Thanks for your reply.
Sorry I should have mentioned, I am located in Australia.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2014
Task: {FB369F07-98C3-4487-BD8B-FDD287D8CEAE} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Browser AdBlocker (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - Browser AdBlocker) <==== ATTENTION
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FB369F07-98C3-4487-BD8B-FDD287D8CEAE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB369F07-98C3-4487-BD8B-FDD287D8CEAE}" => Key deleted successfully.
C:\Windows\System32\Tasks\Optimizer Pro Schedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => Key deleted successfully.
Browser AdBlocker (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - Browser AdBlocker) <==== ATTENTION => Error: No automatic fix found for this entry.
"C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exeEmptyTemp:" => File/Directory not found.
==== End of Fixlog ====
Chrome Status:
Same as before. Still opens but when clicking links I am still sometimes redirected to advertising.
Also I should mention this - when I click links in emails in Outlook, Chrome opens to my homepage but 4 other tabs also open with "Oops cannot be found". This has nothing to do with the previous problem but I would like to know how to fix this issue as well.
OTL.txt Log:
OTL logfile created on: 22/10/2014 2:12:31 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mitey Fresh\Desktop\Kirra's\Documents\Virus scans
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.79 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 63.28% Memory free
7.59 Gb Paging File | 6.05 Gb Available in Paging File | 79.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.39 Gb Total Space | 115.52 Gb Free Space | 42.25% Space Free | Partition Type: NTFS
Drive D: | 180.27 Gb Total Space | 117.47 Gb Free Space | 65.16% Space Free | Partition Type: NTFS
Computer Name: KIRRA-PC | User Name: Mitey Fresh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/10/18 16:52:14 | 003,835,728 | ---- | M] (LogMeIn Inc.) -- D:\Games\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2014/10/10 12:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mitey Fresh\Desktop\Kirra's\Documents\Virus scans\OTL.exe
PRC - [2014/10/03 21:30:08 | 001,514,040 | ---- | M] (Spotify Ltd) -- C:\Users\Mitey Fresh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/02/20 12:03:06 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/12/21 17:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
========== Modules (No Company Name) ==========
MOD - [2014/02/20 12:03:05 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll
MOD - [2014/02/20 12:03:03 | 004,060,488 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
MOD - [2014/02/20 12:02:59 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
MOD - [2014/02/20 12:02:58 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
MOD - [2014/02/20 12:02:56 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
MOD - [2014/02/20 12:02:54 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/09/19 12:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 16:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 16:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 16:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/05/20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2014/10/18 16:52:14 | 002,529,616 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Games\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014/09/24 20:48:07 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/30 04:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/04/19 13:26:23 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/21 09:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/21 17:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/07/17 19:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/01/23 09:57:12 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/01 17:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 17:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 17:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 00:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/20 16:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/20 13:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/11 07:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2275511576-419542734-2349628481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2275511576-419542734-2349628481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com.au/IE - HKU\S-1-5-21-2275511576-419542734-2349628481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKU\S-1-5-21-2275511576-419542734-2349628481-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.comIE - HKU\S-1-5-21-2275511576-419542734-2349628481-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.comIE - HKU\S-1-5-21-2275511576-419542734-2349628481-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2275511576-419542734-2349628481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Mitey Fresh\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\ProgramData\iSkysoft\Video Converter Ultimate\
[email protected]\ [2014/09/30 17:07:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013/10/05 13:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Extensions
[2014/06/05 12:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/19 13:26:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: SEOquake = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.21_0\
CHR - Extension: Google Docs = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.2.1_0\
CHR - Extension: Google Wallet = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/11 08:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (iSkysoft Video Converter Ultimate 5.1.0) - {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} - C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
O4:64bit: - HKLM..\Run: [FAHConsole] C:\Program Files\File Association Helper\FAHConsole.exe (Nico Mak Computing)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Games\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2275511576-419542734-2349628481-1000..\Run: [Spotify Web Helper] C:\Users\Mitey Fresh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50EF78CE-304E-4B7A-9AAB-DDBCC5200660}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{910DEC28-ADB7-41E8-A772-D1D261B4EC8C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{496991f1-83b7-11e3-a045-406186b70622}\Shell - "" = AutoRun
O33 - MountPoints2\{496991f1-83b7-11e3-a045-406186b70622}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{6140cd31-99d4-11e3-ac34-406186b70622}\Shell - "" = AutoRun
O33 - MountPoints2\{6140cd31-99d4-11e3-ac34-406186b70622}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{efd7f59c-3f87-11e4-aca2-406186b70622}\Shell - "" = AutoRun
O33 - MountPoints2\{efd7f59c-3f87-11e4-aca2-406186b70622}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/10/22 14:15:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/10/21 01:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014/10/16 14:16:26 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/10/15 15:39:16 | 000,000,000 | ---D | C] -- C:\FRST
[2014/10/15 13:08:47 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/10/15 13:08:47 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/10/15 13:08:46 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/10/15 13:08:46 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/10/15 13:08:46 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/10/15 13:08:45 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/10/15 13:08:43 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/10/15 13:08:43 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/10/15 13:08:41 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/15 13:08:39 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/10/15 13:08:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/10/15 13:08:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/10/15 13:08:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/10/15 13:08:38 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/10/15 13:08:38 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/10/15 13:08:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/10/15 13:08:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/10/15 13:08:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/10/15 13:08:34 | 002,017,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/10/15 13:08:34 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/10/15 13:08:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/10/15 13:08:32 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/10/15 13:08:32 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/10/15 13:08:32 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/10/15 13:08:32 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/10/15 13:08:31 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/10/15 13:08:30 | 002,108,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/10/15 13:08:29 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/10/15 13:08:29 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/10/15 13:08:28 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/10/15 13:08:27 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/10/15 13:08:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/10/15 13:08:24 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/10/15 13:08:24 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/10/15 13:08:23 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/10/15 13:08:22 | 005,829,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/10/15 13:08:22 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/10/15 13:08:22 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/10/15 13:08:22 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/10/15 13:08:21 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/10/15 13:08:21 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/10/15 13:08:20 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/10/15 13:08:19 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/10/15 13:08:18 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/10/15 13:07:57 | 003,241,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/10/15 13:07:50 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2014/10/15 13:07:49 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2014/10/15 13:07:44 | 003,221,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/10/15 13:07:43 | 003,722,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/10/15 13:07:42 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/10/15 13:07:41 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/10/15 13:07:40 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2014/10/15 13:07:40 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2014/10/15 13:07:39 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/10/15 13:07:39 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2014/10/15 13:07:20 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/15 13:07:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/10/01 14:52:30 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\AppData\Roaming\sweet-page
[2014/10/01 14:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2014/10/01 14:51:45 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\AppData\Local\WinZip
[2014/10/01 14:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2014/10/01 14:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2014/10/01 09:33:40 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/10/01 09:33:39 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/09/30 17:15:15 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\Desktop\Mitey Shield video
[2014/09/30 17:07:43 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
[2014/09/30 17:07:40 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\Documents\iSkysoft Video Converter Ultimate
[2014/09/30 17:07:24 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\AppData\Local\iSkysoft
[2014/09/30 17:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iSkysoft
[2014/09/30 17:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
[2014/09/30 17:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\iSkysoft Video Converter Ultimate
[2014/09/30 17:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\iSkysoft
[2014/09/30 17:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iSkysoft
[2014/09/30 17:05:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\iSkysoft
[2014/09/22 18:48:09 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\AppData\Roaming\vlc
[2014/09/22 18:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VLC
========== Files - Modified Within 30 Days ==========
[2014/10/22 14:19:36 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/22 14:19:35 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/22 14:14:42 | 000,024,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/22 14:14:42 | 000,024,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/22 14:14:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/22 14:11:36 | 003,228,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/22 14:11:36 | 001,426,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/10/22 14:11:36 | 000,006,206 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/22 14:09:03 | 000,000,598 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2275511576-419542734-2349628481-1000.job
[2014/10/22 14:07:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/22 14:06:55 | 3056,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/22 13:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/22 13:22:45 | 000,004,096 | -H-- | M] () -- C:\Users\Mitey Fresh\AppData\Local\keyfile3.drm
[2014/10/18 10:29:48 | 000,356,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/16 13:45:22 | 000,002,289 | ---- | M] () -- C:\Users\Mitey Fresh\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/16 13:45:22 | 000,001,447 | ---- | M] () -- C:\Users\Mitey Fresh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/10/10 13:05:59 | 000,276,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/10/10 13:05:42 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/10/10 13:00:38 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/02 17:52:02 | 000,002,547 | ---- | M] () -- C:\Users\Mitey Fresh\Desktop\`Staff Computer - Shortcut.lnk
[2014/09/30 17:12:05 | 000,076,441 | ---- | M] () -- C:\Users\Mitey Fresh\Desktop\Mitey Shield videos.wlmp
[2014/09/30 17:07:06 | 000,001,354 | ---- | M] () -- C:\Users\Mitey Fresh\Application Data\Microsoft\Internet Explorer\Quick Launch\iSkysoft Video Converter Ultimate.lnk
[2014/09/29 21:19:55 | 433,221,317 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/09/26 13:08:59 | 000,000,004 | ---- | M] () -- C:\Users\Mitey Fresh\AppData\Roaming\appdataFr2.bin
[2014/09/26 09:46:19 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/26 09:32:04 | 002,017,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/26 09:31:02 | 002,108,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/25 13:08:38 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/09/25 12:40:50 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/09/24 20:48:05 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/24 20:48:05 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2014/09/30 17:07:06 | 000,001,354 | ---- | C] () -- C:\Users\Mitey Fresh\Application Data\Microsoft\Internet Explorer\Quick Launch\iSkysoft Video Converter Ultimate.lnk
[2014/09/30 17:06:57 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\ISCM64.dll
[2014/09/30 17:06:57 | 000,214,528 | ---- | C] () -- C:\Windows\SysWow64\ISCM32.dll
[2014/09/29 19:47:17 | 000,076,441 | ---- | C] () -- C:\Users\Mitey Fresh\Desktop\Mitey Shield videos.wlmp
[2014/09/17 09:37:48 | 000,000,004 | ---- | C] () -- C:\Users\Mitey Fresh\AppData\Roaming\appdataFr2.bin
[2014/07/10 17:27:56 | 000,004,096 | -H-- | C] () -- C:\Users\Mitey Fresh\AppData\Local\keyfile3.drm
[2014/03/11 16:33:22 | 000,002,149 | ---- | C] () -- C:\Users\Mitey Fresh\AppData\Local\recently-used.xbel
[2014/02/03 08:33:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/19 09:49:37 | 000,000,027 | ---- | C] () -- C:\Users\Mitey Fresh\AppData\Roaming\WB.CFG
[2013/08/08 12:48:44 | 000,007,061 | ---- | C] () -- C:\Program Files\Common Files\ecisettings.props.preupdate
[2013/08/08 12:37:38 | 000,002,539 | ---- | C] () -- C:\Program Files\Common Files\ECI_Data.bat
[2013/08/08 12:37:38 | 000,000,329 | ---- | C] () -- C:\Program Files\Common Files\AppMgrIcon.gif
[2013/08/08 12:37:38 | 000,000,128 | ---- | C] () -- C:\Program Files\Common Files\StartClient.bat
[2013/05/28 17:24:28 | 000,013,824 | ---- | C] () -- C:\Users\Mitey Fresh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/09 12:25:17 | 000,061,304 | ---- | C] () -- C:\Users\Mitey Fresh\g2mdlhlpx.exe
[2013/04/05 11:10:11 | 000,764,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/28 13:45:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
========== ZeroAccess Check ==========
[2009/07/14 15:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 13:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 12:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/10/10 11:45:41 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\AUSkey
[2013/07/28 21:46:44 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\AutoBinaryCode2
[2014/09/12 21:15:52 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\BatteryCare
[2014/04/08 21:58:58 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\BitComet
[2014/06/26 20:50:56 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\calibre
[2013/11/18 21:12:47 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\Com.Comm100.LiveChat.AirVisitorMonitor.En
[2013/11/18 21:12:46 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\Com.Comm100.LiveChat.AirVisitorMonitor.En.ED02F0ED4016DF29F52CC2E3BD1ED89CCC440D32.1
[2014/01/23 10:00:34 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\DAEMON Tools Lite
[2013/03/28 16:55:05 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\Monotype Imaging
[2014/02/09 21:43:00 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\rmi
[2014/10/16 22:09:00 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\Spotify
[2014/10/02 13:43:04 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\sweet-page
[2014/09/30 17:07:43 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 40 bytes -> C:\ProgramData\MTA San Andreas All:NT
@Alternate Data Stream - 40 bytes -> C:\ProgramData:NT
@Alternate Data Stream - 160 bytes -> C:\ProgramData\MTA San Andreas All:NT2
@Alternate Data Stream - 160 bytes -> C:\ProgramData:NT2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:373E1720
< End of report >
Extras.txt Log:
OTL Extras logfile created on: 22/10/2014 2:12:31 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mitey Fresh\Desktop\Kirra's\Documents\Virus scans
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.79 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 63.28% Memory free
7.59 Gb Paging File | 6.05 Gb Available in Paging File | 79.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.39 Gb Total Space | 115.52 Gb Free Space | 42.25% Space Free | Partition Type: NTFS
Drive D: | 180.27 Gb Total Space | 117.47 Gb Free Space | 65.16% Space Free | Partition Type: NTFS
Computer Name: KIRRA-PC | User Name: Mitey Fresh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-2275511576-419542734-2349628481-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8908D6-CCF7-40EE-99F2-9BAD28BF4B19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0BC55BBB-248D-4BF5-ADA6-6270B3B11686}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0FFEC506-D187-46D2-BDF3-621541E0F983}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A19F61E-DB6E-404F-ACEF-4B615871A2CD}" = rport=445 | protocol=6 | dir=out | app=system |
"{297DAB00-FEDC-47C9-B09E-97E1909889AA}" = rport=139 | protocol=6 | dir=out | app=system |
"{3BB53184-4A31-4AFF-9977-DF3CE46A784F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{741D65CC-BF52-42A5-9CE5-BEE4AEAF2D6A}" = rport=138 | protocol=17 | dir=out | app=system |
"{7B2EAC73-751C-41B2-9666-9E94FA7E6D83}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{81CF275F-C536-4575-BDA5-9CF942C08E5D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C34F054-98EC-4FC0-BC7E-ACEF806C720E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{90CB2CA8-BCEF-48A9-8405-9AEA3E0B54DE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9D997B49-821A-444D-8920-A5CCCAF1D07E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A480DC5D-D842-4403-8EC8-5E3D4ADCC93F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A4C18B0C-1FD8-4EBD-A36D-75D1C3702D8E}" = lport=138 | protocol=17 | dir=in | app=system |
"{BED82397-C3BF-4FD5-87BC-19EBBF94AC77}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C4FC1D7C-4D1D-4A94-8118-193B7B2FFEEC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C9F3E318-3119-4F14-8BCA-A51E1E1478D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE2CC353-510E-49D1-AFE4-C58F31E73BAA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D148DB5B-5000-4D65-88EB-091B8EFC2487}" = lport=445 | protocol=6 | dir=in | app=system |
"{D43370F8-B23B-4CFD-BC6E-D299F24AAAEB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E10E2CDB-4846-43DD-A763-D19C63DFB6A3}" = lport=137 | protocol=17 | dir=in | app=system |
"{E593D741-4FAD-4710-BED6-74680DC7B837}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E70213CF-BEF7-4575-BBC0-5795BF980A26}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E7BACAB6-1DBE-4E0C-A478-A011A28342DD}" = lport=139 | protocol=6 | dir=in | app=system |
"{F2023297-E0AC-4E52-B85D-4C2FB252C51A}" = rport=137 | protocol=17 | dir=out | app=system |
"{F668716D-56C2-4D40-8D6D-F2462FA05D2D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD1BD8F5-02BF-46FA-9678-555491850959}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A19E1BC-DF06-495B-B95F-7EDD7B024D05}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0A410111-BF3A-4C15-B7D0-49DBAFF003AE}" = protocol=1 | dir=out |
[email protected],-28544 |
"{0C24E7A1-7B4E-43D6-9911-C15CCF348321}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0D9D9357-421E-48EB-BB82-6294722E93A7}" = protocol=58 | dir=out |
[email protected],-503 |
"{1678EE80-1670-4CDC-B7BC-B05348016B92}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1FA77B58-C4FF-405E-8B33-B4FA4568DA6F}" = protocol=6 | dir=in | app=d:\games\lost via domus\gu.exe |
"{21E140F2-CB43-4BD0-9395-F56BB4142527}" = protocol=17 | dir=in | app=d:\games\lost via domus\detection\launcher.exe |
"{2CA298A3-9646-419F-BBD3-CC4DCA3C6441}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{31F0F88D-E918-433F-BA98-5813E1B9F3FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{41C07927-8945-41A1-872A-422AC062B132}" = protocol=17 | dir=in | app=d:\games\codename eagle\lobby.exe |
"{428D384D-8C5C-4F0A-92D6-36475CDF3A3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4EE75D8B-5621-4BDD-A9BC-D25ABDE0F109}" = protocol=6 | dir=in | app=d:\games\lost via domus\detection\launcher.exe |
"{59CDDD20-7080-4C93-A5E9-73AE1AC9D506}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5C7C13EC-4811-4CB8-9BCC-1674E1FF48A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5D125E11-9EA5-4DB7-8F29-E53F6E5907B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5DA5520C-A7A2-4111-A001-B0FCD1D478B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5E88C156-642A-43D9-B825-CA44DA50E2F0}" = protocol=17 | dir=in | app=d:\games\codename eagle\ce.exe |
"{61DC7026-0984-45E7-BC91-91FE5E8087D0}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{621C4A12-7597-4CAE-8161-E55B73EA5D2E}" = protocol=58 | dir=in |
[email protected],-28545 |
"{65210A00-F8A4-4550-BA2B-02954CD7A31B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{697B03EC-EB63-434B-BB54-55C984BCFD27}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{7456601F-F4F5-43F6-BBE2-1295B2798031}" = protocol=58 | dir=in | app=system |
"{74F47DA3-4957-48A6-B361-2937411D11B1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{76E5A99D-688A-4D84-A85B-3220CA7826A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{8357DE09-67FB-4151-BA7F-16684BC13B49}" = protocol=6 | dir=in | app=d:\games\codename eagle\lobby.exe |
"{84D9AA49-17DE-4C30-B42A-6AE85172B746}" = protocol=17 | dir=in | app=d:\games\lost via domus\yeti_final_win32.exe |
"{854B0BB5-35C1-4CBD-ADBD-6A516457597A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89F0F018-9FF4-44BE-A4EB-DBAD9E683D1D}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{8B790030-21A6-4046-80F5-75C3958F097D}" = protocol=6 | dir=in | app=d:\games\codename eagle\ce.exe |
"{98560BE1-0010-4AE2-B1D6-6ED4BAD1AF37}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{9E615BC3-0015-47DD-9F43-0E4D6AA0FE3E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{A10E4941-F106-4949-9DD9-E86F16C07E75}" = protocol=17 | dir=in | app=d:\games\lost via domus\gu.exe |
"{A8DAAC52-343C-443F-AEBF-4F6B7217CDFA}" = protocol=6 | dir=in | app=d:\games\lost via domus\yeti_final_win32.exe |
"{B256C1C1-AEB6-4F0A-AA96-E2D956EF9806}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4259307-6CE3-4B92-9466-7740BC54B7B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB122876-A5FB-461F-9A09-39132701B2CC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BE9281E9-0C6C-4B51-95F6-9F87314A494D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1C755CE-A661-471E-8A18-9BC29825A6E0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{C556B6DD-CE40-4275-BAB8-5C9995385049}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C896A48A-2D38-4F11-82D7-3662183C29AE}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe |
"{CCCBF416-7A1D-4BEB-8D74-4AC9CDB4DE37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CEF8E341-4A55-4A2E-ABD5-1F0325A643B2}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe |
"{D97EFB98-E414-404F-A7F4-2DFB922AB696}" = protocol=58 | dir=out |
[email protected],-28546 |
"{E044FCA4-D58C-469D-BBED-6AC77E6118D8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{F05B6B69-8907-4F8D-AA1C-F0F658882E06}" = protocol=1 | dir=in |
[email protected],-28543 |
"{F2B437C1-251F-4D89-A754-C3A20CB3582C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FA5B1E97-F7D9-4D8C-AE14-CF6FC35E7D86}" = protocol=6 | dir=out | app=system |
"{FE7025FF-2959-4C46-9593-3F8B9AD9F4AD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"TCP Query User{0059D8A7-AF91-40EE-8043-1235CA9426B0}C:\users\mitey fresh\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\mitey fresh\appdata\roaming\spotify\spotify.exe |
"TCP Query User{1CBF42CC-8B9A-4582-B34F-21518CE169C6}C:\users\mitey fresh\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\mitey fresh\appdata\roaming\spotify\spotify.exe |
"TCP Query User{406FAF84-452C-49F7-BAC9-19DD8A1727BC}D:\games\codename eagle\iplist.exe" = protocol=6 | dir=in | app=d:\games\codename eagle\iplist.exe |
"TCP Query User{7D94B055-3F99-4304-961F-BFC470B92521}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe |
"TCP Query User{C085D7FB-A49B-4CDA-9628-804A618ECFBE}D:\games\codename eagle\lobby.exe" = protocol=6 | dir=in | app=d:\games\codename eagle\lobby.exe |
"TCP Query User{C691299A-30B2-4403-AA11-B0A5953AE889}D:\games\gta san andreas\gta sa with cleo mod\proxy_sa.exe" = protocol=6 | dir=in | app=d:\games\gta san andreas\gta sa with cleo mod\proxy_sa.exe |
"TCP Query User{DA14DA00-6F7D-4C44-B830-0C9C4076F3D5}D:\games\steam\steamapps\common\starbound\win32\starbound_server.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\starbound\win32\starbound_server.exe |
"TCP Query User{DA62D2E0-210E-462C-BFE6-4578546DEBEC}D:\games\codename eagle\ce.exe" = protocol=6 | dir=in | app=d:\games\codename eagle\ce.exe |
"UDP Query User{0EB46071-1301-423C-A60B-A1BA9397331E}D:\games\steam\steamapps\common\starbound\win32\starbound_server.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\starbound\win32\starbound_server.exe |
"UDP Query User{249359C5-4B04-420F-B2A8-CC3F46FD02F4}D:\games\gta san andreas\gta sa with cleo mod\proxy_sa.exe" = protocol=17 | dir=in | app=d:\games\gta san andreas\gta sa with cleo mod\proxy_sa.exe |
"UDP Query User{3DD764F9-C7AB-4B2F-B41F-01E700A045D4}D:\games\codename eagle\iplist.exe" = protocol=17 | dir=in | app=d:\games\codename eagle\iplist.exe |
"UDP Query User{5AC26F4A-3D57-4F7C-92F8-39E22CE5E857}C:\users\mitey fresh\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\mitey fresh\appdata\roaming\spotify\spotify.exe |
"UDP Query User{633F24D5-BB9C-4C70-B201-C47B1E152309}D:\games\codename eagle\lobby.exe" = protocol=17 | dir=in | app=d:\games\codename eagle\lobby.exe |
"UDP Query User{72F728F1-2F37-4747-B67B-7D19EE8E2D6B}C:\users\mitey fresh\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\mitey fresh\appdata\roaming\spotify\spotify.exe |
"UDP Query User{7EAEBC5E-DC35-48A7-8A50-B3140CEB1316}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe |
"UDP Query User{E6D0FFF1-98A5-4452-B161-21E64DCA05B8}D:\games\codename eagle\ce.exe" = protocol=17 | dir=in | app=d:\games\codename eagle\ce.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{C168639F-5810-4EC8-B1E8-0251AA8A771C}" = File Association Helper
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}" = WinZip 18.5
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{22800204-9E53-45C7-B6F3-5BB0F1C1A147}" = Jing
"{24D37B30-83B4-46A7-A691-30F2FCEAE58E}" = AUSkey software 1.4.4
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 65
"{2702B8FC-6003-4AC6-ADBC-EC65746D800A}" = Lost Via Domus
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{37476589-E48E-439E-A706-56189E2ED4C4}_is1" = Browser AdBlocker
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}" = Microsoft Games for Windows Marketplace
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AC7E7905-8C59-4806-A96D-30936A2B1FC5}" = Citrix Online Launcher
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C6640705-7479-4EE5-BC86-879F05F65E74}" = Google Drive
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DE730F37-A198-4112-A3B6-97786F34354A}" = ECI Client v6.0
"{E0601182-5F00-4513-95D0-AFDCB7A0C658}" = calibre
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{EF5E9233-9C42-41C4-AD58-1522DDF89018}" = LogMeIn Hamachi
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fallout New Vegas Ultimate Edition_is1" = Fallout New Vegas Ultimate Edition
"Google Chrome" = Google Chrome
"iSkysoft Video Converter Ultimate_is1" = iSkysoft Video Converter Ultimate(Build 5.4.1.0)
"LogMeIn Hamachi" = LogMeIn Hamachi
"MixPad" = MixPad
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.3" = MTA:SA v1.3.5
"OutfoxTV" = OutfoxTV
"outlookset" = Outlook Setup Tool
"PhotoPad" = PhotoPad Image Editor
"Pixillion" = Pixillion Image Converter
"Steam" = Steam
"Steam App 211820" = Starbound
"Switch" = Switch Sound File Converter
"VLC media player" = VLC media player
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2275511576-419542734-2349628481-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 6.4.4.1831
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20/10/2014 7:11:29 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 20/10/2014 7:11:29 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
Error - 21/10/2014 3:40:31 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 21/10/2014 3:40:31 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
Error - 21/10/2014 10:14:56 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 21/10/2014 10:14:56 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
Error - 21/10/2014 11:04:41 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 21/10/2014 11:04:41 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
Error - 21/10/2014 11:11:33 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 21/10/2014 11:11:33 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
[ System Events ]
Error - 20/10/2014 10:28:01 AM | Computer Name = Kirra-PC | Source = Service Control Manager | ID = 7030
Description = The LogMeIn Hamachi Tunneling Engine service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.
Error - 21/10/2014 11:09:30 PM | Computer Name = Kirra-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Google
Update Service (gupdate) service to connect.
Error - 21/10/2014 11:09:30 PM | Computer Name = Kirra-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053
< End of report >