I was getting popups for advertisements and surveys I unfortunately downloaded spyhunter to rid these pop ups unfortunately although I have removed SpyHunter from programs add and remove it still is present on my taskbar, and constantly keeps scanning my laptop. I have tried doing a search on my laptop and nothing is showing up for Spy
Hunter. I have downloaded and used spybot but this has done nothing to stop it. The window I get up is spyhunter4-hosts file monitor can anybody help me permanently remove this I am running windows 7 Thankyou for any help available. I have included the OTL log file I hope this is the correct thing to do.
OTL logfile created on: 07/01/2015 21:42:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop\Dowmloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.90 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 55.82% Memory free
7.80 Gb Paging File | 5.21 Gb Available in Paging File | 66.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.54 Gb Total Space | 411.75 Gb Free Space | 88.45% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2015/01/07 21:42:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\Dowmloads\OTL.exe
PRC - [2014/12/06 01:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/09/12 09:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/30 17:48:46 | 000,234,520 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
PRC - [2014/08/30 17:47:54 | 000,193,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2012/04/28 09:20:06 | 000,163,456 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012/02/29 08:20:04 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/29 08:19:58 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/29 08:19:48 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
========== Modules (No Company Name) ==========
MOD - [2014/12/06 01:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/06 01:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/06 01:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/06 01:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
========== Services (SafeList) ==========
SRV:64bit: - [2015/01/06 18:53:04 | 001,025,920 | ---- | M] (Enigma Software Group USA, LLC.) [Disabled | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2014/11/22 02:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/12 15:37:51 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/02 21:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/12/17 15:46:00 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV - [2015/01/03 01:56:55 | 002,726,256 | ---- | M] (Acute Angle Solutions Ltd) [Auto | Stopped] -- C:\ProgramData\EKAfRti\Zoqctjxcdc.exe -- (Zoqctjxcdc)
SRV - [2014/12/26 18:45:34 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/09/12 09:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/30 17:48:46 | 000,234,520 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe -- (AVP15.0.1)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/03/20 22:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 23:54:32 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/07 11:03:02 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/04/28 09:20:06 | 000,163,456 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012/04/28 08:57:54 | 000,119,424 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/02/29 08:20:04 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/29 08:19:58 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/29 08:19:48 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2015/01/06 18:53:08 | 000,015,920 | ---- | M] (Enigma Software Group USA, LLC.) [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2015/01/06 18:53:07 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2014/12/07 16:43:32 | 000,077,512 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klwtp.sys -- (Klwtp)
DRV:64bit: - [2014/12/07 16:43:31 | 000,818,888 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2014/12/07 16:43:30 | 000,150,536 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:64bit: - [2014/10/29 13:22:57 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2014/10/29 13:22:57 | 000,030,816 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2014/08/12 18:33:02 | 000,246,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klhk.sys -- (klhk)
DRV:64bit: - [2014/07/09 16:23:54 | 000,179,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2014/07/02 16:10:38 | 000,046,144 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kldisk.sys -- (kldisk)
DRV:64bit: - [2014/06/05 19:02:08 | 000,055,872 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2014/05/17 02:35:04 | 000,044,744 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2014/05/17 00:42:38 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2014/05/05 22:36:41 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2014/05/05 22:36:41 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2014/03/31 20:06:06 | 000,058,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2014/03/31 11:47:10 | 000,468,576 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2014/03/28 17:51:04 | 000,028,768 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2014/02/25 13:09:02 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2013/11/12 15:16:59 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/11/12 15:16:59 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/11/12 15:13:23 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/11/12 15:12:31 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/11/12 15:12:31 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/08/08 17:11:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/04/12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:64bit: - [2013/01/14 21:10:52 | 000,238,288 | ---- | M] (Kaspersky Lab UK Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cm_km_w.sys -- (cm_km_w)
DRV:64bit: - [2012/11/27 03:46:02 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/08/20 08:38:12 | 000,416,072 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2012/08/20 08:38:12 | 000,138,568 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2012/07/20 16:09:40 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2012/06/12 21:00:48 | 000,726,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/06/07 10:49:08 | 014,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/05/31 16:06:50 | 002,811,904 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/05/21 14:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/05/21 14:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/05/21 14:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/04/28 09:09:24 | 000,550,528 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/04/28 09:07:00 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/03/02 17:49:00 | 000,104,048 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012/01/31 12:17:00 | 001,601,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/12/06 18:23:10 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/15 17:24:20 | 000,313,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/11/10 16:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/08/28 00:53:32 | 000,023,080 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2010/08/28 00:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/08/10 15:29:14 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF 7E D2 00 F9 29 D0 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\
[email protected] [2014/12/07 16:51:05 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\
[email protected] [2014/12/07 16:51:05 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\
[email protected] [2014/12/07 16:51:06 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\
[email protected] [2014/12/07 16:51:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\
[email protected] [2014/12/07 16:51:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\
[email protected] [2014/12/07 16:51:05 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho\4.0.9.130_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2015/01/06 21:07:16 | 000,450,771 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15471 more lines...
O2:64bit: - BHO: (Content Blocker Plugin) - {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {E3D96E85-529D-4269-AC6A-97CF9E2221E3} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Virtual Keyboard Plugin) - {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {E3D96E85-529D-4269-AC6A-97CF9E2221E3} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\athbttray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\btvstack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [SoftonicAssistant] C:\Users\User\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9:64bit: - Extra Button: Virtual Keyboard - {09A10376-994C-4BBF-9121-F50CF7BA237E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Virtual Keyboard - {09A10376-994C-4BBF-9121-F50CF7BA237E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07D6EE41-9FC6-45EB-A1EA-5BADD17DA9C2}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CF50E1C-03C9-4A40-A360-F03F18E5137A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015/01/06 18:54:16 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2015/01/07 01:08:18 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\biscuits
[2015/01/06 20:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2015/01/06 20:06:24 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\ProcAlyzer Dumps
[2015/01/06 18:53:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Enigma Software Group
[2015/01/06 18:53:45 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2015/01/06 18:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2015/01/06 01:53:54 | 000,000,000 | ---D | C] -- C:\SafeWeb
[2015/01/05 22:09:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\SafeWeb
[2015/01/05 22:04:29 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/01/03 19:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\2355320829
[2015/01/03 02:15:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Fuzzy Bug Interactive
[2015/01/03 02:14:46 | 000,058,264 | ---- | C] (Exent Technologies Ltd.) -- C:\Windows\ExentInfo.exe
[2015/01/03 02:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2015/01/03 02:13:58 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2015/01/03 02:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Unchecky
[2015/01/03 01:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\EKAfRti
[2015/01/03 01:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Granny in Paradise
[2015/01/03 01:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BFG
[2015/01/03 01:55:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\SoftonicAssistant
[2015/01/02 22:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2015/01/02 22:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2015/01/02 22:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2015/01/02 22:04:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\CrashDumps
[2015/01/02 13:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/01/02 13:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2015/01/02 13:00:16 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/12/30 18:13:11 | 000,044,744 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2014/12/29 22:05:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ElevatedDiagnostics
[2014/12/26 18:46:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Macromedia
[2014/12/26 18:45:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2014/12/26 18:45:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2014/12/18 16:38:06 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\steve hotmail
[2014/12/11 07:02:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014/12/09 08:23:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Skype
[2014/12/09 08:23:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Skype
[2014/12/09 08:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
========== Files - Modified Within 30 Days ==========
[2015/01/07 21:13:09 | 000,028,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/07 21:13:09 | 000,028,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/07 21:12:52 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/07 21:12:52 | 000,666,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/07 21:12:52 | 000,125,820 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/07 21:08:10 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2015/01/07 21:07:19 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/07 21:06:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/07 21:06:12 | 3140,444,160 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/07 20:49:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/07 20:48:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/07 20:45:33 | 000,000,543 | ---- | M] () -- C:\Users\User\Desktop\AOL Mail - New Mail.website
[2015/01/07 20:44:48 | 000,000,479 | ---- | M] () -- C:\Users\User\Desktop\Outlook.com.website
[2015/01/07 15:09:35 | 000,000,156 | ---- | M] () -- C:\Users\User\Desktop\VIDEO- Rural road blocked as 44 ton lorry overturns - Halifax Courier.url
[2015/01/06 21:07:16 | 000,450,771 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/01/06 18:54:16 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2015/01/06 18:53:07 | 000,022,704 | ---- | M] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2015/01/06 00:05:57 | 000,000,496 | ---- | M] () -- C:\Users\User\Desktop\HotUKDeals - Deals, Discounts & Voucher Codes.website
[2015/01/05 22:35:09 | 000,000,545 | ---- | M] () -- C:\Users\User\Desktop\Expat Forum For People Moving Overseas And Living Abroad - Search Results.website
[2015/01/05 00:32:18 | 000,000,521 | ---- | M] () -- C:\Users\User\Desktop\The Freecycle Network.website
[2015/01/03 19:01:52 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20150106-210716.backup
[2015/01/03 11:12:03 | 000,000,042 | ---- | M] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2015/01/03 02:14:53 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2015/01/03 02:11:32 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/30 18:13:45 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2014/12/30 18:06:55 | 000,000,055 | ---- | M] () -- C:\Users\User\Desktop\FILMON TV FREE LIVE TV MOVIES AND SOCIAL TELEVISION.url
[2014/12/30 17:34:19 | 000,000,159 | ---- | M] () -- C:\Users\User\Desktop\You’ve Been Cleaning Your Oven The Wrong Way Your Entire Life. This Is So Brilliant! - Newsner.url
[2014/12/16 17:39:57 | 000,000,053 | ---- | M] () -- C:\Users\User\Desktop\My Quidco.url
[2014/12/12 11:42:51 | 000,000,077 | ---- | M] () -- C:\Users\User\Desktop\Search Results for ebay.url
[2014/12/11 09:08:38 | 000,000,103 | ---- | M] () -- C:\Users\User\Desktop\Bradford Freegle Reuse Group - Yahoo Groups.url
[2014/12/10 09:10:20 | 000,000,089 | ---- | M] () -- C:\Users\User\Desktop\Playworld Under 5’s Christmas Party - Playworld Huddersfield.url
========== Files Created - No Company Name ==========
[2015/01/07 15:09:35 | 000,000,156 | ---- | C] () -- C:\Users\User\Desktop\VIDEO- Rural road blocked as 44 ton lorry overturns - Halifax Courier.url
[2015/01/06 18:54:16 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2015/01/06 18:53:07 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2015/01/03 11:12:03 | 000,000,042 | ---- | C] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2015/01/03 02:14:53 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2015/01/02 12:09:38 | 000,000,545 | ---- | C] () -- C:\Users\User\Desktop\Expat Forum For People Moving Overseas And Living Abroad - Search Results.website
[2014/12/30 18:13:45 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2014/12/30 18:06:55 | 000,000,055 | ---- | C] () -- C:\Users\User\Desktop\FILMON TV FREE LIVE TV MOVIES AND SOCIAL TELEVISION.url
[2014/12/30 17:34:19 | 000,000,159 | ---- | C] () -- C:\Users\User\Desktop\You’ve Been Cleaning Your Oven The Wrong Way Your Entire Life. This Is So Brilliant! - Newsner.url
[2014/12/26 18:45:35 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/16 17:39:57 | 000,000,053 | ---- | C] () -- C:\Users\User\Desktop\My Quidco.url
[2014/12/15 04:13:39 | 000,000,521 | ---- | C] () -- C:\Users\User\Desktop\The Freecycle Network.website
[2014/12/12 11:42:50 | 000,000,077 | ---- | C] () -- C:\Users\User\Desktop\Search Results for ebay.url
[2014/12/11 09:08:38 | 000,000,103 | ---- | C] () -- C:\Users\User\Desktop\Bradford Freegle Reuse Group - Yahoo Groups.url
[2014/12/11 01:21:11 | 000,000,496 | ---- | C] () -- C:\Users\User\Desktop\HotUKDeals - Deals, Discounts & Voucher Codes.website
[2014/12/10 09:10:20 | 000,000,089 | ---- | C] () -- C:\Users\User\Desktop\Playworld Under 5’s Christmas Party - Playworld Huddersfield.url
[2014/10/30 18:08:22 | 000,007,605 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2013/12/05 10:49:40 | 000,765,700 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 02:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 01:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2015/01/06 18:53:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Enigma Software Group
[2015/01/03 02:15:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Fuzzy Bug Interactive
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 7886 bytes -> C:\Users\User\Desktop\Outlook.com.website:TASKICON_4OLFavIE91410631431
@Alternate Data Stream - 7886 bytes -> C:\Users\User\Desktop\Outlook.com.website:TASKICON_3SkyDriveFav-1311630743
@Alternate Data Stream - 7886 bytes -> C:\Users\User\Desktop\Outlook.com.website:TASKICON_0OLFavIE91284348923
@Alternate Data Stream - 34494 bytes -> C:\Users\User\Desktop\Outlook.com.website:TASKICON_1OCalFavIE91545382048
@Alternate Data Stream - 1150 bytes -> C:\Users\User\Desktop\Outlook.com.website:TASKICON_2PeopleFav302369383
< End of report >