Hi,
First try uninstalling it with Revo Uninstaller Free
http://www.revouninstaller.com/revo_..._download.html
If it removes it or not, either way run a new scan with OTL and post a new log please
Hi,
First try uninstalling it with Revo Uninstaller Free
http://www.revouninstaller.com/revo_..._download.html
If it removes it or not, either way run a new scan with OTL and post a new log please
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Revouninstaller
Hi Ken545
Revo Uninstaller did not find Spyhunter in its list.or when I did a search for it. I notice on the OTL file it only appears to have one entry which has file not found against it. This is how Conduit background container was shown in the file when we ran AutoRuns and once I deleted it from the registry the message no longer came up on my desktop. Maybe this is how we may get rid of it? Here is the new OTL logfiles>
OTL logfile created on: 08-Jan-14 3:25:38 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
3.98 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 41.44% Memory free
7.97 Gb Paging File | 5.78 Gb Available in Paging File | 72.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 817.94 Gb Free Space | 87.82% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 63.22 Gb Free Space | 27.14% Space Free | Partition Type: NTFS
Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Peter\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater17.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (FXNADB) -- C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (massfilter_lte) -- C:\Windows\SysNative\drivers\massfilter_LTE.sys (HandSet Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RxFilter) -- C:\Windows\SysNative\drivers\RxFilter.sys (Sonic Solutions)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (DLADResE) -- C:\Windows\SysNative\drivers\DLADResE.SYS (Roxio)
DRV:64bit: - (DLABMFSE) -- C:\Windows\SysNative\drivers\DLABMFSE.SYS (Roxio)
DRV:64bit: - (DLAUDF_E) -- C:\Windows\SysNative\drivers\DLAUDF_E.SYS (Roxio)
DRV:64bit: - (DLAUDFAE) -- C:\Windows\SysNative\drivers\DLAUDFAE.SYS (Roxio)
DRV:64bit: - (DLAOPIOE) -- C:\Windows\SysNative\drivers\DLAOPIOE.SYS (Roxio)
DRV:64bit: - (DLABOIOE) -- C:\Windows\SysNative\drivers\DLABOIOE.SYS (Roxio)
DRV:64bit: - (DLAPoolE) -- C:\Windows\SysNative\drivers\DLAPoolE.SYS (Roxio)
DRV:64bit: - (DLAIFS_E) -- C:\Windows\SysNative\drivers\DLAIFS_E.SYS (Roxio)
DRV:64bit: - (DRVECDB) -- C:\Windows\SysNative\drivers\DRVECDB.SYS (Sonic Solutions)
DRV:64bit: - (DLACDBHE) -- C:\Windows\SysNative\drivers\DLACDBHE.SYS (Roxio)
DRV:64bit: - (DLARTL_E) -- C:\Windows\SysNative\drivers\DLARTL_E.SYS (Roxio)
DRV:64bit: - (DRVEDDM) -- C:\Windows\SysNative\drivers\DRVEDDM.SYS (Roxio)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKLM\..\URLSearchHook: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - No CLSID value found
IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.com.au/tickler/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 5B D5 82 D6 53 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/search?q={searchTerms}&rlz=1I7ADRA_enAU445
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11 [2013-06-27 21:45:52 | 000,000,000 | ---D | M]
[2013-07-03 15:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014-01-07 12:54:49 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DocuPrint CM205b RUN] C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe (Fuji Xerox Co., Ltd.)
O4 - HKLM..\Run: [LauncherCM205b] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe" /S FX DocuPrint CM205 b File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StatusAuto CM205b Run] C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe (Fuji Xerox Co., Ltd)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [BigPond Connection Client] C:\Program Files (x86)\Telstra\BigPond Connection Client\BigPondCC.exe (Telstra Corporation)
O4 - HKCU..\Run: [Revo Uninstaller] C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe (VS Revo Group)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bigpond.com ([register] https in Local intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89FA3560-13FB-4846-A7E5-4193B079001D}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-12-29 18:48:02 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2014-01-07 11:59:29 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2007-05-10 08:48:26 | 000,000,032 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014-01-08 14:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014-01-08 14:55:06 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014-01-07 11:59:29 | 000,000,000 | ---D | C] -- C:\Autoruns
[2014-01-07 11:52:46 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014-01-07 11:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014-01-07 11:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014-01-05 19:13:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-01-03 11:47:08 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2014-01-03 11:46:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-01-03 11:26:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013-12-29 18:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013-12-29 18:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013-12-17 18:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013-12-11 20:06:59 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013-12-11 20:06:59 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013-12-11 20:06:59 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013-12-11 20:06:58 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013-12-11 20:05:36 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-12-11 20:05:36 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-12-11 20:05:36 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-12-11 20:05:36 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013-12-11 20:05:36 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013-12-11 20:05:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-12-11 20:05:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013-12-11 20:05:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-12-11 20:05:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013-12-11 20:05:35 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013-12-11 20:05:35 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013-12-11 20:05:35 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013-12-11 20:05:35 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013-12-11 20:05:34 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013-12-11 20:05:34 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013-12-11 20:05:32 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-12-11 17:26:05 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013-12-11 17:26:05 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013-12-11 17:25:59 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013-12-11 17:25:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013-12-11 17:25:55 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013-12-11 17:25:08 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013-12-11 17:25:08 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013-12-11 17:25:06 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013-12-11 17:25:06 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013-12-11 17:25:06 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013-12-11 17:25:06 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013-12-11 17:25:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013-12-11 17:25:05 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013-12-09 17:11:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012-02-20 05:03:48 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Peter\AppData\Roaming\pcouffin.sys
[1 C:\Users\Peter\Documents\*.tmp files -> C:\Users\Peter\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014-01-08 14:55:06 | 000,001,264 | ---- | M] () -- C:\Users\Peter\Desktop\Revo Uninstaller.lnk
[2014-01-08 14:53:13 | 000,001,155 | ---- | M] () -- C:\Users\Peter\Desktop\revosetup - Shortcut.lnk
[2014-01-08 14:44:15 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-01-08 14:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-01-08 09:06:58 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-01-08 09:06:58 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-01-08 08:59:43 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-01-08 08:59:43 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014-01-08 08:59:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-01-08 08:59:38 | 3207,946,240 | -HS- | M] () -- C:\hiberfil.sys
[2014-01-08 08:59:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014-01-07 12:54:49 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014-01-07 11:57:51 | 000,001,146 | ---- | M] () -- C:\Users\Peter\Desktop\autoruns - Shortcut.lnk
[2014-01-07 11:53:35 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-PETER-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014-01-07 11:52:06 | 000,002,235 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014-01-07 11:49:28 | 000,001,380 | ---- | M] () -- C:\Users\Peter\Desktop\tweaking.com_registry_backup_setup - Shortcut.lnk
[2014-01-05 20:29:31 | 000,000,757 | ---- | M] () -- C:\Users\Peter\Desktop\SystemLook - Shortcut.lnk
[2014-01-04 19:44:33 | 000,013,270 | ---- | M] () -- C:\Users\Peter\Desktop\Extras - Shortcut.lnk
[2014-01-04 19:44:26 | 000,025,142 | ---- | M] () -- C:\Users\Peter\Desktop\OTL.lnk
[2014-01-04 19:26:37 | 000,001,095 | ---- | M] () -- C:\Users\Peter\Desktop\OTL - Shortcut.lnk
[2014-01-03 11:46:48 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-01-02 09:15:12 | 000,581,957 | ---- | M] () -- C:\Users\Peter\Desktop\adwcleaner-1.606-en.exe
[2013-12-30 17:28:32 | 000,000,512 | ---- | M] () -- C:\Users\Peter\Desktop\MBR.dat
[2013-12-29 18:48:02 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013-12-22 09:55:47 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013-12-17 18:47:04 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013-12-15 12:54:16 | 000,001,170 | ---- | M] () -- C:\Users\Peter\Documents\cc_20131215_125403.reg
[2013-12-12 20:44:15 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-12-12 20:44:15 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-12-12 20:44:15 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-12-12 20:38:17 | 000,493,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-12-11 19:36:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-12-11 19:36:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\Peter\Documents\*.tmp files -> C:\Users\Peter\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014-01-08 14:55:06 | 000,001,264 | ---- | C] () -- C:\Users\Peter\Desktop\Revo Uninstaller.lnk
[2014-01-08 14:53:13 | 000,001,155 | ---- | C] () -- C:\Users\Peter\Desktop\revosetup - Shortcut.lnk
[2014-01-07 11:57:51 | 000,001,146 | ---- | C] () -- C:\Users\Peter\Desktop\autoruns - Shortcut.lnk
[2014-01-07 11:53:35 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-PETER-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014-01-07 11:52:06 | 000,002,235 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014-01-07 11:49:28 | 000,001,380 | ---- | C] () -- C:\Users\Peter\Desktop\tweaking.com_registry_backup_setup - Shortcut.lnk
[2014-01-05 20:29:31 | 000,000,757 | ---- | C] () -- C:\Users\Peter\Desktop\SystemLook - Shortcut.lnk
[2014-01-04 19:44:33 | 000,013,270 | ---- | C] () -- C:\Users\Peter\Desktop\Extras - Shortcut.lnk
[2014-01-04 19:44:26 | 000,025,142 | ---- | C] () -- C:\Users\Peter\Desktop\OTL.lnk
[2014-01-04 19:26:37 | 000,001,095 | ---- | C] () -- C:\Users\Peter\Desktop\OTL - Shortcut.lnk
[2014-01-03 11:46:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-01-02 09:15:12 | 000,581,957 | ---- | C] () -- C:\Users\Peter\Desktop\adwcleaner-1.606-en.exe
[2013-12-30 17:28:32 | 000,000,512 | ---- | C] () -- C:\Users\Peter\Desktop\MBR.dat
[2013-12-29 18:48:02 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013-12-17 18:47:04 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013-12-15 12:54:08 | 000,001,170 | ---- | C] () -- C:\Users\Peter\Documents\cc_20131215_125403.reg
[2012-03-11 08:28:27 | 000,145,452 | ---- | C] () -- C:\Users\Peter\AppData\Local\rx_audio.Cache
[2012-02-20 05:03:48 | 000,099,384 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\inst.exe
[2012-02-20 05:03:48 | 000,007,859 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\pcouffin.cat
[2012-02-20 05:03:48 | 000,001,167 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\pcouffin.inf
[2011-08-16 07:55:52 | 000,643,372 | ---- | C] () -- C:\Users\Peter\AppData\Local\rx_image.Cache
[2011-07-25 17:48:58 | 000,074,293 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Setup.1.2.exe
========== ZeroAccess Check ==========
[2009-07-14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Ulead DVD MovieFactory 4.0 SE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(8).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(4).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(27).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(25).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(23).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(22).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(21).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(2).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(18).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(16).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(15).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(14).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(13).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(12).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(1).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Rosi & Luke front cover.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Rosi & Luke back cover.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\PDRMUSIC.TMP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\CyberLink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\VirtualDubMod_1_5_10_2_All_inclusive[1]:Roxio EMC Stream
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:07F6D9E4
< End of report >
Good Morning,
Enigma Software Group - SpyHunter <--- Nice people, they dont even include an uninstall for there lousy product. Not your fault as most people are really not aware of whats the good programs, whats borderline and whats bad, SpyHunter isnt a virus its just a lousy program
Before we remove those entries lets see if there is more
You will need to download the 64 bit version of SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version
Note: The log can also be found on your Desktop entitled SystemLook.txt
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
Code::folderfind SpyHunter :filefind SpyHunter :regfind SpyHunter- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
SystemLook Logfile
Hi Ken545
I've just been viewing some of that weather you guys are coping over there. Negative 20 degrees and upward is hard to imagine. Still we've got the opposite here, 43 degrees forecast for Saturday, man that's hot! Attached is the SystemLook logfile for you.
SystemLook 30.07.11 by jpshortstuff
Log created at 20:32 on 08/01/2014 by Peter
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== folderfind ==========
Searching for "SpyHunter"
C:\Program Files\Enigma Software Group\SpyHunter d------ [10:47 29/12/2013]
========== filefind ==========
Searching for "SpyHunter"
No files found.
========== regfind ==========
Searching for "SpyHunter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\esgiguard]
"ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
-= EOF =-
Yep, pretty cold, it was *6 when I got up this morning, but there is light at the end of the tunnel, supposed to warm up to about *25 today
Open OTL.exe
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code::OTL DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found IE - HKLM\..\URLSearchHook: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - No CLSID value found IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} O4 - HKLM..\Run: [] File not found [2013-12-29 18:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group :Services esgiguard :Reg [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\esgiguard] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\esgiguard] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\esgiguard] :Files ipconfig /flushdns /c :Commands [purity] [resethosts] [EMPTYJAVA] [emptytemp] [start explorer] [Reboot]- Then click the Run Fix button at the top. <--Not run Scan
- Let the program run unhindered, reboot when it is done
- Then post the results of the log it produces
Then run a new scan with OTL and post the new log please
Last edited by ken545; 2014-01-08 at 14:12.
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
OTL Run Fix Logfile
Hi Ken545
Nothing like a bit of sunshine to get the warmth back into your body! Here is the OTL RunFix logfile.
All processes killed
========== OTL ==========
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a87cb3e3-4db9-439d-b96b-576f5ae8459d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a87cb3e3-4db9-439d-b96b-576f5ae8459d}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully.
C:\Program Files\Enigma Software Group folder moved successfully.
========== SERVICES/DRIVERS ==========
Error: No service named esgiguard was found to stop!
Service\Driver key esgiguard not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\esgiguard\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\esgiguard\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\esgiguard\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Peter\Downloads\cmd.bat deleted successfully.
C:\Users\Peter\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: IrfanView
User: Peter
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: IrfanView
User: Peter
->Temp folder emptied: 468150 bytes
->Temporary Internet Files folder emptied: 56177131 bytes
->Google Chrome cache emptied: 27473170 bytes
->Flash cache emptied: 602 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39832437 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 1155 bytes
Total Files Cleaned = 118.00 mb
Error: Unable to interpret <[Reboot> in the current context!
OTL by OldTimer - Version 3.2.69.0 log created on 01092014_205615
Files\Folders moved on Reboot...
C:\Users\Peter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0C3W48LO\showthread[2].htm moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\avg_secure_search.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL Scan Logfile
Hi Ken545
Here is the OTL Scan Logfiles.
OTL logfile created on: 09-Jan-14 9:14:00 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
3.98 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 65.97% Memory free
7.97 Gb Paging File | 6.22 Gb Available in Paging File | 78.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 817.99 Gb Free Space | 87.82% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 63.22 Gb Free Space | 27.14% Space Free | Partition Type: NTFS
Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe ()
PRC - C:\Users\Peter\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (vToolbarUpdater17.3.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (FXNADB) -- C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (massfilter_lte) -- C:\Windows\SysNative\drivers\massfilter_LTE.sys (HandSet Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RxFilter) -- C:\Windows\SysNative\drivers\RxFilter.sys (Sonic Solutions)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (DLADResE) -- C:\Windows\SysNative\drivers\DLADResE.SYS (Roxio)
DRV:64bit: - (DLABMFSE) -- C:\Windows\SysNative\drivers\DLABMFSE.SYS (Roxio)
DRV:64bit: - (DLAUDF_E) -- C:\Windows\SysNative\drivers\DLAUDF_E.SYS (Roxio)
DRV:64bit: - (DLAUDFAE) -- C:\Windows\SysNative\drivers\DLAUDFAE.SYS (Roxio)
DRV:64bit: - (DLAOPIOE) -- C:\Windows\SysNative\drivers\DLAOPIOE.SYS (Roxio)
DRV:64bit: - (DLABOIOE) -- C:\Windows\SysNative\drivers\DLABOIOE.SYS (Roxio)
DRV:64bit: - (DLAPoolE) -- C:\Windows\SysNative\drivers\DLAPoolE.SYS (Roxio)
DRV:64bit: - (DLAIFS_E) -- C:\Windows\SysNative\drivers\DLAIFS_E.SYS (Roxio)
DRV:64bit: - (DRVECDB) -- C:\Windows\SysNative\drivers\DRVECDB.SYS (Sonic Solutions)
DRV:64bit: - (DLACDBHE) -- C:\Windows\SysNative\drivers\DLACDBHE.SYS (Roxio)
DRV:64bit: - (DLARTL_E) -- C:\Windows\SysNative\drivers\DLARTL_E.SYS (Roxio)
DRV:64bit: - (DRVEDDM) -- C:\Windows\SysNative\drivers\DRVEDDM.SYS (Roxio)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.com.au/tickler/default.aspx
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 5B D5 82 D6 53 CC 01 [binary data]
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\URLSearchHook: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - No CLSID value found
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/search?q={searchTerms}&rlz=1I7ADRA_enAU445
IE - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11 [2013-06-27 21:45:52 | 000,000,000 | ---D | M]
[2013-07-03 15:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014-01-09 20:56:17 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3:64bit: - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DocuPrint CM205b RUN] C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe (Fuji Xerox Co., Ltd.)
O4 - HKLM..\Run: [LauncherCM205b] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe" /S FX DocuPrint CM205 b File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StatusAuto CM205b Run] C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe (Fuji Xerox Co., Ltd)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1962708451-3323433082-481659391-1000..\Run: [BigPond Connection Client] C:\Program Files (x86)\Telstra\BigPond Connection Client\BigPondCC.exe (Telstra Corporation)
O4 - HKU\S-1-5-21-1962708451-3323433082-481659391-1000..\Run: [Revo Uninstaller] C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe (VS Revo Group)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1962708451-3323433082-481659391-1000\..Trusted Domains: bigpond.com ([register] https in Local intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89FA3560-13FB-4846-A7E5-4193B079001D}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-12-29 18:48:02 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2014-01-07 11:59:29 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2007-05-10 08:48:26 | 000,000,032 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014-01-08 14:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014-01-08 14:55:06 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014-01-07 11:59:29 | 000,000,000 | ---D | C] -- C:\Autoruns
[2014-01-07 11:52:46 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014-01-07 11:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014-01-07 11:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014-01-05 19:13:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-01-03 11:47:08 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2014-01-03 11:46:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014-01-03 11:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-01-03 11:26:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013-12-29 18:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013-12-17 18:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013-12-11 20:06:59 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013-12-11 20:06:59 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013-12-11 20:06:59 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013-12-11 20:06:58 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013-12-11 20:05:36 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-12-11 20:05:36 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-12-11 20:05:36 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-12-11 20:05:36 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013-12-11 20:05:36 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013-12-11 20:05:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013-12-11 20:05:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013-12-11 20:05:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013-12-11 20:05:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013-12-11 20:05:35 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013-12-11 20:05:35 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013-12-11 20:05:35 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013-12-11 20:05:35 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013-12-11 20:05:34 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013-12-11 20:05:34 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013-12-11 20:05:32 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-12-11 17:26:05 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013-12-11 17:26:05 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013-12-11 17:25:59 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013-12-11 17:25:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013-12-11 17:25:55 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013-12-11 17:25:08 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013-12-11 17:25:08 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013-12-11 17:25:06 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013-12-11 17:25:06 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013-12-11 17:25:06 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013-12-11 17:25:06 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013-12-11 17:25:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013-12-11 17:25:05 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2012-02-20 05:03:48 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Peter\AppData\Roaming\pcouffin.sys
[1 C:\Users\Peter\Documents\*.tmp files -> C:\Users\Peter\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014-01-09 21:05:48 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-01-09 21:05:48 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-01-09 20:58:47 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-01-09 20:58:46 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014-01-09 20:58:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-01-09 20:58:34 | 3207,946,240 | -HS- | M] () -- C:\hiberfil.sys
[2014-01-09 20:58:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014-01-09 20:56:17 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014-01-09 20:44:15 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-01-09 20:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-01-08 14:55:06 | 000,001,264 | ---- | M] () -- C:\Users\Peter\Desktop\Revo Uninstaller.lnk
[2014-01-07 11:57:51 | 000,001,146 | ---- | M] () -- C:\Users\Peter\Desktop\autoruns - Shortcut.lnk
[2014-01-07 11:53:35 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-PETER-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014-01-07 11:52:06 | 000,002,235 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014-01-07 11:49:28 | 000,001,380 | ---- | M] () -- C:\Users\Peter\Desktop\tweaking.com_registry_backup_setup - Shortcut.lnk
[2014-01-05 20:29:31 | 000,000,757 | ---- | M] () -- C:\Users\Peter\Desktop\SystemLook - Shortcut.lnk
[2014-01-04 19:44:33 | 000,013,270 | ---- | M] () -- C:\Users\Peter\Desktop\Extras - Shortcut.lnk
[2014-01-04 19:44:26 | 000,025,142 | ---- | M] () -- C:\Users\Peter\Desktop\OTL.lnk
[2014-01-04 19:26:37 | 000,001,095 | ---- | M] () -- C:\Users\Peter\Desktop\OTL - Shortcut.lnk
[2014-01-03 11:46:48 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-01-02 09:15:12 | 000,581,957 | ---- | M] () -- C:\Users\Peter\Desktop\adwcleaner-1.606-en.exe
[2013-12-30 17:28:32 | 000,000,512 | ---- | M] () -- C:\Users\Peter\Desktop\MBR.dat
[2013-12-29 18:48:02 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013-12-22 09:55:47 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013-12-17 18:47:04 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013-12-15 12:54:16 | 000,001,170 | ---- | M] () -- C:\Users\Peter\Documents\cc_20131215_125403.reg
[2013-12-12 20:44:15 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-12-12 20:44:15 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-12-12 20:44:15 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-12-12 20:38:17 | 000,493,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-12-11 19:36:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-12-11 19:36:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\Peter\Documents\*.tmp files -> C:\Users\Peter\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014-01-08 14:55:06 | 000,001,264 | ---- | C] () -- C:\Users\Peter\Desktop\Revo Uninstaller.lnk
[2014-01-07 11:57:51 | 000,001,146 | ---- | C] () -- C:\Users\Peter\Desktop\autoruns - Shortcut.lnk
[2014-01-07 11:53:35 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-PETER-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014-01-07 11:52:06 | 000,002,235 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014-01-07 11:49:28 | 000,001,380 | ---- | C] () -- C:\Users\Peter\Desktop\tweaking.com_registry_backup_setup - Shortcut.lnk
[2014-01-05 20:29:31 | 000,000,757 | ---- | C] () -- C:\Users\Peter\Desktop\SystemLook - Shortcut.lnk
[2014-01-04 19:44:33 | 000,013,270 | ---- | C] () -- C:\Users\Peter\Desktop\Extras - Shortcut.lnk
[2014-01-04 19:44:26 | 000,025,142 | ---- | C] () -- C:\Users\Peter\Desktop\OTL.lnk
[2014-01-04 19:26:37 | 000,001,095 | ---- | C] () -- C:\Users\Peter\Desktop\OTL - Shortcut.lnk
[2014-01-03 11:46:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-01-02 09:15:12 | 000,581,957 | ---- | C] () -- C:\Users\Peter\Desktop\adwcleaner-1.606-en.exe
[2013-12-30 17:28:32 | 000,000,512 | ---- | C] () -- C:\Users\Peter\Desktop\MBR.dat
[2013-12-29 18:48:02 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013-12-17 18:47:04 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013-12-15 12:54:08 | 000,001,170 | ---- | C] () -- C:\Users\Peter\Documents\cc_20131215_125403.reg
[2012-03-11 08:28:27 | 000,145,452 | ---- | C] () -- C:\Users\Peter\AppData\Local\rx_audio.Cache
[2012-02-20 05:03:48 | 000,099,384 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\inst.exe
[2012-02-20 05:03:48 | 000,007,859 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\pcouffin.cat
[2012-02-20 05:03:48 | 000,001,167 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\pcouffin.inf
[2011-08-16 07:55:52 | 000,643,372 | ---- | C] () -- C:\Users\Peter\AppData\Local\rx_image.Cache
[2011-07-25 17:48:58 | 000,074,293 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Setup.1.2.exe
========== ZeroAccess Check ==========
[2009-07-14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012-10-13 09:54:32 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012-10-13 09:54:32 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013-10-23 12:18:00 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\AVG2014
[2013-10-28 14:58:11 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\calibre
[2013-03-08 15:02:35 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\canon
[2013-03-08 15:11:11 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Canon_Inc_IC
[2011-11-21 05:28:03 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\dBpoweramp
[2012-06-19 11:42:58 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DVDFab
[2011-11-28 05:51:09 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\foobar2000
[2012-04-25 19:03:03 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\iSkysoft Video Converter Ultimate
[2013-12-03 17:52:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\JLAdventCalendarEdwardian2013
[2012-12-17 16:05:20 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\KompoZer
[2011-08-07 09:02:52 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Leadertech
[2013-11-01 17:14:18 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Sierra Wireless
[2011-08-06 11:20:02 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Telstra
[2012-10-11 17:15:58 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TuneUp Software
[2012-04-25 11:40:52 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Vso
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Ulead DVD MovieFactory 4.0 SE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(8).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(4).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(27).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(25).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(23).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(22).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(21).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(2).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(18).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(16).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(15).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(14).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(13).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(12).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\SnapShot(1).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Rosi & Luke front cover.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\Rosi & Luke back cover.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\PDRMUSIC.TMP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Peter\Documents\CyberLink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\VirtualDubMod_1_5_10_2_All_inclusive[1]:Roxio EMC Stream
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:07F6D9E4
< End of report >
This cold weather is getting old
Good, why dont you run a new scan with OTL and let me take a final look. How is your system behaving now ??
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Opps, looks like we crossed posted, looking at your new log now
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
How is your system behaving now ?
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Posting Permissions
