Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Daddy (administrator) on THEMOSTAWESOME on 21-12-2014 09:23:51
Running from C:\Users\Daddy\Desktop
Loaded Profiles: Daddy & Yael & Shalom & Atara & Michal & Sara (Available profiles: Daddy & Yael & Mommy & Shalom & Atara & Michal & Sara)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brother Industries, Ltd.) C:\Windows\System32\BrmfRsmg.exe
(Brother Industries, Ltd.) C:\Windows\System32\BrmfRsmg.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
() C:\Windows\jmesoft\Service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\Daddy\AppData\Local\ospd_us_375\upospd_us_375.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Google Inc.) C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\FRST\Quarantine\C\Program Files (x86)\ospd_us_375\ospd_us_375.exe.xBAD
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\ConfigurationWizard.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ospd_us_375] => "C:\Program Files (x86)\ospd_us_375\ospd_us_375.exe"
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: [upospd_us_375.exe] => C:\Users\Daddy\AppData\Local\ospd_us_375\upospd_us_375.exe [3306440 2014-11-06] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Run: [Google Update] => C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-22] (Google Inc.)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - E:\LaunchU3.exe -a
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\Run: [Google Update] => C:\Users\Yael\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-05] (Google Inc.)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\Run: [Spotify Web Helper] => C:\Users\Yael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-06-20] (Spotify Ltd)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\Run: [Spotify] => C:\Users\Yael\AppData\Roaming\Spotify\spotify.exe [6087224 2014-06-20] (Spotify Ltd)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - F:\LaunchU3.exe -a
HKU\S-1-5-21-4229975068-1931466670-3666739151-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4229975068-1931466670-3666739151-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4229975068-1931466670-3666739151-1004\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - F:\LaunchU3.exe -a
HKU\S-1-5-21-4229975068-1931466670-3666739151-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4229975068-1931466670-3666739151-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4229975068-1931466670-3666739151-1006\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1006\...\Run: [Google Update] => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-06] (Google Inc.)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1006\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4229975068-1931466670-3666739151-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4229975068-1931466670-3666739151-1007\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4229975068-1931466670-3666739151-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Yael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-4229975068-1931466670-3666739151-1002\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-4229975068-1931466670-3666739151-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-4229975068-1931466670-3666739151-1001] => http=127.0.0.1:62855;https=127.0.0.1:62855
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.com/ig/redirectdomain ... &bmod=LEND
HKU\S-1-5-21-4229975068-1931466670-3666739151-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LEND
HKU\S-1-5-21-4229975068-1931466670-3666739151-1005\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-4229975068-1931466670-3666739151-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LEND
HKU\S-1-5-21-4229975068-1931466670-3666739151-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=LEND
HKU\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LEND
HKU\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=LEND
HKU\S-1-5-21-4229975068-1931466670-3666739151-1007\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-4229975068-1931466670-3666739151-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LEND
HKU\S-1-5-21-4229975068-1931466670-3666739151-1007\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=LEND
URLSearchHook: HKU\S-1-5-21-4229975068-1931466670-3666739151-1004 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
URLSearchHook: HKU\S-1-5-21-4229975068-1931466670-3666739151-1005 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
URLSearchHook: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
URLSearchHook: HKU\S-1-5-21-4229975068-1931466670-3666739151-1007 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> Backup.Old.DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> {72DE6055-3568-696D-18F3-25733E4372F6} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1004 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1004 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1005 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1005 -> {72DE6055-3568-696D-18F3-25733E4372F6} URL =
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1007 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1007 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1007 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1007 -> {72DE6055-3568-696D-18F3-25733E4372F6} URL =
BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} -> No File
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121225094235.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} -> No File
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121225094235.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4229975068-1931466670-3666739151-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4229975068-1931466670-3666739151-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4229975068-1931466670-3666739151-1006: @tools.google.com/Google Update;version=3 -> C:\Users\Michal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4229975068-1931466670-3666739151-1006: @tools.google.com/Google Update;version=9 -> C:\Users\Michal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-01-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_cmi_14_4 ... 361997&ir=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Daddy\AppData\Local\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Daddy\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Daddy\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Daddy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-14]
CHR Extension: (Google Search) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-14]
CHR Extension: (snipsmart) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaccgfkbmhkegoljkoefhpifoaehnhjp [2014-11-23]
CHR Extension: (BucksBee RewardsBar) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajcmjjdlglpcfblcnjilhodiondejlm [2014-01-26]
CHR Extension: (Google Wallet) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-14]
CHR HKLM-x32\...\Chrome\Extension: [lajcmjjdlglpcfblcnjilhodiondejlm] - C:\Users\Daddy\AppData\Roaming\Bucksbee Loyalty Plugin 100815.b for Chrome\Toolbar_production_100815_12.crx [2012-05-21]
CHR StartMenuInternet: Google Chrome - C:\Users\Yael\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 0134851357934090mcinstcleanup; C:\Users\Daddy\AppData\Local\Temp\013485~1.EXE [832664 2012-09-28] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 brmfrsmg; C:\Windows\system32\BrmfRsmg.exe [52736 2009-07-13] (Brother Industries, Ltd.)
S4 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [290832 2011-12-12] (Verizon) [File not signed]
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-11-03] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-11-03] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
S4 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-11-09] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [177680 2012-11-09] (McAfee, Inc.)
S2 cozhost; C:\PROGRA~3\zoomify2\110~1.27\cozhost.exe /ts2=1 [X]
S2 cozwhost; C:\PROGRA~3\zoomify2\110~1.27\cozwhost.exe -scm [X]
S3 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe" Start=service [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 brfilt; C:\Windows\System32\Drivers\Brfilt.sys [6144 2009-06-10] (Brother Industries Ltd.)
R3 BrUsbScn; C:\Windows\System32\Drivers\BrUsbScn.sys [14336 2009-06-10] (Brother Industries Ltd.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-11-09] (McAfee, Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-11-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-11-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-11-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-11-09] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-11-09] (McAfee, Inc.)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-21 09:23 - 2014-12-21 09:24 - 00033550 _____ () C:\Users\Daddy\Desktop\FRST.txt
2014-12-21 09:21 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Daddy\Desktop\FRST64.exe
2014-12-19 09:52 - 2014-12-19 09:52 - 00015719 _____ () C:\Users\Mommy\Desktop\Search.txt
2014-12-19 09:46 - 2014-12-19 09:46 - 00046661 _____ () C:\Users\Mommy\Desktop\Addition.txt
2014-12-19 09:44 - 2014-12-21 09:23 - 00000000 ____D () C:\FRST
2014-12-19 09:44 - 2014-12-19 09:46 - 00060762 _____ () C:\Users\Mommy\Desktop\FRST.txt
2014-12-19 09:35 - 2014-12-19 13:34 - 00000000 ____D () C:\AdwCleaner
2014-12-19 09:35 - 2014-12-19 09:34 - 00000111 _____ () C:\Users\Mommy\Desktop\virus.txt
2014-12-19 09:35 - 2014-12-19 09:30 - 02166272 _____ () C:\Users\Mommy\Desktop\adwcleaner_4.105.exe
2014-12-19 09:35 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Mommy\Desktop\FRST64.exe
2014-12-19 09:18 - 2014-12-19 09:18 - 00000207 _____ () C:\windows\tweaking.com-regbackup-THEMOSTAWESOME-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-12-19 09:16 - 2014-12-19 09:16 - 00002239 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-12-19 09:16 - 2014-12-19 09:16 - 00000000 ____D () C:\RegBackup
2014-12-19 09:16 - 2014-12-19 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-19 09:16 - 2014-12-19 09:16 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-19 09:14 - 2014-12-19 09:14 - 04215584 _____ () C:\Users\Mommy\Desktop\tweaking.com_registry_backup_setup.exe
2014-12-19 09:13 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-19 09:13 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-18 23:33 - 2014-12-18 23:48 - 00000308 _____ () C:\windows\Tasks\Tempo Runner coz32host.job
2014-12-18 23:31 - 2014-12-18 23:48 - 00000306 _____ () C:\windows\Tasks\Tempo Runner cozahost.job
2014-12-18 23:30 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-18 23:29 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-18 23:29 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-18 23:29 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-18 23:29 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-18 23:29 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-18 23:29 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-18 23:29 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-18 23:29 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-18 23:29 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-18 23:29 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-18 23:29 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-18 23:29 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-18 23:29 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-18 23:29 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 23:29 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-18 23:29 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-18 23:29 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-18 23:29 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-18 23:29 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-18 23:29 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-18 23:29 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-18 23:29 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-18 23:29 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-18 23:29 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-18 23:29 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-18 23:29 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-18 23:29 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-18 23:29 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-18 23:29 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-18 23:29 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-18 23:29 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-18 23:29 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-18 23:29 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-18 23:29 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-18 23:29 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-18 23:29 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-18 23:29 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-18 23:29 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-18 23:29 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-18 23:29 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-18 23:29 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-18 23:29 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-18 23:29 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-18 23:29 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-18 23:29 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-18 23:29 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-18 23:29 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-18 23:29 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-18 23:29 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-18 23:29 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-18 23:29 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-18 23:29 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-18 23:29 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-18 23:29 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-18 23:29 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-18 23:29 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-18 23:29 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-18 23:29 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-18 23:28 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-18 23:28 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-18 23:21 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-18 23:21 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-18 23:21 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-18 23:21 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-18 23:21 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-18 23:21 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-18 23:21 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-18 23:21 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-18 23:21 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-18 23:21 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-18 23:20 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-18 23:20 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-18 23:14 - 2014-12-18 23:14 - 00026445 _____ () C:\Users\Daddy\Desktop\dds.txt
2014-12-18 23:14 - 2014-12-18 23:14 - 00009128 _____ () C:\Users\Daddy\Desktop\attach.txt
2014-12-18 23:07 - 2014-12-18 23:07 - 00688992 ____R (Swearware) C:\Users\Mommy\Downloads\dds.scr
2014-12-18 23:07 - 2014-12-18 23:07 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\HpUpdate
2014-11-24 20:41 - 2014-11-24 20:42 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Avg2015
2014-11-24 20:41 - 2014-11-24 20:41 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\AVG2015
2014-11-24 20:39 - 2014-11-24 20:39 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-11-24 20:39 - 2014-11-24 20:39 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\AVG2015
2014-11-24 20:39 - 2014-11-24 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-24 20:38 - 2014-12-19 09:04 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-24 20:38 - 2014-11-24 20:38 - 00000000 ___HD () C:\$AVG
2014-11-24 20:38 - 2014-11-24 20:38 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-11-24 20:36 - 2014-12-21 08:34 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-24 20:36 - 2014-11-24 20:39 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Avg2015
2014-11-24 20:36 - 2014-11-24 20:36 - 04637504 _____ (AVG Technologies) C:\Users\Mommy\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2014-11-24 20:36 - 2014-11-24 20:36 - 00000000 ____D () C:\Users\Daddy\AppData\Local\MFAData
2014-11-24 20:17 - 2014-11-24 20:17 - 00000000 ____D () C:\Users\Mommy\AppData\Local\ospd_us_375
2014-11-24 17:26 - 2014-11-24 17:26 - 01944256 _____ () C:\windows\shost.bin
2014-11-24 07:33 - 2014-12-19 13:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-11-23 18:54 - 2014-11-23 18:54 - 00000000 __SHD () C:\Users\Mommy\AppData\Local\EmieBrowserModeList
2014-11-23 18:53 - 2014-11-23 18:53 - 00000000 ____D () C:\Users\Mommy\AppData\Local\HP
2014-11-23 18:40 - 2014-11-23 18:40 - 00000047 _____ () C:\Users\Daddy\AppData\Roaming\WB.CFG
2014-11-23 18:39 - 2014-11-23 18:39 - 00628496 _____ (CMI Limited) C:\Users\Daddy\AppData\Local\nsh3FDD.tmp
2014-11-23 18:08 - 2014-11-23 18:09 - 00000000 ____D () C:\Users\Mommy\AppData\Local\{8F85811F-A8AD-4ABD-82A8-29D28DC27661}
2014-11-23 18:01 - 2014-11-23 18:01 - 00613057 _____ (CMI Limited) C:\Users\Daddy\AppData\Local\nsi226C.tmp
2014-11-23 18:00 - 2014-11-23 18:00 - 00000000 ____D () C:\Users\Daddy\AppData\Local\WorldofTanks
2014-11-23 17:59 - 2014-11-23 17:59 - 00000000 ____D () C:\Users\Daddy\AppData\Local\StormFall
2014-11-23 17:52 - 2014-11-23 17:53 - 106859936 _____ () C:\Users\Daddy\Downloads\DJ2540_188 (1).exe
2014-11-23 17:41 - 2014-11-23 17:41 - 00613057 _____ (CMI Limited) C:\Users\Daddy\AppData\Local\nsa441E.tmp
2014-11-23 17:40 - 2014-12-21 08:56 - 00000000 ____D () C:\Users\Daddy\AppData\Local\ospd_us_375
2014-11-23 17:35 - 2014-11-23 17:35 - 106859936 _____ () C:\Users\Daddy\Downloads\Unconfirmed 828580.crdownload
2014-11-23 17:33 - 2014-11-23 17:33 - 00834488 _____ (SlimWare Utilities, Inc.) C:\Users\Daddy\Downloads\DriverUpdate-setup.exe
2014-11-23 17:27 - 2014-11-23 17:27 - 00003626 _____ () C:\windows\System32\Tasks\HPCustParticipation HP Deskjet 2540 series
2014-11-23 17:27 - 2014-11-23 17:27 - 00001995 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-11-23 17:27 - 2014-11-23 17:27 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\HpUpdate
2014-11-23 17:27 - 2014-11-23 17:27 - 00000000 ____D () C:\ProgramData\Visan
2014-11-23 17:27 - 2014-11-23 17:27 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-11-23 17:27 - 2014-11-23 17:27 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-11-23 17:27 - 2014-11-23 17:27 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-11-23 17:26 - 2014-11-23 17:51 - 00000000 ____D () C:\Program Files (x86)\HP
2014-11-23 17:26 - 2014-11-23 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-11-23 17:26 - 2014-11-23 17:26 - 00002212 _____ () C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
2014-11-23 17:26 - 2014-11-23 17:26 - 00001159 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 2540 series.lnk
2014-11-23 17:26 - 2014-11-23 17:26 - 00000000 ____D () C:\ProgramData\HP
2014-11-23 17:26 - 2014-11-23 17:26 - 00000000 ____D () C:\Program Files\HP
2014-11-23 17:26 - 2014-03-06 12:51 - 00763912 ____N (Hewlett-Packard Co.) C:\windows\system32\HPDiscoPMC211.dll
2014-11-23 17:25 - 2014-11-23 17:25 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-11-23 17:23 - 2014-11-23 17:24 - 106859936 _____ () C:\Users\Daddy\Downloads\DJ2540_188.exe
2014-11-23 17:22 - 2014-11-23 17:27 - 00000000 ____D () C:\Users\Daddy\AppData\Local\HP
2014-11-23 12:41 - 2014-11-23 12:41 - 00584504 _____ () C:\Users\Daddy\Downloads\Installation.exe
2014-11-23 09:01 - 2014-11-23 09:01 - 00012678 _____ () C:\Users\Daddy\Downloads\contemp- cash flow.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-21 09:23 - 2012-07-11 18:57 - 00000008 __RSH () C:\Users\Mommy\ntuser.pol
2014-12-21 09:23 - 2012-04-30 09:58 - 00000000 ____D () C:\Users\Mommy
2014-12-21 09:21 - 2009-07-13 22:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-12-21 09:17 - 2012-08-19 20:06 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-21 09:16 - 2012-07-22 14:14 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001UA.job
2014-12-21 09:07 - 2012-07-05 14:19 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002UA.job
2014-12-21 08:53 - 2011-12-21 19:15 - 01075242 _____ () C:\windows\WindowsUpdate.log
2014-12-21 08:48 - 2012-07-20 16:53 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1003UA.job
2014-12-21 08:41 - 2012-07-06 17:21 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006UA.job
2014-12-21 08:23 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-12-21 07:57 - 2009-07-13 23:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-21 07:57 - 2009-07-13 23:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-21 07:49 - 2014-01-23 04:28 - 00000923 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-12-21 07:49 - 2014-01-23 04:28 - 00000907 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-12-21 07:49 - 2012-05-01 21:49 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-12-21 07:49 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-21 07:49 - 2009-07-13 23:51 - 00073897 _____ () C:\windows\setupact.log
2014-12-20 18:21 - 2009-07-14 00:13 - 00006206 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-19 14:21 - 2014-10-07 11:58 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-19 14:21 - 2014-10-07 11:58 - 00000000 ____D () C:\ProgramData\Skype
2014-12-19 14:21 - 2014-10-07 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-19 13:37 - 2013-03-24 12:18 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Spotify
2014-12-19 13:35 - 2010-11-20 22:47 - 00840900 _____ () C:\windows\PFRO.log
2014-12-19 13:25 - 2012-06-09 21:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-12-19 13:19 - 2012-09-15 19:11 - 00020786 _____ () C:\INSTALLHELPER.LOG
2014-12-19 10:04 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-19 09:22 - 2013-06-20 07:02 - 00002374 _____ () C:\Users\Mommy\Desktop\Google Chrome.lnk
2014-12-19 09:18 - 2012-04-29 21:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-19 09:06 - 2009-07-13 21:34 - 00000537 _____ () C:\windows\win.ini
2014-12-18 23:47 - 2013-08-14 02:02 - 00000000 ____D () C:\windows\system32\MRT
2014-12-18 23:30 - 2012-06-01 09:10 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-24 20:42 - 2014-07-17 22:05 - 00000177 _____ () C:\Users\Mommy\Desktop\avgrep.txt
2014-11-24 19:41 - 2012-07-06 17:21 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006Core.job
2014-11-24 19:07 - 2012-07-05 14:19 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002Core.job
2014-11-24 13:15 - 2012-07-22 14:14 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001Core.job
2014-11-23 20:33 - 2013-03-24 12:18 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Spotify
2014-11-23 17:35 - 2012-05-20 07:21 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Adobe
2014-11-23 17:30 - 2011-12-21 19:47 - 00002398 _____ () C:\Users\Public\Desktop\Internet Browser.lnk
2014-11-23 17:30 - 2011-12-21 19:47 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-23 06:48 - 2012-07-20 16:53 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1003Core.job
Some content of TEMP:
====================
C:\Users\Daddy\AppData\Local\Temp\0134851357934090mcinst.exe
C:\Users\Daddy\AppData\Local\Temp\2F658057-A565-F64A-D98A-1AE05C625B6D.dll
C:\Users\Daddy\AppData\Local\Temp\2F658057-A565-F64A-D98A-1AE05C625B6D.exe
C:\Users\Daddy\AppData\Local\Temp\321D0B64-DA79-1F48-57D5-F28ACE24334D.exe
C:\Users\Daddy\AppData\Local\Temp\avg-dfc21d4c-ec33-4d5f-838b-bf2ecb78a763.exe
C:\Users\Daddy\AppData\Local\Temp\bq4u_otq.dll
C:\Users\Daddy\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe
C:\Users\Daddy\AppData\Local\Temp\mcinsint.exe
C:\Users\Daddy\AppData\Local\Temp\n1hex_8y.dll
C:\Users\Daddy\AppData\Local\Temp\oi_{7E984432-BFC1-4E2B-BAD6-05CC4B3F7F45}.exe
C:\Users\Daddy\AppData\Local\Temp\ose00000.exe
C:\Users\Daddy\AppData\Local\Temp\Package_en_ww.exe
C:\Users\Daddy\AppData\Local\Temp\Quarantine.exe
C:\Users\Daddy\AppData\Local\Temp\Setup.exe
C:\Users\Daddy\AppData\Local\Temp\sqlite3.dll
C:\Users\Daddy\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Daddy\AppData\Local\Temp\System.Data.SQLite31822.dll
C:\Users\Daddy\AppData\Local\Temp\System.Data.SQLite38049.dll
C:\Users\Daddy\AppData\Local\Temp\System.Data.SQLite66487.dll
C:\Users\Daddy\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Daddy\AppData\Local\Temp\VASInstallerWizard.exe
C:\Users\Daddy\AppData\Local\Temp\winziprosetup.exe
C:\Users\Yael\AppData\Local\Temp\mcinsint.exe
C:\Users\Yael\AppData\Local\Temp\VASInstallerWizard.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-21 08:16
==================== End Of Log ============================