C:\Users\Peter\Documents\cc_20131215_125403.reg
[2013-12-12 20:44:15 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-12-12 20:44:15 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-12-12 20:44:15 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-12-12 20:38:17 | 000,493,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-12-11 19:36:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-12-11 19:36:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\Peter\Documents\*.tmp files -> C:\Users\Peter\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014-01-08 14:55:06 | 000,001,264 | ---- | C] () -- C:\Users\Peter\Desktop\Revo Uninstaller.lnk
[2014-01-07 11:57:51 | 000,001,146 | ---- | C] () -- C:\Users\Peter\Desktop\autoruns - Shortcut.lnk
[2014-01-07 11:53:35 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-PETER-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014-01-07 11:52:06 | 000,002,235 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014-01-07 11:49:28 | 000,001,380 | ---- | C] () -- C:\Users\Peter\Desktop\tweaking.com_registry_backup_setup - Shortcut.lnk
[2014-01-05 20:29:31 | 000,000,757 | ---- | C] () -- C:\Users\Peter\Desktop\SystemLook - Shortcut.lnk
[2014-01-04 19:44:33 | 000,013,270 | ---- | C] () -- C:\Users\Peter\Desktop\Extras - Shortcut.lnk
[2014-01-04 19:44:26 | 000,025,142 | ---- | C] () -- C:\Users\Peter\Desktop\OTL.lnk
[2014-01-04 19:26:37 | 000,001,095 | ---- | C] () -- C:\Users\Peter\Desktop\OTL - Shortcut.lnk
[2014-01-03 11:46:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-01-02 09:15:12 | 000,581,957 | ---- | C] () -- C:\Users\Peter\Desktop\adwcleaner-1.606-en.exe
[2013-12-30 17:28:32 | 000,000,512 | ---- | C] () -- C:\Users\Peter\Desktop\MBR.dat
[2013-12-29 18:48:02 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013-12-17 18:47:04 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013-12-15 12:54:08 | 000,001,170 | ---- | C] () -- C:\Users\Peter\Documents\cc_20131215_125403.reg
[2012-03-11 08:28:27 | 000,145,452 | ---- | C] () -- C:\Users\Peter\AppData\Local\rx_audio.Cache
[2012-02-20 05:03:48 | 000,099,384 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\inst.exe
[2012-02-20 05:03:48 | 000,007,859 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\pcouffin.cat
[2012-02-20 05:03:48 | 000,001,167 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\pcouffin.inf
[2011-08-16 07:55:52 | 000,643,372 | ---- | C] () -- C:\Users\Peter\AppData\Local\rx_image.Cache
[2011-07-25 17:48:58 | 000,074,293 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Setup.1.2.exe
========== ZeroAccess Check ==========
[2009-07-14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012-10-13 09:54:32 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012-10-13 09:54:32 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013-10-23 12:18:00 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\AVG2014
[2013-10-28 14:58:11 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\calibre
[2013-03-08 15:02:35 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\canon
[2013-03-08 15:11:11 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Canon_Inc_IC
[2011-11-21 05:28:03 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\dBpoweramp
[2012-06-19 11:42:58 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DVDFab
[2011-11-28 05:51:09 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\foobar2000
[2012-04-25 19:03:03 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\iSkysoft Video Converter Ultimate
[2013-12-03 17:52:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\JLAdventCalendarEdwardian2013
[2012-12-17 16:05:20 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\KompoZer
[2011-08-07 09:02:52 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Leadertech
[2013-11-01 17:14:18 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Sierra Wireless
[2011-08-06 11:20:02 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Telstra
[2012-10-11 17:15:58 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TuneUp Software
[2012-04-25 11:40:52 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Vso
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Ulead DVD MovieFactory 4.0 SE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(8).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(4).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(27).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(25).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(23).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(22).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(21).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(2).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(18).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(16).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(15).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(14).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(13).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(12).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(1).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Rosi & Luke front cover.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Rosi & Luke back cover.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\PDRMUSIC.TMP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\CyberLink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\VirtualDubMod_1_5_10_2_All_inclusive[1]:Roxio EMC Stream
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:07F6D9E4
< End of report >
This cold weather is getting old :rolleyes:
Good, why dont you run a new scan with OTL and let me take a final look. How is your system behaving now ??
Opps, looks like we crossed posted, looking at your new log now
:bigthumb:
How is your system behaving now ?
countsixty4
2014-01-10, 13:23
Hi Ken545
It seems to be ok, but I didn't notice any problems with it before. It was just that my weekly Spybot scan brought up the Win32.Downloader.Gen in the problem box. I went onto the Net to find some information on it and didn't like what I was reading. That was where I found Spyhunter, because it claimed to be able to remove it I downloaded it and gave it a try. More fool me. I haven't done a Spybot scan since your request when you first started looking at the problem for me. It would come up clean obviously after all the work you have done on my system. I am eternally grateful for all that you have done.
Many thanks
Pete
Morning Pete,
Run a new scan with Spybot and see if its gone, if not post the entry for downloader gen that your getting from the scan
countsixty4
2014-01-12, 03:56
Good Day Ken
I tried all day yesterday to get onto the Forum, but everytime I tried I got the message that the servers were busy try again later. Finally this morning success.
I ran the Spybot scan, win32.downloader.gen is no longer there. It did pick up a couple of things which I deleted, so I have attached the top part of the scan file.
One thing which was rather unusual was that when I ran the first Immunization it left the Global hosts unprotected but when I immunized for the secon time it did protect them.
We survived the 43.3 degree day yesterday ok but today will be nearly as bad, 41. Still that's life!
Regards
Pete
--- Search result list ---
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-27 blindman.exe (1.0.0.8)
2009-01-27 SDFiles.exe (1.6.1.7)
2009-01-27 SDMain.exe (1.0.0.6)
2009-01-27 SDShred.exe (1.0.2.5)
2009-01-27 SDUpdate.exe (1.6.0.12)
2009-01-27 SDWinSec.exe (1.0.0.12)
2009-01-27 SpybotSD.exe (1.6.2.46)
Yes, we where down yesterday , happens sometimes
Everything running ok ?
countsixty4
2014-01-12, 13:45
Yes Mate, everything seems fine, only the items on the Spybot scan. I have been using CCleaner each week to clean out my temp files, and have also been using the registery scan to keep my registery files in order. I noticed a post on the forum that said that you don't recommend using a registery cleaner. Should I then stop using this?
Thanks
Pete
Hello Pete,
Reg Cleaners are really not recommended unless you know exactly what your removing, remove the wrong entry or entries can sometimes make your system unbootable and cause other issues, even the better reg cleaners sometimes make mistakes. I have found that keeping your system clean of temp files and such does make a difference but removing reg entries really does not make a difference. If you still want to clean out your registry do a back up first in case of problems you can always restore it
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
Please download the installer for Registry Backup from here (http://www.bleepingcomputer.com/download/registry-backup/) or here (http://www.tweaking.com/files/setups/tweaking.com_registry_backup_setup.exe) and save to your desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TCRB-1.jpg
Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TBRB-2.jpg
Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.
A tutorial for Registry Backup explaining the various features be viewed here (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325)
countsixty4
2014-01-13, 04:21
Thanks Ken
I think I will continue to clean the temp files out and forget about the registery cleaner. Iwould rather not tempt fate.
Regards
Pete
Good Morning,
Good Idea. Is that error message you where getting gone ?
countsixty4
2014-01-14, 03:37
Yes all gone, that disappeared when I deleted it off the registry.
Great
Double click on AdwCleaner.exe to run the tool again.
Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
countsixty4
2014-01-14, 12:47
Hi Ken
I've looked at all the sites you recommended and I've printed off the information shown there so that I can follow through with all those items that I need to.
Thanks a million for sorting out all my problems and putting me back on the straight and narrow. You Guys are really something special !!!!!!!!!!
Thanks again And keep warm.
Pete
Your more than welcome Pete
Take Care,
Ken :)
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.