Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer infected with Coupoon, Infonaut, Crossbrowse and others [Solv


  • This topic is locked This topic is locked

#1
awesomesauce

awesomesauce

    Member

  • Member
  • PipPip
  • 21 posts

Hi there,

The computer is infected with malware/spyware that is popping up everywhere. Not appearing as Chrome plug-ins, but are listed in programs.

Tried to uninstall without success.

 

The malicious programs include: Coupoon, InfoNaut, GamesDesktop, SmartWeb, CrossBrowse, BlockAndSurf, StormWatch, possibly others.

If I try to uninstall these programs, the pop-up says: "Please wait until the current program is finished uninstalling" even though there is no uninstalling occurring.

 

Please help.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by Mitey Fresh (administrator) on CAROLMAINMYF-PC on 02-05-2015 17:13:17
Running from C:\Users\Mitey Fresh\Desktop
Loaded Profiles: Mitey Fresh (Available profiles: Mitey Fresh & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser path: "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\ProgramData\Trusted Publisher\GS_Booster\GS_Booster.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
() C:\Windows\rcore.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Flux Software LLC) C:\Users\Mitey Fresh\AppData\Local\FluxSoftware\Flux\flux.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Super PC Tools Ltd) C:\ProgramData\{04f41e6c-2a9d-2153-04f4-41e6c2a979b0}\hqghumeaylnlf.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\StormWatch.exe
() C:\Program Files (x86)\StormWatch\StormWatchApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr_x64.exe
() C:\Users\Mitey Fresh\AppData\Roaming\00000000-1430531197-0000-0000-1C6F65D74BC8\jnss5797.tmp
() C:\Users\Mitey Fresh\AppData\Local\Temp\nswF427.tmp
() C:\Users\Mitey Fresh\AppData\Local\Temp\nsj87A0.tmp
(CMI Limited) C:\Users\Mitey Fresh\AppData\Local\Temp\nsu10EC.tmp
(CMI Limited) C:\Users\Mitey Fresh\AppData\Local\Temp\nsh10B4.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Infonaut) C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe
() C:\Program Files (x86)\gmsd_au_257\gmsd_au_257.exe
() C:\Users\Mitey Fresh\AppData\Local\gmsd_au_257\upgmsd_au_257.exe
(SoftBrain Technologies Ltd.) C:\Users\Mitey Fresh\AppData\Local\SmartWeb\SmartWebHelper.exe
(SoftBrain Technologies Ltd.) C:\Users\Mitey Fresh\AppData\Local\SmartWeb\SmartWebApp.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
() C:\Program Files (x86)\version64BlockAndSurf\J4BlockAndSurfJ52.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
() C:\Program Files (x86)\gmsd_au_257\gmsd_au_257.exe
() C:\Users\Mitey Fresh\AppData\Roaming\00000000-1430531197-0000-0000-1C6F65D74BC8\nsd457C.tmp
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\user.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-07-19] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-07-19] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort10reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [255528 2007-02-01] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SignIn] => C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe [1742704 2011-03-16] (Microsoft Corporation)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [VideoDownloadConverter Search Scope Monitor] => C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe [42536 2012-08-02] (MindSpark)
HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] => C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe [30096 2012-08-02] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [gmsd_au_22] => [X]
HKLM-x32\...\Run: [gmsd_au_257] => C:\Program Files (x86)\gmsd_au_257\gmsd_au_257.exe [3982792 2015-04-30] ()
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Mitey Fresh\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\RunOnce: [upgmsd_au_257.exe] => C:\Users\Mitey Fresh\AppData\Local\gmsd_au_257\upgmsd_au_257.exe [3289032 2015-04-30] ()
HKLM-x32\...\RunOnce: [Update] => C:\Users\Mitey Fresh\AppData\Roaming\ASPackage\ASPackage.exe /runonce
HKU\S-1-5-21-571144041-3803823455-759090921-1000\...\Run: [BIBLauncher] => C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe [912688 2012-12-10] ()
HKU\S-1-5-21-571144041-3803823455-759090921-1000\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation)
HKU\S-1-5-21-571144041-3803823455-759090921-1000\...\Run: [NvCplWow64] => %SystemRoot%\SysWOW64\Rundll32.exe "%AppData%\Microsoft Corporation\cmspprxy.pig",Control_RunDLL
HKU\S-1-5-21-571144041-3803823455-759090921-1000\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-571144041-3803823455-759090921-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-571144041-3803823455-759090921-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-571144041-3803823455-759090921-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-571144041-3803823455-759090921-1000\...\Run: [f.lux] => C:\Users\Mitey Fresh\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-571144041-3803823455-759090921-1000\...\Run: [GoogleChromeAutoLaunch_23E45583CFC8895BE5D10DE1E4ABBEA7] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-03-17] (Crossbrowse)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk [2011-08-23]
ShortcutTarget: Bloggie Watcher Utility.lnk -> C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Comm100 Live Chat.lnk [2013-11-18]
ShortcutTarget: Comm100 Live Chat.lnk -> C:\Program Files (x86)\Comm100 Live Chat\Comm100 Live Chat.exe ()
Startup: C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-05-02]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
Startup: C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk [2013-11-18]
ShortcutTarget: Dragon NaturallySpeaking.lnk -> C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.)
Startup: C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-02-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-23]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{04f41e6c-2a9d-2153-04f4-41e6c2a979b0}\hqghumeaylnlf.exe (Super PC Tools Ltd)
Startup: C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2014-12-23]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-05-02]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Mitey Fresh\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
Startup: C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk [2014-12-23]
ShortcutTarget: StormWatch.lnk -> C:\Program Files (x86)\StormWatch\StormWatch.exe (Weather Protector LLC)
Startup: C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk [2014-12-23]
ShortcutTarget: StormWatchApp.lnk -> C:\Program Files (x86)\StormWatch\StormWatchApp.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...8LNXXXX5VP818LN
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...8LNXXXX5VP818LN
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKU\S-1-5-21-571144041-3803823455-759090921-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-sea...E581C6F65D74BC8
HKU\S-1-5-21-571144041-3803823455-759090921-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-571144041-3803823455-759090921-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
HKU\S-1-5-21-571144041-3803823455-759090921-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tikotin.com
URLSearchHook: HKU\S-1-5-21-571144041-3803823455-759090921-1000 - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark)
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pu-...902&lg=EN&cc=AU
SearchScopes: HKU\S-1-5-21-571144041-3803823455-759090921-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-571144041-3803823455-759090921-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-571144041-3803823455-759090921-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-571144041-3803823455-759090921-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKU\S-1-5-21-571144041-3803823455-759090921-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-571144041-3803823455-759090921-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-571144041-3803823455-759090921-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pu-...902&lg=EN&cc=AU
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: BlockAndSurf -> {9878D989-C010-66BE-051D-F8E5E761D59A} -> C:\Program Files (x86)\version64BlockAndSurf\192_x64.dll [2015-05-02] ()
BHO: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-27] (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll [2012-09-20] (Simple Adblock)
BHO-x32: Toolbar BHO -> {312f84fb-8970-4fd3-bddb-7012eac4afc9} -> C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll [2012-08-02] (MindSpark)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: BlockAndSurf -> {9878D989-C010-66BE-051D-F8E5E761D59A} -> C:\Program Files (x86)\version64BlockAndSurf\192.dll [2015-05-02] ()
BHO-x32: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\SEARCH~2.DLL No File
BHO-x32: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll [2013-01-23] (Delta-search.com)
BHO-x32: Search Assistant BHO -> {c547c6c2-561b-4169-a2a5-20ba771ca93b} -> C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll [2012-08-02] (MindSpark)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-13] (Sun Microsystems, Inc.)
BHO-x32: Yontoo Layers (Drop Down Deals) -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll [2011-11-17] (Yontoo LLC)
BHO-x32: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll [2012-09-20] (Simple Adblock)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27] (Google Inc.)
Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll [2012-08-02] (MindSpark)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll [2013-01-23] (Delta-search.com)
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\SEARCH~2.DLL No File
Toolbar: HKU\S-1-5-21-571144041-3803823455-759090921-1000 -> No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File
Toolbar: HKU\S-1-5-21-571144041-3803823455-759090921-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://isearch.omiga...8LNXXXX5VP818LN
 
FireFox:
========
FF ProfilePath: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default
FF NewTab: hxxp://isearch.omiga-plus.com/newtab/?type=nt&ts=1419304002&from=tugs&uid=ST31000524AS_5VP818LNXXXX5VP818LN
FF DefaultSearchEngine: omiga-plus
FF DefaultSearchEngine,S: 
FF DefaultSearchUrl: 
FF SearchEngineOrder.1: 
FF SearchEngineOrder.1,S: 
FF SelectedSearchEngine: omiga-plus
FF SelectedSearchEngine,S: 
FF Homepage: hxxp://tikotin.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-13] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll [2012-08-02] (MindSpark)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-571144041-3803823455-759090921-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Mitey Fresh\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-15] (Citrix Online)
FF Plugin HKU\S-1-5-21-571144041-3803823455-759090921-1000: @sony.com/Some -> C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll [2011-06-09] (Sony)
FF Plugin HKU\S-1-5-21-571144041-3803823455-759090921-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mitey Fresh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-05] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\user.js [2015-05-02]
FF SearchPlugin: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\searchplugins\askcom.xml [2011-08-23]
FF SearchPlugin: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\searchplugins\babylon.xml [2013-05-02]
FF SearchPlugin: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\searchplugins\BrowserProtect.xml [2013-05-02]
FF SearchPlugin: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\searchplugins\delta.xml [2013-04-06]
FF SearchPlugin: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\searchplugins\Search_Results.xml [2012-09-12]
FF SearchPlugin: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\searchplugins\WebSearch.xml [2013-05-20]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013-04-06]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\omiga-plus.xml [2014-12-23]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012-09-12]
FF Extension: VideoDownloadConverter - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\Extensions\[email protected]_4z.com [2014-01-11]
FF Extension: BrouwsEe2save - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\Extensions\[email protected] [2013-04-26]
FF Extension: Fast Start - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\Extensions\[email protected] [2014-12-23]
FF Extension: FavIconReloadermozillaorg - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\Extensions\[email protected] [2014-12-28]
FF Extension: Delta Toolbar - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\Extensions\[email protected] [2013-04-06]
FF Extension: Searcohy-NewTaeb - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\Extensions\[email protected] [2013-04-26]
FF Extension: Searchqu Toolbar - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012-09-12]
FF Extension: Yontoo - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\Extensions\[email protected] [2013-02-20]
FF Extension: Adblock Plus - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-06-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]_4z.com] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin
FF Extension: VideoDownloadConverter - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin [2012-08-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\extensions\[email protected]
FF HKU\S-1-5-21-571144041-3803823455-759090921-1000\...\Firefox\Extensions: [{A8EF1E73-D8F4-9AEF-BFB9-FCFFD6101C88}] - C:\Program Files (x86)\version64BlockAndSurf\192.xpi
FF Extension: BlockAndSurf - C:\Program Files (x86)\version64BlockAndSurf\192.xpi [2015-05-02]
FF Extension: No Name - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\extensions\[email protected] [Not Found]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://isearch.omiga...8LNXXXX5VP818LN
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Sony Online Media Engine) - C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll (Sony)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Mitey Fresh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-04]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Mitey Fresh\AppData\Roaming\BabSolution\CR\Delta.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Mitey Fresh\AppData\Local\Torch\Plugins\TorchPlugin.crx [2013-04-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\MITEYF~1\AppData\Local\Temp\YontooLayers.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-26] (Just Develop It) <==== ATTENTION
S2 CoupoonService64; C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [172344 2015-04-03] ()
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [111616 2014-03-01] (Microsoft Corporation) [File not signed]
R2 insvc_1.10.0.14; C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe [278600 2015-04-11] (Infonaut)
R2 jedyhusi; C:\Users\Mitey Fresh\AppData\Roaming\00000000-1430531197-0000-0000-1C6F65D74BC8\nsd457C.tmp [148992 2015-05-02] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 rcores; C:\Windows\rcore.exe [4959744 2014-12-21] () [File not signed]
R2 riqeneho; C:\Users\Mitey Fresh\AppData\Roaming\00000000-1430531197-0000-0000-1C6F65D74BC8\jnss5797.tmp [198656 2015-05-02] () [File not signed]
R2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [17584 2014-11-22] (Weather Protector LLC)
R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-05-02] ()
R2 VideoDownloadConverter_4zService; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe [42504 2012-08-02] (COMPANYVERS_NAME)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R1 innfd_1_10_0_14; C:\Windows\System32\drivers\innfd_1_10_0_14.sys [58224 2015-04-11] (Infonaut)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2015-04-03] (NetFilterSDK.com)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R2 webTinstMKTN84; C:\Windows\system32\Drivers\webTinstMKTN84.sys [50216 2015-05-02] ()
S1 asbatsau; \??\C:\Windows\system32\drivers\asbatsau.sys [X]
S1 evleuqss; \??\C:\Windows\system32\drivers\evleuqss.sys [X]
S1 jqzvopac; \??\C:\Windows\system32\drivers\jqzvopac.sys [X]
S1 kuiivusg; \??\C:\Windows\system32\drivers\kuiivusg.sys [X]
S1 mvqjszvp; \??\C:\Windows\system32\drivers\mvqjszvp.sys [X]
S1 phbqursp; \??\C:\Windows\system32\drivers\phbqursp.sys [X]
S1 wpnfd_1_10_0_5; system32\drivers\wpnfd_1_10_0_5.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-02 17:13 - 2015-05-02 17:17 - 00040486 _____ () C:\Users\Mitey Fresh\Desktop\FRST.txt
2015-05-02 17:12 - 2015-05-02 17:15 - 00000000 ____D () C:\FRST
2015-05-02 17:11 - 2015-05-02 17:11 - 00002838 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2015-05-02 17:11 - 2015-05-02 17:11 - 00001045 _____ () C:\Users\Mitey Fresh\Desktop\AnyProtect.lnk
2015-05-02 17:11 - 2015-05-02 17:11 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-05-02 17:10 - 2015-05-02 17:10 - 02101248 _____ (Farbar) C:\Users\Mitey Fresh\Desktop\FRST64.exe
2015-05-02 17:09 - 2015-05-02 17:10 - 02101248 _____ (Farbar) C:\Users\Mitey Fresh\Downloads\FRST64.exe
2015-05-02 17:02 - 2015-05-02 17:11 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-05-02 17:02 - 2015-05-02 17:02 - 00613255 _____ (CMI Limited) C:\Users\Mitey Fresh\AppData\Local\nstA834.tmp
2015-05-02 15:23 - 2015-05-02 17:17 - 00000112 _____ () C:\ProgramData\YG2KU1.dat
2015-05-02 15:22 - 2015-05-02 15:22 - 00003116 _____ () C:\Windows\System32\Tasks\BlockAndSurf Update
2015-05-02 15:22 - 2015-05-02 15:22 - 00002286 _____ () C:\Windows\patsearch.bin
2015-05-02 15:22 - 2015-05-02 15:22 - 00000456 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2015-05-02 15:22 - 2015-05-02 15:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2015-05-02 15:22 - 2015-05-02 15:21 - 00050216 _____ () C:\Windows\system32\Drivers\webTinstMKTN84.sys
2015-05-02 15:21 - 2015-05-02 15:21 - 00004098 _____ () C:\Windows\System32\Tasks\Crossbrowse
2015-05-02 15:21 - 2015-05-02 15:21 - 00001068 _____ () C:\Windows\Tasks\Crossbrowse.job
2015-05-02 15:21 - 2015-05-02 15:21 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Crossbrowse
2015-05-02 15:21 - 2015-05-02 15:21 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Local\Crossbrowse
2015-05-02 15:21 - 2015-05-02 15:21 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Crossbrowse
2015-05-02 15:21 - 2015-05-02 15:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Crossbrowse
2015-05-02 15:21 - 2015-05-02 15:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Crossbrowse
2015-05-02 15:21 - 2015-05-02 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-05-02 15:21 - 2015-05-02 15:21 - 00000000 ____D () C:\Program Files (x86)\version64BlockAndSurf
2015-05-02 15:19 - 2015-05-02 15:19 - 00000000 ____D () C:\Program Files (x86)\Crossbrowse
2015-05-02 15:18 - 2015-05-02 15:18 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-02 15:17 - 2015-05-02 15:22 - 00000000 ____D () C:\Program Files\Coupoon
2015-05-02 15:17 - 2015-05-02 15:21 - 00000000 ____D () C:\Program Files (x86)\Coupoon
2015-05-02 15:17 - 2015-05-02 15:17 - 00000005 _____ () C:\end
2015-05-02 15:16 - 2015-05-02 15:52 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Local\gmsd_au_257
2015-05-02 15:16 - 2015-05-02 15:16 - 00004072 _____ () C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-05-02 15:16 - 2015-05-02 15:16 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Local\SmartWeb
2015-05-02 15:16 - 2015-05-02 15:16 - 00000000 ____D () C:\Program Files (x86)\gmsd_au_257
2015-05-02 15:15 - 2015-05-02 15:15 - 00000000 ____D () C:\Program Files (x86)\Infonaut_1.10.0.14
2015-05-02 11:46 - 2015-05-02 16:21 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\00000000-1430531197-0000-0000-1C6F65D74BC8
2015-04-23 19:27 - 2015-04-30 04:50 - 00000000 ____D () C:\ProgramData\{04f41e6c-2a9d-2153-04f4-41e6c2a979b0}
2015-04-15 22:29 - 2015-04-15 22:29 - 00597304 _____ () C:\Users\Mitey Fresh\Downloads\flux-setup.exe
2015-04-15 22:29 - 2015-04-15 22:29 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-04-15 22:29 - 2015-04-15 22:29 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Local\FluxSoftware
2015-04-15 05:08 - 2015-03-25 13:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 05:08 - 2015-03-25 13:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 05:08 - 2015-03-25 13:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 05:08 - 2015-03-25 13:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 05:08 - 2015-03-25 13:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 05:08 - 2015-03-25 13:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 05:08 - 2015-03-25 13:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 05:08 - 2015-03-25 13:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 05:08 - 2015-03-25 13:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 05:08 - 2015-03-25 13:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 05:08 - 2015-03-25 13:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 05:08 - 2015-03-25 13:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 05:08 - 2015-03-25 13:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 05:08 - 2015-03-25 13:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 05:08 - 2015-03-25 13:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 05:08 - 2015-03-25 13:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 05:08 - 2015-03-23 13:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 05:08 - 2015-03-23 13:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 05:08 - 2015-03-23 13:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 05:08 - 2015-03-23 13:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 05:08 - 2015-03-23 13:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 05:08 - 2015-03-23 13:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 05:08 - 2015-03-23 13:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 05:08 - 2015-03-23 13:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 05:08 - 2015-03-17 15:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 05:08 - 2015-03-17 15:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 05:08 - 2015-03-17 15:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 05:08 - 2015-03-17 15:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 05:08 - 2015-03-17 15:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 05:08 - 2015-03-17 15:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 05:08 - 2015-03-17 15:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 05:08 - 2015-03-17 15:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 05:08 - 2015-03-17 15:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 05:08 - 2015-03-17 15:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 05:08 - 2015-03-17 15:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 05:08 - 2015-03-17 15:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 05:08 - 2015-03-17 15:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 05:08 - 2015-03-17 15:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 05:08 - 2015-03-17 15:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 05:08 - 2015-03-17 15:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 05:08 - 2015-03-17 15:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 05:08 - 2015-03-17 15:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 05:08 - 2015-03-17 15:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 05:08 - 2015-03-17 15:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 05:08 - 2015-03-17 15:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 05:08 - 2015-03-17 15:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 05:08 - 2015-03-17 15:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 05:08 - 2015-03-17 15:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 05:08 - 2015-03-17 15:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 05:08 - 2015-03-17 15:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 05:08 - 2015-03-17 15:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 05:08 - 2015-03-17 15:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 05:08 - 2015-03-17 15:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 05:08 - 2015-03-17 15:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 05:08 - 2015-03-17 15:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 15:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 05:08 - 2015-03-17 15:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 05:08 - 2015-03-17 14:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 05:08 - 2015-03-17 14:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 05:08 - 2015-03-17 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 05:08 - 2015-03-17 14:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 05:08 - 2015-03-17 14:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 05:08 - 2015-03-17 14:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 05:08 - 2015-03-17 14:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 05:08 - 2015-03-17 14:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 05:08 - 2015-03-17 14:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 05:08 - 2015-03-17 14:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 05:08 - 2015-03-17 14:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 05:08 - 2015-03-17 14:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 05:08 - 2015-03-17 14:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 05:08 - 2015-03-17 14:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 05:08 - 2015-03-17 14:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 05:08 - 2015-03-17 14:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 05:08 - 2015-03-17 14:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 05:08 - 2015-03-17 14:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 05:08 - 2015-03-10 13:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 05:08 - 2015-03-10 13:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 05:08 - 2015-03-10 13:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 05:08 - 2015-03-10 13:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 05:08 - 2015-03-05 15:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 05:08 - 2015-03-05 14:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 05:07 - 2015-03-17 15:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 05:07 - 2015-03-17 15:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 05:07 - 2015-03-17 15:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 05:07 - 2015-03-17 15:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 05:07 - 2015-03-17 15:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 05:07 - 2015-03-17 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 05:07 - 2015-03-17 14:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 05:07 - 2015-03-17 14:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 05:07 - 2015-03-17 14:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 05:07 - 2015-03-17 14:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 05:07 - 2015-03-17 14:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 05:07 - 2015-03-17 14:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 05:07 - 2015-03-17 14:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 05:07 - 2015-03-17 13:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 05:07 - 2015-03-17 13:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 05:07 - 2015-03-17 13:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 05:07 - 2015-03-17 13:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 05:07 - 2015-03-17 13:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 05:07 - 2015-03-17 13:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 05:07 - 2015-03-10 10:31 - 17882112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 05:07 - 2015-03-10 10:19 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 05:07 - 2015-03-10 10:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 05:07 - 2015-03-10 10:18 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 05:07 - 2015-03-10 10:14 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 05:07 - 2015-03-10 10:14 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 05:07 - 2015-03-10 10:13 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 05:07 - 2015-03-10 10:13 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 05:07 - 2015-03-10 10:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 05:07 - 2015-03-10 10:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 05:07 - 2015-03-10 10:13 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 05:07 - 2015-03-10 10:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 05:07 - 2015-03-10 10:13 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 05:07 - 2015-03-10 10:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 05:07 - 2015-03-10 10:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 05:07 - 2015-03-10 10:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 05:07 - 2015-03-10 10:12 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 05:07 - 2015-03-10 10:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 05:07 - 2015-03-10 10:12 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 05:07 - 2015-03-10 10:12 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 05:07 - 2015-03-10 10:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 05:07 - 2015-03-10 10:12 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-15 05:07 - 2015-03-10 09:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 05:07 - 2015-03-10 09:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 05:07 - 2015-03-10 09:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 05:07 - 2015-03-10 09:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 05:07 - 2015-03-10 08:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 05:07 - 2015-03-10 08:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 05:07 - 2015-03-10 08:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 05:07 - 2015-03-10 08:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 05:07 - 2015-03-10 08:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 05:07 - 2015-03-10 08:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 05:07 - 2015-03-10 08:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-15 05:07 - 2015-03-10 08:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 05:07 - 2015-03-10 08:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 05:07 - 2015-03-10 08:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 05:07 - 2015-03-10 08:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 05:07 - 2015-03-10 08:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 05:07 - 2015-03-10 08:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 05:07 - 2015-03-10 08:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 05:07 - 2015-03-10 08:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 05:07 - 2015-03-10 08:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-15 05:07 - 2015-03-10 08:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-15 05:07 - 2015-03-10 08:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-15 05:07 - 2015-03-04 14:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 05:07 - 2015-03-04 14:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 05:07 - 2015-03-04 14:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 05:07 - 2015-02-25 13:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-13 08:32 - 2015-04-13 08:32 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\AUSkey
2015-04-11 05:56 - 2015-04-11 05:56 - 00058224 _____ (Infonaut) C:\Windows\system32\Drivers\innfd_1_10_0_14.sys
2015-04-08 08:42 - 2015-04-08 08:42 - 00000000 ____D () C:\Program Files (x86)\System-Checker
2015-04-06 08:47 - 2015-04-06 08:47 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-06 08:47 - 2015-04-06 08:47 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 18:36 - 2015-04-03 18:36 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\Unity
2015-04-03 08:22 - 2015-04-03 08:22 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-02 17:13 - 2009-07-14 14:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 17:13 - 2009-07-14 14:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-02 17:11 - 2014-12-23 14:21 - 00002840 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2015-05-02 17:11 - 2014-12-23 14:21 - 00002838 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2015-05-02 17:11 - 2014-12-23 14:21 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2015-05-02 17:11 - 2014-12-23 14:21 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2015-05-02 17:11 - 2014-12-23 14:21 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2015-05-02 16:47 - 2012-11-29 11:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-02 16:31 - 2011-06-16 18:25 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-02 15:22 - 2014-04-02 22:04 - 01399040 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 15:21 - 2014-10-06 14:46 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-05-02 15:21 - 2009-07-14 14:51 - 49480723 _____ () C:\Windows\setupact.log
2015-05-02 15:19 - 2014-04-18 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-02 14:36 - 2013-07-01 17:52 - 00000714 ____H () C:\Windows\Tasks\Norton Product InstallerIdle.job
2015-05-02 11:45 - 2014-12-23 13:08 - 00000000 ___HD () C:\Users\Public\Temp
2015-05-02 09:30 - 2011-06-16 18:25 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-02 06:07 - 2013-11-29 16:50 - 00000000 ___RD () C:\Users\Mitey Fresh\Dropbox
2015-05-02 06:07 - 2013-11-29 16:44 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\Dropbox
2015-05-02 06:03 - 2014-10-06 14:47 - 00000488 ____H () C:\Windows\Tasks\GS_Booster-S-576482620.job
2015-05-02 06:03 - 2014-04-02 22:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-02 06:03 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-01 16:44 - 2012-09-26 16:04 - 00009285 ____H () C:\Users\Mitey Fresh\Documents\maxdesk.ini
2015-05-01 16:44 - 2012-09-26 15:55 - 06547360 ____H () C:\Users\Mitey Fresh\Documents\PPThumbs.ptn
2015-04-30 18:09 - 2011-06-06 06:52 - 00000000 ____D () C:\Users\Mitey Fresh\Documents\Tasman
2015-04-28 18:35 - 2012-02-09 11:10 - 00000000 ____D () C:\Users\Mitey Fresh\Documents\`Staff Computer
2015-04-28 15:23 - 2009-07-14 15:13 - 00785366 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-26 10:10 - 2013-11-29 16:45 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-23 18:46 - 2012-02-09 11:27 - 01220096 ___SH () C:\Users\Mitey Fresh\Documents\Thumbs.db
2015-04-23 18:18 - 2010-11-21 13:47 - 00019056 _____ () C:\Windows\PFRO.log
2015-04-23 11:49 - 2011-08-23 17:51 - 00000000 ____D () C:\Users\Mitey Fresh\Documents\Bloggie Library
2015-04-20 11:06 - 2011-06-21 18:53 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\Skype
2015-04-17 15:28 - 2013-10-25 12:24 - 00006101 _____ () C:\Users\Mitey Fresh\Desktop\Carols Note pad.txt
2015-04-16 08:48 - 2012-11-29 11:08 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 08:48 - 2012-11-29 11:08 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 08:48 - 2012-11-29 11:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 06:53 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 05:14 - 2011-05-13 08:20 - 00000000 ____D () C:\Users\Mitey Fresh\Documents\Carol
2015-04-16 05:06 - 2014-12-30 14:38 - 00000000 ____D () C:\Users\Mitey Fresh\Desktop\Round the home projects
2015-04-16 05:02 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 04:59 - 2009-07-14 15:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-16 04:57 - 2014-12-11 03:20 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 04:57 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 04:57 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 22:49 - 2014-04-03 09:36 - 00769348 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 22:48 - 2013-07-15 21:31 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 22:41 - 2014-04-04 08:02 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-07 16:21 - 2011-05-14 20:15 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\.minecraft
2015-04-07 14:28 - 2011-05-13 08:20 - 00000000 ____D () C:\Users\Mitey Fresh\Documents\Adina
2015-04-04 15:34 - 2011-06-16 18:16 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
 
==================== Files in the root of some directories =======
 
2013-04-23 16:13 - 2013-02-10 07:55 - 0114176 _____ () C:\Users\Mitey Fresh\AppData\Roaming\BabMaint.exe
2012-12-11 20:44 - 2012-12-12 13:49 - 0001719 _____ () C:\Users\Mitey Fresh\AppData\Roaming\bibstats
2014-12-23 13:08 - 2014-12-23 13:08 - 1487840 _____ (HQ VideoV22.12) C:\Users\Mitey Fresh\AppData\Roaming\IW.exe
2014-03-14 08:28 - 2014-11-24 08:00 - 0000165 _____ () C:\Users\Mitey Fresh\AppData\Roaming\Opusbext.dat
2011-05-23 15:03 - 2011-07-23 15:15 - 0001355 _____ () C:\Users\Mitey Fresh\AppData\Roaming\SAS7_000.DAT
2014-12-23 13:07 - 2014-12-23 13:07 - 1815520 _____ (HQ VideoV22.12) C:\Users\Mitey Fresh\AppData\Roaming\SZUL.exe
2014-11-25 13:44 - 2014-11-25 13:44 - 0004096 ____H () C:\Users\Mitey Fresh\AppData\Local\keyfile3.drm
2014-12-23 14:19 - 2014-12-23 14:19 - 0628496 _____ (CMI Limited) C:\Users\Mitey Fresh\AppData\Local\nsq5C9F.tmp
2015-05-02 17:02 - 2015-05-02 17:02 - 0613255 _____ (CMI Limited) C:\Users\Mitey Fresh\AppData\Local\nstA834.tmp
2015-05-02 15:23 - 2015-05-02 17:18 - 0000112 _____ () C:\ProgramData\YG2KU1.dat
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-571144041-3803823455-759090921-1000\$9430fe1d1ff3e329fb03ccb693dbb6d5
 
Files to move or delete:
====================
C:\ProgramData\YG2KU1.dat
 
 
Some content of TEMP:
====================
C:\Users\Mitey Fresh\AppData\Local\Temp\1.tmp.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\1506.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\212C9CF6-2656-23C4-E871-70C9460F6C97.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\3737.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\5624.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\6697.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\7047.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\9C2A3796-3B3C-3BE8-4FA6-937D9CE2362F.dll
C:\Users\Mitey Fresh\AppData\Local\Temp\9C2A3796-3B3C-3BE8-4FA6-937D9CE2362F.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\A1665040-58B7-6739-08C1-52EDA8FAE4B9.dll
C:\Users\Mitey Fresh\AppData\Local\Temp\A1665040-58B7-6739-08C1-52EDA8FAE4B9.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\ba1affD1b82.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\BD091071-59E5-A031-7159-3224E0CFF058.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\bitool.dll
C:\Users\Mitey Fresh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpijkauc.dll
C:\Users\Mitey Fresh\AppData\Local\Temp\jueBF72.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\Launcher__10890.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\optprosetup.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\setup_364.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\setup_644.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\Shop2.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\SpOrder.dll
C:\Users\Mitey Fresh\AppData\Local\Temp\supoptsetup.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\Uninstall.exe
C:\Users\Mitey Fresh\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-24 02:47
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by Mitey Fresh at 2015-05-02 17:19:46
Running from C:\Users\Mitey Fresh\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-571144041-3803823455-759090921-500 - Administrator - Disabled)
Guest (S-1-5-21-571144041-3803823455-759090921-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-571144041-3803823455-759090921-1014 - Limited - Enabled)
Mitey Fresh (S-1-5-21-571144041-3803823455-759090921-1000 - Administrator - Enabled) => C:\Users\Mitey Fresh
UpdatusUser (S-1-5-21-571144041-3803823455-759090921-1003 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.12 - GIGABYTE)
Acoolsoft PPT to Video Pro 3.2.7 (HKLM-x32\...\Acoolsoft PPT to Video Pro_is1) (Version: 3.2.7 - Acoolsoft Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-571144041-3803823455-759090921-1000\...\Amazon Kindle) (Version:  - Amazon)
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.4 - CMI Limited) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BlockAndSurf (HKLM-x32\...\C832807B-BDCF-2F7D-44A3-697848F4D5BB) (Version:  - BlockAndSurf-software) <==== ATTENTION
Bloggie Software (HKLM-x32\...\BloggieSoftware) (Version: 3.3.1.73 - Sony)
Bloggie Software (x32 Version: 3.3.1.73 - Sony Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowseToSave 1.74 (HKLM-x32\...\SP_f2a323db) (Version:  - ) <==== ATTENTION
Business-in-a-Box (HKLM-x32\...\Business-in-a-Box) (Version: 5.0.4 - Biztree Inc.)
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Comm100 Live Chat (HKLM-x32\...\Com.Comm100.LiveChat.AirVisitorMonitor.En.ED02F0ED4016DF29F52CC2E3BD1ED89CCC440D32.1) (Version: 7.5.2 - Comm100 Network Corporation)
Comm100 Live Chat (x32 Version: 7.5.2 - Comm100 Network Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupoon version 1.0 (HKLM-x32\...\{49F8B4F8-0CD4-4BE4-A9E8-B13A071F7C90}_is1) (Version: 1.0 - Coupoon) <==== ATTENTION
Crossbrowse (HKLM-x32\...\Crossbrowse) (Version: 39.5.2171.95 - The Crossbrowse Authors) <==== ATTENTION!
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version:  - Visual Tools) <==== ATTENTION
Delta toolbar   (HKLM-x32\...\delta) (Version: 1.8.10.0 - Delta) <==== ATTENTION
DomaIQ (HKLM-x32\...\DomaIQ Uninstaller) (Version:  - Tuguu SLU) <==== ATTENTION
Dragon NaturallySpeaking 10 (HKLM-x32\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.300 - Nuance Communications Inc.)
Dropbox (HKU\S-1-5-21-571144041-3803823455-759090921-1000\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
f.lux (HKU\S-1-5-21-571144041-3803823455-759090921-1000\...\Flux) (Version:  - )
GamesDesktop 027.257 (HKLM-x32\...\gmsd_au_257_is1) (Version:  - GAMESDESKTOP) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoSAve (HKLM-x32\...\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}) (Version: 1.1.0.1843 - ) <==== ATTENTION
GS_Booster (HKLM-x32\...\S-576482620) (Version: 3.0.0.1446 - PremiumSoft) <==== ATTENTION
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Infonaut 1.10.0.14 (HKLM-x32\...\Infonaut_1.10.0.14) (Version: 1.10.0.14 - Infonaut)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Online Services Sign In (HKLM-x32\...\{A91E3887-5185-4091-AF33-AB0048444055}) (Version: 1.0.1442.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 11.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 11.0 (x86 en-US)) (Version: 11.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Numbers Up!2 V1.1 Baggin' the Dragon (HKLM-x32\...\Numbers_Up2V1.0) (Version:  - )
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OKI Color Swatch Utility (HKLM-x32\...\{A344F95E-E51A-450C-8F84-C940BF61903E}) (Version: 2.1.12 - Okidata)
OKI MC5(3)x2/ES5(3)4x2 Scanner (HKLM-x32\...\InstallShield_{14915907-DB64-49DC-BB9D-1935D38CD250}) (Version: 1.0.2.0 - Oki Data Corporation)
OLYMPUS Master 2 (HKLM-x32\...\{0815D55A-5EFF-4E1B-8C04-7035E914D90D}) (Version: 1.0.10 - OLYMPUS IMAGING CORP.)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
PaperPort Image Printer (HKLM\...\{D16193A3-921A-4134-B381-597C8F4B8EBD}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.26.902.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.20.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.20.0 - Renesas Electronics Corporation) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
ScannerDriver (Version: 1.0.2.0 - Oki Data Corporation) Hidden
ScanSoft PaperPort 10 (HKLM-x32\...\{80911AD4-0255-4467-A6DD-F8BCA1F2F94A}) (Version: 10.4.1000 - Nuance Communications, Inc.)
Search Assistant WebSearch 1.74 (HKLM-x32\...\SP_4e24eecb) (Version:  - ) <==== ATTENTION
Searcohy-NewTaeb (HKLM-x32\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version:  - NewTab) <==== ATTENTION
Simple Adblock (HKLM-x32\...\{B4920103-09F6-4AD2-B150-CFC4474D2DDC}) (Version: 1.1.5 - Simple Adblock)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
StormWatch (HKU\S-1-5-21-571144041-3803823455-759090921-1000\...\StormWatch) (Version: 1.0.1.36 - StormWatch) <==== ATTENTION!
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.11656 - TeamViewer GmbH)
Torch (HKU\S-1-5-21-571144041-3803823455-759090921-1000\...\Torch) (Version: 23.0.0.2585 - Torch) <==== ATTENTION
TweetDeck (HKLM-x32\...\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1) (Version: 0.38.2 - TweetDeck Inc)
TweetDeck (x32 Version: 0.38.2 - TweetDeck Inc) Hidden
Uni-Stat (HKLM-x32\...\{2C0D5586-B96C-404F-96D7-91BE2A304853}) (Version: 4.0 - Avery Dennsion)
Unity Web Player (HKU\S-1-5-21-571144041-3803823455-759090921-1000\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
VAFPlayer (HKLM-x32\...\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}) (Version: 1.6.8 - Tuguu SL) <==== ATTENTION
Video Download Converter version 1.0.0.0 (HKLM-x32\...\VDC_is1) (Version: 1.0.0.0 - ) <==== ATTENTION
VideoDownloadConverter Toolbar (HKLM-x32\...\VideoDownloadConverter_4zbar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 10.20.200 - Nuance Communications Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
XAMPP 1.7.7 (HKLM-x32\...\xampp) (Version:  - )
Yontoo Layers Runtime (Drop Down Deals) 1.10.01 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.01 - Yontoo LLC) <==== ATTENTION
YouotubeAdBlockae (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 3.3.0.1253 - ) <==== ATTENTION
Zombie Invasion (HKLM-x32\...\ZombieInvasion) (Version: 2.7.50 - Time Lapse Solutions) <==== ATTENTION
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-571144041-3803823455-759090921-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-571144041-3803823455-759090921-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-571144041-3803823455-759090921-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-571144041-3803823455-759090921-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-571144041-3803823455-759090921-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-571144041-3803823455-759090921-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-571144041-3803823455-759090921-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-571144041-3803823455-759090921-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-571144041-3803823455-759090921-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-571144041-3803823455-759090921-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
15-04-2015 22:38:35 Windows Update
19-04-2015 14:19:01 Windows Update
22-04-2015 20:56:50 Windows Update
26-04-2015 14:12:59 Windows Update
30-04-2015 08:41:59 Windows Update
02-05-2015 15:17:52 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0604492C-9955-4783-88F5-3F978EF47E38} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-05-02] (AnyProtect.com) <==== ATTENTION
Task: {0C0EACF7-90F8-488E-AE62-C19F8867A232} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {10A5EC84-4916-4CBB-8B7E-B4D2C183BAAC} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-05-02] (AnyProtect.com) <==== ATTENTION
Task: {191E1AEA-3924-4EB6-A3EA-6BE320C2B7C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {26B1E216-FBAE-4216-AA3E-42AE08F22162} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {3266F576-5F96-4668-97F2-2889CBC2C622} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {331EA0D2-7D9E-4DE4-8FE2-1CB4DB046683} - System32\Tasks\{CEBA54D1-BC79-4038-830E-556FB71CB724} => C:\Program Files (x86)\Business-in-a-Box\BIB.exe [2012-12-10] ()
Task: {4B35C1E0-A166-4160-B5C5-63EF7B58F109} - \SidebarExecute No Task File <==== ATTENTION
Task: {62815D3D-B304-4B97-ACFA-77D41D43B853} - System32\Tasks\{3A461120-2CAD-451D-B5D6-FAE23A755319} => pcalua.exe -a "C:\Users\Mitey Fresh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CJV7HSA\AdobeAIRInstaller.exe" -d "C:\Users\Mitey Fresh\Desktop"
Task: {736800B8-43EB-4A48-920A-3BC7D1F5841A} - System32\Tasks\{4259D0EF-678B-4D89-9AA2-E89B24075DD0} => pcalua.exe -a "C:\Users\Mitey Fresh\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=tugs <==== ATTENTION
Task: {768666FA-A884-48ED-BF4B-D4C115AEE6A4} - System32\Tasks\{6C426F02-CD53-4A2D-8DDD-E7A4C660740A} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {78AB73D8-A6E1-4639-8EF0-80D78F2CF7A7} - System32\Tasks\{3325C1CE-0580-440A-A860-55E9E7A9E00D} => C:\Program Files (x86)\Business-in-a-Box\BIB.exe [2012-12-10] ()
Task: {84BF7696-9260-4156-BC00-FB91FE4B3EE4} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Mitey Fresh\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {9994FA5E-8310-4D5B-9BFF-70BEC6084E14} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-05-02] (AnyProtect.com) <==== ATTENTION
Task: {A1BEFAB3-E0F6-4875-90D6-61843F8CCA72} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\version64BlockAndSurf\J4BlockAndSurfJ52.exe [2015-05-02] () <==== ATTENTION
Task: {B032A010-1D0A-4CAC-897A-7E6A63828AF6} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [2015-05-02] () <==== ATTENTION
Task: {B1C2077D-345C-4BA7-80F8-8E452BDDF071} - System32\Tasks\{86241CE2-018F-47D2-9FA3-16B30F3A7CC5} => Iexplore.exe http://ui.skype.com/...all?page=tsMain
Task: {B4D939E2-212C-4616-9190-AD020910CAB1} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-26] (MyPC Backup) <==== ATTENTION
Task: {B8256DD5-8F73-4257-8D8C-557E38E4D56A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C07ED911-5D77-49AD-9795-AABBDB21B086} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe [2012-12-12] (http://yourfiledownloader.com) <==== ATTENTION
Task: {CBF0A131-918A-4AEF-AABC-8272B30F13A8} - System32\Tasks\{A5E097F8-3637-4E5C-8947-297C60BD747E} => Iexplore.exe http://ui.skype.com/...all?page=tsMain
Task: {E302DCDC-D25A-4813-80D9-54A6E57BF1A7} - System32\Tasks\FGRun => C:\Users\Mitey
Task: {EAE686B7-F654-4A70-88A6-4C4799FB0CBE} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {EDD1D227-9A64-496C-8A1D-761A8DDF1677} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F15B7589-946E-4447-B216-935CA6EB50B6} - System32\Tasks\GS_Booster-S-576482620 => c:\programdata\trusted publisher\gs_booster\GS_Booster.exe [2014-10-06] () <==== ATTENTION
Task: {F55BBE6D-0B65-4546-AADD-32D2B3B9DC24} - System32\Tasks\Norton Product InstallerIdle => C:\Users\MITEYF~1\AppData\Local\Temp\Adobe\Shockwave 12\SymInstallStub.exe <==== ATTENTION
Task: {F60AC2B2-E1FD-45AA-937C-EAC3C75ADEA7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\version64BlockAndSurf\J4BlockAndSurfJ52.exe <==== ATTENTION
Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GS_Booster-S-576482620.job => c:\programdata\trusted publisher\gs_booster\GS_Booster.exeO/schedule /profile c:\programdata\trusted publisher\gs_booster\576482620.ini <==== ATTENTION
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Users\MITEYF~1\AppData\Local\Temp\Adobe\Shockwave 12\SymInstallStub.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2014-04-02 22:04 - 2013-01-19 01:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-05-16 15:03 - 2010-04-16 16:42 - 00076800 _____ () C:\Windows\System32\TFAXMON.DLL
2011-05-16 15:06 - 2010-04-16 16:42 - 00089600 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TFAXPPR.DLL
2011-05-16 14:55 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-10-06 14:47 - 2014-10-06 14:47 - 00773632 _____ () c:\programdata\trusted publisher\gs_booster\GS_Booster.exe
2014-12-23 13:06 - 2014-11-26 05:29 - 00299008 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
2012-12-11 20:42 - 2012-12-10 11:25 - 00912688 _____ () C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe
2014-12-23 13:06 - 2014-12-21 18:15 - 04959744 _____ () C:\Windows\rcore.exe
2014-12-23 13:06 - 2014-11-26 05:37 - 00012800 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-11-26 05:47 - 2014-11-26 05:47 - 01465880 _____ () C:\Program Files (x86)\StormWatch\StormWatchApp.exe
2015-05-02 11:47 - 2015-05-02 11:47 - 00198656 _____ () C:\Users\Mitey Fresh\AppData\Roaming\00000000-1430531197-0000-0000-1C6F65D74BC8\jnss5797.tmp
2015-05-02 11:58 - 2015-05-02 11:58 - 00288167 _____ () C:\Users\Mitey Fresh\AppData\Local\Temp\nswF427.tmp
2015-05-02 12:17 - 2015-05-02 12:18 - 00288167 _____ () C:\Users\Mitey Fresh\AppData\Local\Temp\nsj87A0.tmp
2015-05-02 15:16 - 2015-04-30 14:55 - 03982792 _____ () C:\Program Files (x86)\gmsd_au_257\gmsd_au_257.exe
2015-05-02 15:16 - 2015-04-30 14:55 - 03289032 _____ () C:\Users\Mitey Fresh\AppData\Local\gmsd_au_257\upgmsd_au_257.exe
2015-05-02 15:17 - 2015-05-02 15:17 - 00053040 _____ () C:\Program Files (x86)\Coupoon\UpdateCheck.exe
2015-05-02 15:21 - 2015-05-02 15:21 - 00603136 _____ () C:\Program Files (x86)\version64BlockAndSurf\J4BlockAndSurfJ52.exe
2015-05-02 16:21 - 2015-05-02 16:21 - 00148992 _____ () C:\Users\Mitey Fresh\AppData\Roaming\00000000-1430531197-0000-0000-1C6F65D74BC8\nsd457C.tmp
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2015-05-02 06:05 - 2015-05-02 06:05 - 00043008 _____ () c:\Users\Mitey Fresh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpijkauc.dll
2015-03-05 07:45 - 2015-03-05 07:45 - 00750080 _____ () C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-05 07:45 - 2015-03-05 07:45 - 00047616 _____ () C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 07:45 - 2015-03-05 07:45 - 00865280 _____ () C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 07:45 - 2015-03-05 07:45 - 00200704 _____ () C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-05-02 11:59 - 2015-05-02 11:59 - 00011264 _____ () C:\Users\Mitey Fresh\AppData\Local\Temp\nsm58C2.tmp\System.dll
2015-05-02 12:18 - 2015-05-02 12:18 - 00011264 _____ () C:\Users\Mitey Fresh\AppData\Local\Temp\nseF224.tmp\System.dll
2015-05-02 12:22 - 2015-05-02 12:22 - 00011264 _____ () C:\Users\Mitey Fresh\AppData\Local\Temp\nsk59AC.tmp\System.dll
2015-05-02 15:10 - 2015-05-02 15:10 - 00011264 _____ () C:\Users\Mitey Fresh\AppData\Local\Temp\nss6708.tmp\System.dll
2015-05-02 15:21 - 2015-03-17 04:13 - 01070592 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\libglesv2.dll
2015-05-02 15:21 - 2015-03-17 04:13 - 00204800 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\libegl.dll
2014-09-25 08:33 - 2014-09-23 14:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 08:33 - 2014-09-23 14:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 08:33 - 2014-09-23 14:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 08:33 - 2014-09-23 14:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 08:33 - 2014-09-23 14:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-25 08:33 - 2014-09-23 14:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-571144041-3803823455-759090921-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Mitey Fresh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Comm100 Live Chat.lnk => C:\Windows\pss\Comm100 Live Chat.lnk.Startup
MSCONFIG\startupreg: VX1000 => C:\Windows\vVX1000.exe
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [{66585DE7-DDEE-417A-BAE8-E99F0F8B96A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F9248189-A737-4EA6-9583-0F194E50CD4B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{981BF77A-6FA9-44DD-90C5-4A9040ACB150}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{9EDBDE3E-AE5C-493B-A788-DB3066630FC5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{761C6550-19C3-4861-B809-288E4897C61E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{38968044-9026-4431-AC7A-C5C2997B0891}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{EECB2E9A-70A4-45C9-A7F4-EA992AA48B02}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{3D943676-2D21-4278-AE51-6D8CB3D82320}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{3BD115D0-9C26-4F3D-84ED-6D028E0499D9}C:\users\mitey fresh\appdata\roaming\ocishe\awivi.exe] => (Block) C:\users\mitey fresh\appdata\roaming\ocishe\awivi.exe
FirewallRules: [TCP Query User{8DA19591-7410-4785-B89A-E511712B36C6}C:\users\mitey fresh\appdata\roaming\ocishe\awivi.exe] => (Block) C:\users\mitey fresh\appdata\roaming\ocishe\awivi.exe
FirewallRules: [UDP Query User{A2BD4887-B497-4F98-9DF4-ADB90775B39B}C:\users\mitey fresh\appdata\roaming\tety\fyonb.exe] => (Block) C:\users\mitey fresh\appdata\roaming\tety\fyonb.exe
FirewallRules: [TCP Query User{9635C3A1-73B8-4B61-B42F-E77AC5184C1B}C:\users\mitey fresh\appdata\roaming\tety\fyonb.exe] => (Block) C:\users\mitey fresh\appdata\roaming\tety\fyonb.exe
FirewallRules: [UDP Query User{96F02D91-3746-4DE9-B81F-4DC77237F03D}C:\users\mitey fresh\appdata\roaming\asyre\laiz.exe] => (Block) C:\users\mitey fresh\appdata\roaming\asyre\laiz.exe
FirewallRules: [TCP Query User{30BFECBC-83DD-4115-817F-5655F5151709}C:\users\mitey fresh\appdata\roaming\asyre\laiz.exe] => (Block) C:\users\mitey fresh\appdata\roaming\asyre\laiz.exe
FirewallRules: [UDP Query User{7C06EEF3-2EFC-468D-99C7-6FCA02A41FAF}C:\users\mitey fresh\appdata\roaming\ocishe\awivi.exe] => (Block) C:\users\mitey fresh\appdata\roaming\ocishe\awivi.exe
FirewallRules: [TCP Query User{A12A6BD5-59BC-4687-8F10-3F3E75D07E8D}C:\users\mitey fresh\appdata\roaming\ocishe\awivi.exe] => (Block) C:\users\mitey fresh\appdata\roaming\ocishe\awivi.exe
FirewallRules: [UDP Query User{6A8A151A-F91C-408D-A010-B3FF37E89D32}C:\users\mitey fresh\appdata\roaming\nobut\nyup.exe] => (Block) C:\users\mitey fresh\appdata\roaming\nobut\nyup.exe
FirewallRules: [TCP Query User{CDE38766-FCFA-48EF-BC66-D774BB1EDBAE}C:\users\mitey fresh\appdata\roaming\nobut\nyup.exe] => (Block) C:\users\mitey fresh\appdata\roaming\nobut\nyup.exe
FirewallRules: [UDP Query User{E9BE73ED-F065-462E-A050-D5DDC56BEAF9}C:\users\mitey fresh\appdata\roaming\hozer\odaw.exe] => (Block) C:\users\mitey fresh\appdata\roaming\hozer\odaw.exe
FirewallRules: [TCP Query User{6695E7B1-3C32-4615-AABA-26FBFAB38375}C:\users\mitey fresh\appdata\roaming\hozer\odaw.exe] => (Block) C:\users\mitey fresh\appdata\roaming\hozer\odaw.exe
FirewallRules: [UDP Query User{577C3A95-B8FE-4047-92B5-D50057D746FB}C:\users\mitey fresh\appdata\roaming\ocab\ryzu.exe] => (Block) C:\users\mitey fresh\appdata\roaming\ocab\ryzu.exe
FirewallRules: [TCP Query User{B5FE267C-DC22-4335-8779-7748F779765D}C:\users\mitey fresh\appdata\roaming\ocab\ryzu.exe] => (Block) C:\users\mitey fresh\appdata\roaming\ocab\ryzu.exe
FirewallRules: [{33208BE6-1D20-4616-A1A1-033976678C81}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{09C02821-17C1-44D6-B15D-BFDE1EC38766}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{933777C2-59BB-40CA-BCBB-B2C4219DA4FF}] => (Allow) C:\Users\Mitey Fresh\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe
FirewallRules: [{9FAB6D5B-1350-464C-9E9A-C74DC863B84C}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [UDP Query User{D90E4CBB-4B80-45B4-8876-1628221FA3D7}C:\users\mitey fresh\appdata\roaming\gyne\naciodi.exe] => (Block) C:\users\mitey fresh\appdata\roaming\gyne\naciodi.exe
FirewallRules: [TCP Query User{259275D4-B1AF-4773-BA72-64E624887B07}C:\users\mitey fresh\appdata\roaming\gyne\naciodi.exe] => (Block) C:\users\mitey fresh\appdata\roaming\gyne\naciodi.exe
FirewallRules: [{A18C2C9B-4C96-43CE-9158-93A285142AC0}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe
FirewallRules: [{D5CC2A25-FC5A-43EC-9889-6C3FA7FCA3CA}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe
FirewallRules: [{6807C93C-B736-4421-B79B-943CEEA46545}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{9B07C0A0-9A66-4CCC-8913-3B4BA6DE1074}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{265A313A-60AD-42B8-BF24-3B0883D5DE83}] => (Allow) C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{FBA3A859-32E0-4368-9AE3-985BABB80183}] => (Allow) C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{BFBD1729-A5AA-4015-B6C6-45068EFABA7B}] => (Allow) D:\RouterSetup\QISWizard.exe
FirewallRules: [{32FD4396-6622-4F40-8281-4C9BA38B2E2F}] => (Allow) D:\RouterSetup\QISWizard.exe
FirewallRules: [UDP Query User{1AF22BA1-8384-4EB2-ADCB-26C8523CB3DB}C:\program files (x86)\steam\steamapps\awsometas\team fortress 2\hl2.exe] => (Block) C:\program files (x86)\steam\steamapps\awsometas\team fortress 2\hl2.exe
FirewallRules: [TCP Query User{F2ABB2B8-FE31-4BA8-B159-C21EB5361387}C:\program files (x86)\steam\steamapps\awsometas\team fortress 2\hl2.exe] => (Block) C:\program files (x86)\steam\steamapps\awsometas\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{7EC072D3-2C6E-4C4A-B08C-9C75AB1E3B4C}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{FA1B256C-D530-4DA3-BBAE-E96AF9A7308A}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{EA8E07AD-5D4E-4E0D-99EE-9FC2506593F4}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{2DE3F371-EFFC-4916-B7BD-FF34D39C9EA5}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{DDFD98ED-30FA-438A-AC64-5043820509F8}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [TCP Query User{A437A1B0-0C55-4695-97A8-6884EBD0F866}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [{BD0EF14F-F5C8-415E-92A3-36F811A68E2D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
FirewallRules: [{1A84BD9F-577E-4E0B-B046-8469D89AF328}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
FirewallRules: [{5FE2A8AC-B0A2-496F-8343-E05252FC8B12}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
FirewallRules: [{39A44923-ECC4-4720-B6B3-26C6424ACF0E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
FirewallRules: [UDP Query User{25ACBB2C-F351-414D-83CB-55E2A3DEA687}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{2CA426BE-580C-4E4F-B3C2-AE2A46E66FC1}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{2BA5071E-D9F6-4EC7-B94A-9FBB57AA9333}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BE9CDCD1-314A-4C2E-8735-765A38FAFF6C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4D36CC80-CC88-49AC-9FAA-B549BA640CFE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86292BED-A23B-4572-9D54-AABA9D160634}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{9487B9B3-8DC1-4E31-A510-3C2A66811D43}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [TCP Query User{BF7DB02E-2307-44D3-B67D-AA70B6B7A08F}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{A4DE8D38-3B87-4CB8-8210-AA24E5A374D8}] => (Allow) LPort=37675
FirewallRules: [{2FCF1ED3-0042-44B3-9157-28FA60B58E91}] => (Allow) LPort=37674
FirewallRules: [{54306DDD-AC7B-40FB-9D34-A1F8287CA97E}] => (Allow) LPort=37674
FirewallRules: [{BAB501A6-663A-4509-8B1B-3959DF5FAF62}] => (Allow) LPort=443
FirewallRules: [{6AD8FF17-8691-4424-8DB2-ED6865BA0A7E}] => (Allow) LPort=443
FirewallRules: [UDP Query User{952B6D15-967B-4FEF-A519-12D32914D68B}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [TCP Query User{3BB45002-0E10-464B-B32E-358260AB5F9E}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{B4824B08-DF29-45B0-BA29-EFCC7ADC8054}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{E58321B4-D4C6-4E78-9573-AE86970E35E0}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [{48D874D7-A4F2-426C-93C7-BDAD4D9E5094}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{EC22C453-3228-4427-A652-A5A2CB015EA1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{37A3ACC8-BBE6-401B-88C3-154B86EB7074}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{D2DF197D-A9A3-4F24-B94E-8B128AA5D084}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{AAC4885C-DBE0-4E86-8A60-77AE38C1870E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{D65CEAF0-0D3C-443D-B7A5-76E85698BC42}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{C8E1D417-DC1D-4D1E-8367-FADAA4B3157F}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{4F172F66-528B-4715-99E6-F14BF5849DF1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{E05829A3-657E-493E-BE02-A543F7356158}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C418554A-B085-492A-BE04-950D173E1B7E}] => (Allow) LPort=1900
FirewallRules: [{016B2D8F-785D-47EF-8DBB-9BCA263AB1F0}] => (Allow) LPort=2869
FirewallRules: [{AC1AA734-E246-41F0-946A-2E723934EF2F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FB39DEAC-24DF-4ABB-AD79-3B7317D7D6E1}] => (Allow) C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E5CCBE30-82E0-4BDE-B0D1-55C2A68ADC7B}] => (Allow) C:\Users\Mitey Fresh\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D1D069F1-D4C4-4292-B891-F85529C50517}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{208310FD-9B6E-42EA-9EF7-3C140D1C03EC}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{0F6D4627-B445-4D6E-869E-E65109AE7ED8}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
 
==================== Faulty Device Manager Devices =============
 
Name: wpnfd_1_10_0_5
Description: wpnfd_1_10_0_5
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: wpnfd_1_10_0_5
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/02/2015 05:04:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MobileMeServices.exe, version: 1.6.65.0, time stamp: 0x4cafa71a
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0xc06d007e
Fault offset: 0x0000c42d
Faulting process id: 0x2780
Faulting application start time: 0xMobileMeServices.exe0
Faulting application path: MobileMeServices.exe1
Faulting module path: MobileMeServices.exe2
Report Id: MobileMeServices.exe3
 
Error: (05/02/2015 05:03:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MobileMeServices.exe, version: 1.6.65.0, time stamp: 0x4cafa71a
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0xc06d007e
Fault offset: 0x0000c42d
Faulting process id: 0xd70
Faulting application start time: 0xMobileMeServices.exe0
Faulting application path: MobileMeServices.exe1
Faulting module path: MobileMeServices.exe2
Report Id: MobileMeServices.exe3
 
Error: (05/02/2015 00:13:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MobileMeServices.exe, version: 1.6.65.0, time stamp: 0x4cafa71a
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0xc06d007e
Fault offset: 0x0000c42d
Faulting process id: 0x11fc
Faulting application start time: 0xMobileMeServices.exe0
Faulting application path: MobileMeServices.exe1
Faulting module path: MobileMeServices.exe2
Report Id: MobileMeServices.exe3
 
Error: (05/02/2015 00:12:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MobileMeServices.exe, version: 1.6.65.0, time stamp: 0x4cafa71a
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0xc06d007e
Fault offset: 0x0000c42d
Faulting process id: 0x14d4
Faulting application start time: 0xMobileMeServices.exe0
Faulting application path: MobileMeServices.exe1
Faulting module path: MobileMeServices.exe2
Report Id: MobileMeServices.exe3
 
Error: (05/02/2015 10:19:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7052
 
Error: (05/02/2015 10:19:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7052
 
Error: (05/02/2015 10:19:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/02/2015 10:19:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6038
 
Error: (05/02/2015 10:19:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6038
 
Error: (05/02/2015 10:19:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (05/02/2015 02:20:35 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002
 
Error: (05/02/2015 02:20:33 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002
 
Error: (05/02/2015 00:13:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D3F6D4DB-A482-4648-8DBB-3565EBCB7A6B}
 
Error: (05/02/2015 11:45:23 AM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002
 
Error: (05/02/2015 09:17:59 AM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002
 
Error: (05/02/2015 06:07:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
 
Error: (05/02/2015 06:06:40 AM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002
 
Error: (05/02/2015 06:06:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (05/02/2015 06:06:23 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (05/02/2015 06:06:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (05/02/2015 05:04:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MobileMeServices.exe1.6.65.04cafa71aKERNELBASE.dll6.1.7601.187985507b485c06d007e0000c42d278001d084a633c03da7C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exeC:\Windows\syswow64\KERNELBASE.dll7179f7c1-f099-11e4-a59f-1c6f65d74bc8
 
Error: (05/02/2015 05:03:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MobileMeServices.exe1.6.65.04cafa71aKERNELBASE.dll6.1.7601.187985507b485c06d007e0000c42dd7001d084a615939cdbC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exeC:\Windows\syswow64\KERNELBASE.dll54f77258-f099-11e4-a59f-1c6f65d74bc8
 
Error: (05/02/2015 00:13:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MobileMeServices.exe1.6.65.04cafa71aKERNELBASE.dll6.1.7601.187985507b485c06d007e0000c42d11fc01d0847d90d57481C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exeC:\Windows\syswow64\KERNELBASE.dllce8460c1-f070-11e4-a59f-1c6f65d74bc8
 
Error: (05/02/2015 00:12:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MobileMeServices.exe1.6.65.04cafa71aKERNELBASE.dll6.1.7601.187985507b485c06d007e0000c42d14d401d0847d778f2326C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exeC:\Windows\syswow64\KERNELBASE.dllb5f5595c-f070-11e4-a59f-1c6f65d74bc8
 
Error: (05/02/2015 10:19:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7052
 
Error: (05/02/2015 10:19:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7052
 
Error: (05/02/2015 10:19:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/02/2015 10:19:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6038
 
Error: (05/02/2015 10:19:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6038
 
Error: (05/02/2015 10:19:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-11-20 18:06:55.567
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\MITEYF~1\AppData\Local\Temp\io02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-11-20 18:06:55.552
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\MITEYF~1\AppData\Local\Temp\io02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-11-20 15:34:29.378
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\MITEYF~1\AppData\Local\Temp\io02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-11-20 15:34:29.362
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\MITEYF~1\AppData\Local\Temp\io02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 84%
Total physical RAM: 4079.24 MB
Available physical RAM: 650.24 MB
Total Pagefile: 8156.68 MB
Available Pagefile: 3469.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:773.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C6FEF0A8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:

Hello :)

I'm currently reviewing your logs and will post instructions soon. :thumbsup:
  • 0

#3
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello, :)

You have quite the mess here, including a serious infection called Zero Access. Also, Chrome has been reduced to a Development Build, which greatly reduces it's security. Let's get started showing your unwelcome guests the door. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Backdoor Warning


You have a serious backdoor infection on your machine called Zero Access.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

That being said, we clean these infections all the time here without reformatting and reinstalling. I've included the first steps below to begin the cleaning if you wish to do so. If you decide you want reformat and reinstall, please let me know that in your next reponse.


Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
() C:\ProgramData\Trusted Publisher\GS_Booster\GS_Booster.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Program Files (x86)\MyPC Backup
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe
C:\Program Files (x86)\StormWatch
(COMPANYVERS_NAME) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe
C:\Program Files (x86)\VideoDownloadConverter_4z
(VER_COMPANY_NAME) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe
(Super PC Tools Ltd) C:\ProgramData\{04f41e6c-2a9d-2153-04f4-41e6c2a979b0}\hqghumeaylnlf.exe
C:\ProgramData\{04f41e6c-2a9d-2153-04f4-41e6c2a979b0}
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\StormWatch.exe
() C:\Program Files (x86)\StormWatch\StormWatchApp.exe
(Infonaut) C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe
C:\Program Files (x86)\Infonaut_1.10.0.14
() C:\Program Files (x86)\gmsd_au_257\gmsd_au_257.exe
() C:\Users\Mitey Fresh\AppData\Local\gmsd_au_257\upgmsd_au_257.exe
C:\Users\Mitey Fresh\AppData\Local\gmsd_au_257
(SoftBrain Technologies Ltd.) C:\Users\Mitey Fresh\AppData\Local\SmartWeb\SmartWebHelper.exe
(SoftBrain Technologies Ltd.) C:\Users\Mitey Fresh\AppData\Local\SmartWeb\SmartWebApp.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
C:\Users\Mitey Fresh\AppData\Local\SmartWeb
C:\Program Files (x86)\Coupoon
() C:\Program Files (x86)\version64BlockAndSurf\J4BlockAndSurfJ52.exe
C:\Program Files (x86)\version64BlockAndSurf
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
() C:\Program Files (x86)\gmsd_au_257\gmsd_au_257.exe
C:\Program Files (x86)\Crossbrowse
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
HKLM-x32\...\Run: [VideoDownloadConverter Search Scope Monitor] => C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe [42536 2012-08-02] (MindSpark)
HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] => C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe [30096 2012-08-02] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [gmsd_au_22] => [X]
HKLM-x32\...\Run: [gmsd_au_257] => C:\Program Files (x86)\gmsd_au_257\gmsd_au_257.exe [3982792 2015-04-30] ()
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Mitey Fresh\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\RunOnce: [upgmsd_au_257.exe] => C:\Users\Mitey Fresh\AppData\Local\gmsd_au_257\upgmsd_au_257.exe [3289032 2015-04-30] ()
HKU\S-1-5-21-571144041-3803823455-759090921-1000\...\Run: [GoogleChromeAutoLaunch_23E45583CFC8895BE5D10DE1E4ABBEA7] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-03-17] (Crossbrowse)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-05-02]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
Startup: C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-23]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{04f41e6c-2a9d-2153-04f4-41e6c2a979b0}\hqghumeaylnlf.exe (Super PC Tools Ltd)
Startup: C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2014-12-23]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-05-02]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Mitey Fresh\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
Startup: C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk [2014-12-23]
ShortcutTarget: StormWatch.lnk -> C:\Program Files (x86)\StormWatch\StormWatch.exe (Weather Protector LLC)
Startup: C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk [2014-12-23]
ShortcutTarget: StormWatchApp.lnk -> C:\Program Files (x86)\StormWatch\StormWatchApp.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...8LNXXXX5VP818LN
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...8LNXXXX5VP818LN
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKU\S-1-5-21-571144041-3803823455-759090921-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-sea...E581C6F65D74BC8
HKU\S-1-5-21-571144041-3803823455-759090921-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tikotin.com
URLSearchHook: HKU\S-1-5-21-571144041-3803823455-759090921-1000 - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark)
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pu-...902&lg=EN&cc=AU
SearchScopes: HKU\S-1-5-21-571144041-3803823455-759090921-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKU\S-1-5-21-571144041-3803823455-759090921-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-571144041-3803823455-759090921-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pu-...902&lg=EN&cc=AU
BHO: BlockAndSurf -> {9878D989-C010-66BE-051D-F8E5E761D59A} -> C:\Program Files (x86)\version64BlockAndSurf\192_x64.dll [2015-05-02] ()
BHO: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL No File
BHO-x32: Toolbar BHO -> {312f84fb-8970-4fd3-bddb-7012eac4afc9} -> C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll [2012-08-02] (MindSpark)
BHO-x32: BlockAndSurf -> {9878D989-C010-66BE-051D-F8E5E761D59A} -> C:\Program Files (x86)\version64BlockAndSurf\192.dll [2015-05-02] ()
BHO-x32: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\SEARCH~2.DLL No File
BHO-x32: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL No File
C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar
BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll [2013-01-23] (Delta-search.com)
BHO-x32: Search Assistant BHO -> {c547c6c2-561b-4169-a2a5-20ba771ca93b} -> C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll [2012-08-02] (MindSpark)
C:\Program Files (x86)\Delta
BHO-x32: Yontoo Layers (Drop Down Deals) -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll [2011-11-17] (Yontoo LLC)
C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)
Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll [2012-08-02] (MindSpark)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll [2013-01-23] (Delta-search.com)
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\SEARCH~2.DLL No File
Toolbar: HKU\S-1-5-21-571144041-3803823455-759090921-1000 -> No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} - No File
Toolbar: HKU\S-1-5-21-571144041-3803823455-759090921-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://isearch.omiga...8LNXXXX5VP818LN
FF NewTab: hxxp://isearch.omiga-plus.com/newtab/?type=nt&ts=1419304002&from=tugs&uid=ST31000524AS_5VP818LNXXXX5VP818LN
FF DefaultSearchEngine: omiga-plus
FF SelectedSearchEngine: omiga-plus
FF Homepage: hxxp://tikotin.com
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll [2012-08-02] (MindSpark)
FF SearchPlugin: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\searchplugins\askcom.xml [2011-08-23]
FF SearchPlugin: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\searchplugins\babylon.xml [2013-05-02]
FF SearchPlugin: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\searchplugins\BrowserProtect.xml [2013-05-02]
FF SearchPlugin: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\searchplugins\delta.xml [2013-04-06]
FF SearchPlugin: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\searchplugins\Search_Results.xml [2012-09-12]
FF SearchPlugin: C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\searchplugins\WebSearch.xml [2013-05-20]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013-04-06]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\omiga-plus.xml [2014-12-23]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012-09-12]
FF Extension: VideoDownloadConverter - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\Extensions\[email protected]_4z.com [2014-01-11]
FF Extension: BrouwsEe2save - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\Extensions\[email protected] [2013-04-26]
FF Extension: Fast Start - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\Extensions\[email protected] [2014-12-23]
FF Extension: Delta Toolbar - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\Extensions\[email protected] [2013-04-06]
FF Extension: Searcohy-NewTaeb - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\Extensions\[email protected] [2013-04-26]
FF Extension: Searchqu Toolbar - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012-09-12]
FF Extension: Yontoo - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\Extensions\[email protected] [2013-02-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]_4z.com] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin
FF Extension: VideoDownloadConverter - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin [2012-08-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\extensions\[email protected]
FF HKU\S-1-5-21-571144041-3803823455-759090921-1000\...\Firefox\Extensions: [{A8EF1E73-D8F4-9AEF-BFB9-FCFFD6101C88}] - C:\Program Files (x86)\version64BlockAndSurf\192.xpi
FF Extension: BlockAndSurf - C:\Program Files (x86)\version64BlockAndSurf\192.xpi [2015-05-02]
FF Extension: No Name - C:\Users\Mitey Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\f9p9w6fz.default\extensions\[email protected] [Not Found]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://isearch.omiga...8LNXXXX5VP818LN
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Mitey Fresh\AppData\Roaming\BabSolution\CR\Delta.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Mitey Fresh\AppData\Local\Torch\Plugins\TorchPlugin.crx [2013-04-06]
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\MITEYF~1\AppData\Local\Temp\YontooLayers.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx [Not Found]
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-26] (Just Develop It) <==== ATTENTION
S2 CoupoonService64; C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [172344 2015-04-03] ()
C:\Program Files (x86)\coupoon
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2015-04-03] (NetFilterSDK.com)
R2 insvc_1.10.0.14; C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe [278600 2015-04-11] (Infonaut)
R2 jedyhusi; C:\Users\Mitey Fresh\AppData\Roaming\00000000-1430531197-0000-0000-1C6F65D74BC8\nsd457C.tmp [148992 2015-05-02] () [File not signed]
C:\Users\Mitey Fresh\AppData\Roaming\00000000-1430531197-0000-0000-1C6F65D74BC8
R2 riqeneho; C:\Users\Mitey Fresh\AppData\Roaming\00000000-1430531197-0000-0000-1C6F65D74BC8\jnss5797.tmp [198656 2015-05-02] () [File not signed]
R2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [17584 2014-11-22] (Weather Protector LLC)
R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-05-02] ()
R2 VideoDownloadConverter_4zService; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe [42504 2012-08-02] (COMPANYVERS_NAME)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R1 innfd_1_10_0_14; C:\Windows\System32\drivers\innfd_1_10_0_14.sys [58224 2015-04-11] (Infonaut)
R2 webTinstMKTN84; C:\Windows\system32\Drivers\webTinstMKTN84.sys [50216 2015-05-02] ()
S1 asbatsau; \??\C:\Windows\system32\drivers\asbatsau.sys [X]
S1 evleuqss; \??\C:\Windows\system32\drivers\evleuqss.sys [X]
S1 jqzvopac; \??\C:\Windows\system32\drivers\jqzvopac.sys [X]
S1 kuiivusg; \??\C:\Windows\system32\drivers\kuiivusg.sys [X]
S1 mvqjszvp; \??\C:\Windows\system32\drivers\mvqjszvp.sys [X]
S1 phbqursp; \??\C:\Windows\system32\drivers\phbqursp.sys [X]
S1 wpnfd_1_10_0_5; system32\drivers\wpnfd_1_10_0_5.sys [X]
C:\Windows\system32\Drivers\webTinstMKTN84.sys
C:\Windows\system32\drivers\asbatsau.sys
C:\Windows\system32\drivers\evleuqss.sys
C:\Windows\system32\drivers\jqzvopac.sys
C:\Windows\system32\drivers\kuiivusg.sys
C:\Windows\system32\drivers\mvqjszvp.sys
C:\Windows\system32\drivers\phbqursp.sy
2015-05-02 17:11 - 2015-05-02 17:11 - 00001045 _____ () C:\Users\Mitey Fresh\Desktop\AnyProtect.lnk
2015-05-02 17:11 - 2015-05-02 17:11 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-05-02 17:02 - 2015-05-02 17:11 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-05-02 15:22 - 2015-05-02 15:22 - 00003116 _____ () C:\Windows\System32\Tasks\BlockAndSurf Update
2015-05-02 15:22 - 2015-05-02 15:22 - 00003116 _____ () C:\Windows\System32\Tasks\BlockAndSurf Update
2015-05-02 15:22 - 2015-05-02 15:22 - 00002286 _____ () C:\Windows\patsearch.bin
2015-05-02 15:22 - 2015-05-02 15:22 - 00000456 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2015-05-02 15:22 - 2015-05-02 15:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2015-05-02 15:22 - 2015-05-02 15:21 - 00050216 _____ () C:\Windows\system32\Drivers\webTinstMKTN84.sys
2015-05-02 15:21 - 2015-05-02 15:21 - 00004098 _____ () C:\Windows\System32\Tasks\Crossbrowse
2015-05-02 15:21 - 2015-05-02 15:21 - 00001068 _____ () C:\Windows\Tasks\Crossbrowse.job
2015-05-02 15:21 - 2015-05-02 15:21 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Crossbrowse
2015-05-02 15:21 - 2015-05-02 15:21 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Local\Crossbrowse
2015-05-02 15:21 - 2015-05-02 15:21 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Crossbrowse
2015-05-02 15:21 - 2015-05-02 15:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Crossbrowse
2015-05-02 15:21 - 2015-05-02 15:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Crossbrowse
2015-05-02 15:21 - 2015-05-02 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-05-02 15:21 - 2015-05-02 15:21 - 00000000 ____D () C:\Program Files (x86)\version64BlockAndSurf
2015-05-02 15:19 - 2015-05-02 15:19 - 00000000 ____D () C:\Program Files (x86)\Crossbrowse
2015-05-02 15:18 - 2015-05-02 15:18 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-02 15:17 - 2015-05-02 15:22 - 00000000 ____D () C:\Program Files\Coupoon
2015-05-02 15:17 - 2015-05-02 15:21 - 00000000 ____D () C:\Program Files (x86)\Coupoon
2015-05-02 15:17 - 2015-05-02 15:17 - 00000005 _____ () C:\end
2015-05-02 15:16 - 2015-05-02 15:52 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Local\gmsd_au_257
2015-05-02 15:16 - 2015-05-02 15:16 - 00004072 _____ () C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-05-02 15:16 - 2015-05-02 15:16 - 00000000 ____D () C:\Users\Mitey Fresh\AppData\Local\SmartWeb
2015-05-02 15:16 - 2015-05-02 15:16 - 00000000 ____D () C:\Program Files (x86)\gmsd_au_257
2015-05-02 15:15 - 2015-05-02 15:15 - 00000000 ____D () C:\Program Files (x86)\Infonaut_1.10.0.14
2015-05-02 15:23 - 2015-05-02 17:17 - 00000112 _____ () C:\ProgramData\YG2KU1.dat
2015-04-11 05:56 - 2015-04-11 05:56 - 00058224 _____ (Infonaut) C:\Windows\system32\Drivers\innfd_1_10_0_14.sys
2015-04-03 08:22 - 2015-04-03 08:22 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2015-05-02 06:03 - 2014-10-06 14:47 - 00000488 ____H () C:\Windows\Tasks\GS_Booster-S-576482620.job
2013-04-23 16:13 - 2013-02-10 07:55 - 0114176 _____ () C:\Users\Mitey Fresh\AppData\Roaming\BabMaint.exe
2014-12-23 13:08 - 2014-12-23 13:08 - 1487840 _____ (HQ VideoV22.12) C:\Users\Mitey Fresh\AppData\Roaming\IW.exe
2014-12-23 13:07 - 2014-12-23 13:07 - 1815520 _____ (HQ VideoV22.12) C:\Users\Mitey Fresh\AppData\Roaming\SZUL.exe
2015-05-02 15:23 - 2015-05-02 17:18 - 0000112 _____ () C:\ProgramData\YG2KU1.dat
C:\$Recycle.Bin\S-1-5-21-571144041-3803823455-759090921-1000\$9430fe1d1ff3e329fb03ccb693dbb6d5
Task: {0604492C-9955-4783-88F5-3F978EF47E38} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-05-02] (AnyProtect.com) <==== ATTENTION
Task: {10A5EC84-4916-4CBB-8B7E-B4D2C183BAAC} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-05-02] (AnyProtect.com) <==== ATTENTION
Task: {4B35C1E0-A166-4160-B5C5-63EF7B58F109} - \SidebarExecute No Task File <==== ATTENTION
Task: {736800B8-43EB-4A48-920A-3BC7D1F5841A} - System32\Tasks\{4259D0EF-678B-4D89-9AA2-E89B24075DD0} => pcalua.exe -a "C:\Users\Mitey Fresh\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=tugs <==== ATTENTION
Task: {84BF7696-9260-4156-BC00-FB91FE4B3EE4} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Mitey Fresh\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {9994FA5E-8310-4D5B-9BFF-70BEC6084E14} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-05-02] (AnyProtect.com) <==== ATTENTION
Task: {A1BEFAB3-E0F6-4875-90D6-61843F8CCA72} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\version64BlockAndSurf\J4BlockAndSurfJ52.exe [2015-05-02] () <==== ATTENTION
Task: {B032A010-1D0A-4CAC-897A-7E6A63828AF6} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [2015-05-02] () <==== ATTENTION
Task: {B4D939E2-212C-4616-9190-AD020910CAB1} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-26] (MyPC Backup) <==== ATTENTION
Task: {C07ED911-5D77-49AD-9795-AABBDB21B086} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe [2012-12-12] (http://yourfiledownloader.com) <==== ATTENTION
Task: {F15B7589-946E-4447-B216-935CA6EB50B6} - System32\Tasks\GS_Booster-S-576482620 => c:\programdata\trusted publisher\gs_booster\GS_Booster.exe [2014-10-06] () <==== ATTENTION
Task: {F55BBE6D-0B65-4546-AADD-32D2B3B9DC24} - System32\Tasks\Norton Product InstallerIdle => C:\Users\MITEYF~1\AppData\Local\Temp\Adobe\Shockwave 12\SymInstallStub.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\version64BlockAndSurf\J4BlockAndSurfJ52.exe <==== ATTENTION
Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\Windows\Tasks\GS_Booster-S-576482620.job => c:\programdata\trusted publisher\gs_booster\GS_Booster.exeO/schedule /profile c:\programdata\trusted publisher\gs_booster\576482620.ini <==== ATTENTION
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Users\MITEYF~1\AppData\Local\Temp\Adobe\Shockwave 12\SymInstallStub.exe <==== ATTENTION
FirewallRules: [{A18C2C9B-4C96-43CE-9158-93A285142AC0}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe
FirewallRules: [{D5CC2A25-FC5A-43EC-9889-6C3FA7FCA3CA}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe
FirewallRules: [{6807C93C-B736-4421-B79B-943CEEA46545}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{9B07C0A0-9A66-4CCC-8913-3B4BA6DE1074}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{265A313A-60AD-42B8-BF24-3B0883D5DE83}] => (Allow) C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{FBA3A859-32E0-4368-9AE3-985BABB80183}] => (Allow) C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
C:\Program Files (x86)\YourFileDownloader
C:\Program Files (x86)\Searchqu Toolbar
FirewallRules: [{0F6D4627-B445-4D6E-869E-E65109AE7ED8}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
cmd: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Program Uninstalls


Once you have run the fix with FRST, please uninstall the list of programs below. If you get popup telling you that it cannot be found and would you like to remove it from the list of programs, please do so. Then move to the next one in the list.
  • AnyProtect
  • BlockAndSurf
  • BrowseToSave 1.74
  • Coupoon version 1.0
  • Crossbrowse
  • Delta Chrome toolbar
  • Delta toolbar
  • DomaIQ
  • GamesDesktop 027.257
  • Google Chrome
  • Google Toolbar for Internet Explorer
  • GoSAve
  • GS_Booster
  • Infonaut 1.10.0.14
  • MyPC Backup
  • Search Assistant WebSearch 1.74
  • Searcohy-NewTaeb
  • SmartWeb
  • StormWatch
  • Torch
  • VAFPlayer
  • Video Download Converter version 1.0.0.0
  • VideoDownloadConverter Toolbar
  • Yontoo Layers Runtime (Drop Down Deals) 1.10.01
  • YouotubeAdBlockae
  • Zombie Invasion
Things I need to see in your next post:

Fixlog.txt Log
(Located on your Desktop)

  • 0

#4
awesomesauce

awesomesauce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Hi pystryker, 

 

Thank you for your help. The problem has been fixed internally, so we can close this topic.

 

Have a great day!

 

awesomesauce


  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Thank you for letting me know. :)
  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP