Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected with IDP.Program.D1B0A5C0

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Infected with IDP.Program.D1B0A5C0

Unread postby Gary R » December 23rd, 2014, 2:41 am

Still quite a bit of stuff to remove. Still, we're getting there. :)

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (don't include Code: Select all)
Code: Select all
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - E:\LaunchU3.exe -a
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - F:\LaunchU3.exe -a
HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - E:\LaunchU3.exe -a
HKU\S-1-5-21-4229975068-1931466670-3666739151-1004\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - F:\LaunchU3.exe -a
URLSearchHook: HKU\S-1-5-21-4229975068-1931466670-3666739151-1004 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
URLSearchHook: HKU\S-1-5-21-4229975068-1931466670-3666739151-1005 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
URLSearchHook: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> Backup.Old.DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1005 -> {72DE6055-3568-696D-18F3-25733E4372F6} URL =
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir="
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION" /v "ALOTWidgets.exe" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION" /v "ALOTWidgets.exe" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1002\Software\AppDataLow\Software\alotappbar" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\AppDataLow\Software\alotappbar" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1004\Software\AppDataLow\Software\alotappbar" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1005\Software\AppDataLow\Software\alotappbar" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\AppDataLow\Software\alotappbar" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\Shared\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\CR\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\IE\" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1002\Software\AppDataLow\Software\BlockAndSurf" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\AppDataLow\Software\BlockAndSurf" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1004\Software\AppDataLow\Software\BlockAndSurf" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1005\Software\AppDataLow\Software\BlockAndSurf" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\AppDataLow\Software\BlockAndSurf" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1002\Software\DealCabby" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted" /v "C:\Users\Mommy\Downloads\EasyDriverPro.exe" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E540A74-25E-4C6A-91C5-AEFB8C9E7258}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E197BA28-6497-4D92-8BC-7BA8888B5B5}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1002\Software\AppDataLow\Software\Savepass 3.0" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\AppDataLow\Software\Savepass 3.0" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16985C8-3D0C-4A34-8939-8C89E46B4622}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{291C2B3E-BC10-47B9-82F7-476F237FD90}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AEC82FB-F75E-4086-B041-7F34AAD0E3F6}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4772716C-A71E-48BB-859C-873545C762F0}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{645608CD-FC18-474E-924F-68573FD6DCB3}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E0133CF-F549-4DC4-B7CE-947660F01EBA}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C87B9BB-842C-4424-8096-B832D41FD6CC}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E540A74-25E-4C6A-91C5-AEFB8C9E7258}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4E5D7E7-37ED-4592-9BDE-E1AEB758C25E}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C19BF089-7D4D-420C-B470-C482F42960BD}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3A14A00-B866-4D44-9D68-28F0F527B2E6}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0E45F32-C550-41DC-A81B-B0915D64E8E3}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1004\Software\AppDataLow\Software\Savepass 3.0" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\AppDataLow\Software\Savepass 3.0" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING" /v "snipsmart.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\AppDataLow\Software\snipsmart" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\snipsmart" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1382c0bf_0" /v "" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apisnipsmartinfo-a.akamaihd.net" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\snipsmart" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids" /v "VosteranHTML.XAQEHVRZTKJGE27YQRA7GQFX4I" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Direct3D\MostRecentApplication" /v "Name" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice" /v "Progid" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice" /v "Progid" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice" /v "Progid" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice" /v "Progid" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Classes\.xht" /v "" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Classes\http\DefaultIcon" /v "" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\.html" /v "" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\ftp\DefaultIcon" /v "" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\https\DefaultIcon" /v "" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1002\Software\AppDataLow\Software\zoomify" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\AppDataLow\Software\zoomify" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1004\Software\AppDataLow\Software\zoomify" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1005\Software\AppDataLow\Software\zoomify" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\AppDataLow\Software\zoomify" /f
Hosts:
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Next ....

Run a new scan and search for me with FRST on the next account (if there are any left that we haven't yet scanned) and post me the new logs please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 23rd, 2014, 10:16 pm

Thank you very much

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
Ran by Daddy at 2014-12-23 20:48:54 Run:4
Running from C:\Users\Atara\Desktop
Loaded Profiles: Daddy & Atara (Available profiles: Daddy & Yael & Mommy & Shalom & Atara & Michal & Sara)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - E:\LaunchU3.exe -a
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - F:\LaunchU3.exe -a
HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - E:\LaunchU3.exe -a
HKU\S-1-5-21-4229975068-1931466670-3666739151-1004\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - F:\LaunchU3.exe -a
URLSearchHook: HKU\S-1-5-21-4229975068-1931466670-3666739151-1004 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
URLSearchHook: HKU\S-1-5-21-4229975068-1931466670-3666739151-1005 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
URLSearchHook: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> Backup.Old.DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1005 -> {72DE6055-3568-696D-18F3-25733E4372F6} URL =
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir="
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION" /v "ALOTWidgets.exe" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION" /v "ALOTWidgets.exe" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1002\Software\AppDataLow\Software\alotappbar" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\AppDataLow\Software\alotappbar" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1004\Software\AppDataLow\Software\alotappbar" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1005\Software\AppDataLow\Software\alotappbar" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\AppDataLow\Software\alotappbar" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\Shared\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\CR\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\IE\" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1002\Software\AppDataLow\Software\BlockAndSurf" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\AppDataLow\Software\BlockAndSurf" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1004\Software\AppDataLow\Software\BlockAndSurf" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1005\Software\AppDataLow\Software\BlockAndSurf" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\AppDataLow\Software\BlockAndSurf" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1002\Software\DealCabby" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted" /v "C:\Users\Mommy\Downloads\EasyDriverPro.exe" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E540A74-25E-4C6A-91C5-AEFB8C9E7258}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E197BA28-6497-4D92-8BC-7BA8888B5B5}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1002\Software\AppDataLow\Software\Savepass 3.0" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\AppDataLow\Software\Savepass 3.0" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16985C8-3D0C-4A34-8939-8C89E46B4622}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{291C2B3E-BC10-47B9-82F7-476F237FD90}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AEC82FB-F75E-4086-B041-7F34AAD0E3F6}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4772716C-A71E-48BB-859C-873545C762F0}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{645608CD-FC18-474E-924F-68573FD6DCB3}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E0133CF-F549-4DC4-B7CE-947660F01EBA}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C87B9BB-842C-4424-8096-B832D41FD6CC}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E540A74-25E-4C6A-91C5-AEFB8C9E7258}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4E5D7E7-37ED-4592-9BDE-E1AEB758C25E}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C19BF089-7D4D-420C-B470-C482F42960BD}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3A14A00-B866-4D44-9D68-28F0F527B2E6}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0E45F32-C550-41DC-A81B-B0915D64E8E3}" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1004\Software\AppDataLow\Software\Savepass 3.0" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\AppDataLow\Software\Savepass 3.0" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING" /v "snipsmart.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\AppDataLow\Software\snipsmart" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\snipsmart" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1382c0bf_0" /v "" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apisnipsmartinfo-a.akamaihd.net" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\snipsmart" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids" /v "VosteranHTML.XAQEHVRZTKJGE27YQRA7GQFX4I" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Direct3D\MostRecentApplication" /v "Name" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice" /v "Progid" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice" /v "Progid" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice" /v "Progid" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice" /v "Progid" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Classes\.xht" /v "" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Classes\http\DefaultIcon" /v "" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\.html" /v "" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\ftp\DefaultIcon" /v "" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\https\DefaultIcon" /v "" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1002\Software\AppDataLow\Software\zoomify" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\AppDataLow\Software\zoomify" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1004\Software\AppDataLow\Software\zoomify" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1005\Software\AppDataLow\Software\zoomify" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\AppDataLow\Software\zoomify" /f
Hosts:
EmptyTemp:

*****************

"HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eef8173-e036-11e1-8a92-c89cdcb53833}" => Key deleted successfully.
"HKCR\CLSID\{4eef8173-e036-11e1-8a92-c89cdcb53833}" => Key not found.
"HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eef8173-e036-11e1-8a92-c89cdcb53833}" => Key not found.
"HKCR\CLSID\{4eef8173-e036-11e1-8a92-c89cdcb53833}" => Key not found.
"HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-4229975068-1931466670-3666739151-1003" => Key not found.
"HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eef8173-e036-11e1-8a92-c89cdcb53833}" => Key not found.
"HKCR\CLSID\{4eef8173-e036-11e1-8a92-c89cdcb53833}" => Key not found.
"HKU\S-1-5-21-4229975068-1931466670-3666739151-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eef8173-e036-11e1-8a92-c89cdcb53833}" => Key not found.
"HKCR\CLSID\{4eef8173-e036-11e1-8a92-c89cdcb53833}" => Key not found.
HKU\S-1-5-21-4229975068-1931466670-3666739151-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Value not found.
HKU\S-1-5-21-4229975068-1931466670-3666739151-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value deleted successfully.
HKU\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Value not found.
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => Value not found.
"HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key not found.
"HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key not found.
"HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKU\S-1-5-21-4229975068-1931466670-3666739151-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKU\S-1-5-21-4229975068-1931466670-3666739151-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{72DE6055-3568-696D-18F3-25733E4372F6}" => Key deleted successfully.
"HKCR\CLSID\{72DE6055-3568-696D-18F3-25733E4372F6}" => Key not found.
"HKU\S-1-5-21-4229975068-1931466670-3666739151-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
HKU\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => value deleted successfully.
"HKCR\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5}" => Key not found.
Chrome StartupUrls deleted successfully.

========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION" /v "ALOTWidgets.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION" /v "ALOTWidgets.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1002\Software\AppDataLow\Software\alotappbar" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\AppDataLow\Software\alotappbar" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1004\Software\AppDataLow\Software\alotappbar" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1005\Software\AppDataLow\Software\alotappbar" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\AppDataLow\Software\alotappbar" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\Shared\" /f =========

Delete the registry value C:\Users\Daddy\AppData\Roaming\BabylonToolbar\Shared" /f (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\CR\" /f =========

Delete the registry value C:\Users\Daddy\AppData\Roaming\BabylonToolbar\CR" /f (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\IE\" /f =========

Delete the registry value C:\Users\Daddy\AppData\Roaming\BabylonToolbar\IE" /f (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1002\Software\AppDataLow\Software\BlockAndSurf" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\AppDataLow\Software\BlockAndSurf" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1004\Software\AppDataLow\Software\BlockAndSurf" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1005\Software\AppDataLow\Software\BlockAndSurf" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\AppDataLow\Software\BlockAndSurf" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1002\Software\DealCabby" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted" /v "C:\Users\Mommy\Downloads\EasyDriverPro.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E540A74-25E-4C6A-91C5-AEFB8C9E7258}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E197BA28-6497-4D92-8BC-7BA8888B5B5}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1002\Software\AppDataLow\Software\Savepass 3.0" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\AppDataLow\Software\Savepass 3.0" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16985C8-3D0C-4A34-8939-8C89E46B4622}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{291C2B3E-BC10-47B9-82F7-476F237FD90}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AEC82FB-F75E-4086-B041-7F34AAD0E3F6}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4772716C-A71E-48BB-859C-873545C762F0}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{645608CD-FC18-474E-924F-68573FD6DCB3}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E0133CF-F549-4DC4-B7CE-947660F01EBA}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C87B9BB-842C-4424-8096-B832D41FD6CC}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E540A74-25E-4C6A-91C5-AEFB8C9E7258}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4E5D7E7-37ED-4592-9BDE-E1AEB758C25E}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C19BF089-7D4D-420C-B470-C482F42960BD}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3A14A00-B866-4D44-9D68-28F0F527B2E6}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0E45F32-C550-41DC-A81B-B0915D64E8E3}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1004\Software\AppDataLow\Software\Savepass 3.0" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\AppDataLow\Software\Savepass 3.0" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING" /v "snipsmart.BOAS.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\AppDataLow\Software\snipsmart" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\snipsmart" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1382c0bf_0" /v "" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apisnipsmartinfo-a.akamaihd.net" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\snipsmart" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids" /v "VosteranHTML.XAQEHVRZTKJGE27YQRA7GQFX4I" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Direct3D\MostRecentApplication" /v "Name" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice" /v "Progid" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice" /v "Progid" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice" /v "Progid" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice" /v "Progid" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Classes\.xht" /v "" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Classes\http\DefaultIcon" /v "" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\.html" /v "" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\ftp\DefaultIcon" /v "" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\https\DefaultIcon" /v "" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1002\Software\AppDataLow\Software\zoomify" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\AppDataLow\Software\zoomify" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1004\Software\AppDataLow\Software\zoomify" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1005\Software\AppDataLow\Software\zoomify" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\AppDataLow\Software\zoomify" /f =========

The operation completed successfully.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 631 KB temporary data.


The system needed a reboot.

==== End of Fixlog ====
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 23rd, 2014, 10:16 pm

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Daddy (administrator) on THEMOSTAWESOME on 23-12-2014 20:56:21
Running from C:\Users\Shalom\Desktop
Loaded Profiles: Daddy & Shalom (Available profiles: Daddy & Yael & Mommy & Shalom & Atara & Michal & Sara)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brother Industries, Ltd.) C:\Windows\System32\BrmfRsmg.exe
(Brother Industries, Ltd.) C:\Windows\System32\BrmfRsmg.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
() C:\Windows\jmesoft\Service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Run: [Google Update] => C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-22] (Google Inc.)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1004\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - F:\LaunchU3.exe -a
Startup: C:\Users\Yael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-4229975068-1931466670-3666739151-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-4229975068-1931466670-3666739151-1001] => http=127.0.0.1:62855;https=127.0.0.1:62855
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
HKU\S-1-5-21-4229975068-1931466670-3666739151-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LEND
URLSearchHook: HKU\S-1-5-21-4229975068-1931466670-3666739151-1004 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1004 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1004 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121225094235.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121225094235.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4229975068-1931466670-3666739151-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4229975068-1931466670-3666739151-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-01-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Daddy\AppData\Local\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Daddy\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Daddy\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Daddy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-14]
CHR Extension: (Google Search) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-14]
CHR Extension: (Google Wallet) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Yael\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 brmfrsmg; C:\Windows\system32\BrmfRsmg.exe [52736 2009-07-13] (Brother Industries, Ltd.)
S4 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [290832 2011-12-12] (Verizon) [File not signed]
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-11-03] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-11-03] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
S4 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-11-09] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [177680 2012-11-09] (McAfee, Inc.)
S4 0134851357934090mcinstcleanup; C:\Users\Daddy\AppData\Local\Temp\013485~1.EXE -cleanup -nolog [X]
S3 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe" Start=service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 brfilt; C:\Windows\System32\Drivers\Brfilt.sys [6144 2009-06-10] (Brother Industries Ltd.)
R3 BrUsbScn; C:\Windows\System32\Drivers\BrUsbScn.sys [14336 2009-06-10] (Brother Industries Ltd.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-11-09] (McAfee, Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-11-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-11-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-11-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-11-09] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-11-09] (McAfee, Inc.)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 20:56 - 2014-12-23 20:57 - 00022253 _____ () C:\Users\Shalom\Desktop\FRST.txt
2014-12-23 20:55 - 2014-12-22 21:20 - 00000183 _____ () C:\Users\Shalom\Desktop\search for virus.txt
2014-12-23 20:55 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Shalom\Desktop\FRST64.exe
2014-12-23 20:54 - 2014-12-23 20:54 - 00000000 ____D () C:\Users\Shalom\AppData\Roaming\AVG2015
2014-12-23 20:54 - 2014-12-23 20:54 - 00000000 ____D () C:\Users\Shalom\AppData\Local\Avg2015
2014-12-22 21:28 - 2014-12-22 21:28 - 00010856 _____ () C:\Users\Atara\Desktop\Search.txt
2014-12-22 21:13 - 2014-12-22 21:13 - 00031021 _____ () C:\Users\Atara\Desktop\Addition.txt
2014-12-22 21:12 - 2014-12-22 21:13 - 00053735 _____ () C:\Users\Atara\Desktop\FRST.txt
2014-12-22 21:11 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Atara\Desktop\FRST64.exe
2014-12-22 21:09 - 2014-12-22 21:09 - 00000000 ____D () C:\Users\Atara\AppData\Roaming\AVG2015
2014-12-22 21:09 - 2014-12-22 21:09 - 00000000 ____D () C:\Users\Atara\AppData\Local\Avg2015
2014-12-21 14:01 - 2014-12-21 14:01 - 00003361 _____ () C:\Users\Sara\Desktop\Search.txt
2014-12-21 14:01 - 2014-12-21 14:01 - 00000000 ____D () C:\Users\Sara\AppData\Local\Microsoft Games
2014-12-21 13:59 - 2014-12-21 13:59 - 00028589 _____ () C:\Users\Sara\Desktop\Addition.txt
2014-12-21 13:58 - 2014-12-21 13:59 - 00034033 _____ () C:\Users\Sara\Desktop\FRST.txt
2014-12-21 13:57 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Sara\Desktop\FRST64.exe
2014-12-21 13:54 - 2014-12-21 13:54 - 00000000 ____D () C:\Users\Sara\AppData\Local\Logitech® Webcam Software
2014-12-21 13:52 - 2014-12-21 13:52 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\AVG2015
2014-12-21 13:52 - 2014-12-21 13:52 - 00000000 ____D () C:\Users\Sara\AppData\Local\Avg2015
2014-12-21 12:49 - 2014-12-21 12:49 - 00000000 ____D () C:\Users\Daddy\Desktop\New folder
2014-12-21 09:29 - 2014-12-21 09:29 - 00027979 _____ () C:\Users\Daddy\Desktop\Search.txt
2014-12-21 09:24 - 2014-12-21 09:25 - 00034752 _____ () C:\Users\Daddy\Desktop\Addition.txt
2014-12-21 09:23 - 2014-12-21 09:25 - 00055826 _____ () C:\Users\Daddy\Desktop\FRST.txt
2014-12-21 09:21 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Daddy\Desktop\FRST64.exe
2014-12-19 09:52 - 2014-12-19 09:52 - 00015719 _____ () C:\Users\Mommy\Desktop\Search.txt
2014-12-19 09:46 - 2014-12-19 09:46 - 00046661 _____ () C:\Users\Mommy\Desktop\Addition.txt
2014-12-19 09:44 - 2014-12-23 20:56 - 00000000 ____D () C:\FRST
2014-12-19 09:44 - 2014-12-19 09:46 - 00060762 _____ () C:\Users\Mommy\Desktop\FRST.txt
2014-12-19 09:35 - 2014-12-19 13:34 - 00000000 ____D () C:\AdwCleaner
2014-12-19 09:35 - 2014-12-19 09:34 - 00000111 _____ () C:\Users\Mommy\Desktop\virus.txt
2014-12-19 09:35 - 2014-12-19 09:30 - 02166272 _____ () C:\Users\Mommy\Desktop\adwcleaner_4.105.exe
2014-12-19 09:35 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Mommy\Desktop\FRST64.exe
2014-12-19 09:18 - 2014-12-19 09:18 - 00000207 _____ () C:\windows\tweaking.com-regbackup-THEMOSTAWESOME-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-12-19 09:16 - 2014-12-19 09:16 - 00002239 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-12-19 09:16 - 2014-12-19 09:16 - 00000000 ____D () C:\RegBackup
2014-12-19 09:16 - 2014-12-19 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-19 09:16 - 2014-12-19 09:16 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-19 09:14 - 2014-12-19 09:14 - 04215584 _____ () C:\Users\Mommy\Desktop\tweaking.com_registry_backup_setup.exe
2014-12-19 09:13 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-19 09:13 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-18 23:30 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-18 23:29 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-18 23:29 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-18 23:29 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-18 23:29 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-18 23:29 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-18 23:29 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-18 23:29 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-18 23:29 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-18 23:29 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-18 23:29 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-18 23:29 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-18 23:29 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-18 23:29 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-18 23:29 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 23:29 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-18 23:29 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-18 23:29 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-18 23:29 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-18 23:29 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-18 23:29 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-18 23:29 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-18 23:29 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-18 23:29 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-18 23:29 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-18 23:29 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-18 23:29 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-18 23:29 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-18 23:29 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-18 23:29 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-18 23:29 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-18 23:29 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-18 23:29 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-18 23:29 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-18 23:29 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-18 23:29 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-18 23:29 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-18 23:29 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-18 23:29 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-18 23:29 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-18 23:29 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-18 23:29 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-18 23:29 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-18 23:29 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-18 23:29 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-18 23:29 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-18 23:29 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-18 23:29 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-18 23:29 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-18 23:29 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-18 23:29 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-18 23:29 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-18 23:29 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-18 23:29 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-18 23:29 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-18 23:29 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-18 23:29 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-18 23:29 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-18 23:29 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-18 23:28 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-18 23:28 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-18 23:21 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-18 23:21 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-18 23:21 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-18 23:21 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-18 23:21 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-18 23:21 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-18 23:21 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-18 23:21 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-18 23:21 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-18 23:21 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-18 23:20 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-18 23:20 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-18 23:14 - 2014-12-18 23:14 - 00026445 _____ () C:\Users\Daddy\Desktop\dds.txt
2014-12-18 23:14 - 2014-12-18 23:14 - 00009128 _____ () C:\Users\Daddy\Desktop\attach.txt
2014-12-18 23:07 - 2014-12-18 23:07 - 00688992 ____R (Swearware) C:\Users\Mommy\Downloads\dds.scr
2014-12-18 23:07 - 2014-12-18 23:07 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\HpUpdate
2014-11-24 20:41 - 2014-11-24 20:42 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Avg2015
2014-11-24 20:41 - 2014-11-24 20:41 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\AVG2015
2014-11-24 20:39 - 2014-11-24 20:39 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-11-24 20:39 - 2014-11-24 20:39 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\AVG2015
2014-11-24 20:39 - 2014-11-24 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-24 20:38 - 2014-12-19 09:04 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-24 20:38 - 2014-11-24 20:38 - 00000000 ___HD () C:\$AVG
2014-11-24 20:38 - 2014-11-24 20:38 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-11-24 20:36 - 2014-12-23 20:57 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-24 20:36 - 2014-11-24 20:39 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Avg2015
2014-11-24 20:36 - 2014-11-24 20:36 - 04637504 _____ (AVG Technologies) C:\Users\Mommy\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2014-11-24 20:36 - 2014-11-24 20:36 - 00000000 ____D () C:\Users\Daddy\AppData\Local\MFAData
2014-11-24 17:26 - 2014-11-24 17:26 - 01944256 _____ () C:\windows\shost.bin
2014-11-24 07:33 - 2014-12-19 13:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-11-23 18:54 - 2014-11-23 18:54 - 00000000 __SHD () C:\Users\Mommy\AppData\Local\EmieBrowserModeList
2014-11-23 18:53 - 2014-11-23 18:53 - 00000000 ____D () C:\Users\Mommy\AppData\Local\HP
2014-11-23 18:40 - 2014-11-23 18:40 - 00000047 _____ () C:\Users\Daddy\AppData\Roaming\WB.CFG
2014-11-23 18:08 - 2014-11-23 18:09 - 00000000 ____D () C:\Users\Mommy\AppData\Local\{8F85811F-A8AD-4ABD-82A8-29D28DC27661}
2014-11-23 18:00 - 2014-11-23 18:00 - 00000000 ____D () C:\Users\Daddy\AppData\Local\WorldofTanks
2014-11-23 17:59 - 2014-11-23 17:59 - 00000000 ____D () C:\Users\Daddy\AppData\Local\StormFall
2014-11-23 17:52 - 2014-11-23 17:53 - 106859936 _____ () C:\Users\Daddy\Downloads\DJ2540_188 (1).exe
2014-11-23 17:35 - 2014-11-23 17:35 - 106859936 _____ () C:\Users\Daddy\Downloads\Unconfirmed 828580.crdownload
2014-11-23 17:33 - 2014-11-23 17:33 - 00834488 _____ (SlimWare Utilities, Inc.) C:\Users\Daddy\Downloads\DriverUpdate-setup.exe
2014-11-23 17:27 - 2014-11-23 17:27 - 00003626 _____ () C:\windows\System32\Tasks\HPCustParticipation HP Deskjet 2540 series
2014-11-23 17:27 - 2014-11-23 17:27 - 00001995 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-11-23 17:27 - 2014-11-23 17:27 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\HpUpdate
2014-11-23 17:27 - 2014-11-23 17:27 - 00000000 ____D () C:\ProgramData\Visan
2014-11-23 17:27 - 2014-11-23 17:27 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-11-23 17:27 - 2014-11-23 17:27 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-11-23 17:27 - 2014-11-23 17:27 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-11-23 17:26 - 2014-11-23 17:51 - 00000000 ____D () C:\Program Files (x86)\HP
2014-11-23 17:26 - 2014-11-23 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-11-23 17:26 - 2014-11-23 17:26 - 00002212 _____ () C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
2014-11-23 17:26 - 2014-11-23 17:26 - 00001159 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 2540 series.lnk
2014-11-23 17:26 - 2014-11-23 17:26 - 00000000 ____D () C:\ProgramData\HP
2014-11-23 17:26 - 2014-11-23 17:26 - 00000000 ____D () C:\Program Files\HP
2014-11-23 17:26 - 2014-03-06 12:51 - 00763912 ____N (Hewlett-Packard Co.) C:\windows\system32\HPDiscoPMC211.dll
2014-11-23 17:25 - 2014-11-23 17:25 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-11-23 17:23 - 2014-11-23 17:24 - 106859936 _____ () C:\Users\Daddy\Downloads\DJ2540_188.exe
2014-11-23 17:22 - 2014-11-23 17:27 - 00000000 ____D () C:\Users\Daddy\AppData\Local\HP
2014-11-23 12:41 - 2014-11-23 12:41 - 00584504 _____ () C:\Users\Daddy\Downloads\Installation.exe
2014-11-23 09:01 - 2014-11-23 09:01 - 00012678 _____ () C:\Users\Daddy\Downloads\contemp- cash flow.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 20:57 - 2011-12-21 19:15 - 01129749 _____ () C:\windows\WindowsUpdate.log
2014-12-23 20:54 - 2012-08-10 07:53 - 00000008 __RSH () C:\Users\Shalom\ntuser.pol
2014-12-23 20:54 - 2012-06-09 21:24 - 00091584 _____ () C:\Users\Shalom\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-23 20:54 - 2012-06-09 21:17 - 00000000 ____D () C:\Users\Shalom
2014-12-23 20:52 - 2014-01-23 04:28 - 00000923 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-12-23 20:52 - 2014-01-23 04:28 - 00000907 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-12-23 20:52 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-23 20:52 - 2009-07-13 23:51 - 00075197 _____ () C:\windows\setupact.log
2014-12-23 20:50 - 2009-07-13 23:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-23 20:50 - 2009-07-13 23:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-23 20:46 - 2012-05-01 21:49 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-12-22 21:09 - 2014-05-27 14:12 - 00091584 _____ () C:\Users\Atara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-22 21:09 - 2012-07-22 09:21 - 00000008 __RSH () C:\Users\Atara\ntuser.pol
2014-12-22 21:09 - 2012-05-03 09:01 - 00000000 ____D () C:\Users\Atara
2014-12-22 19:29 - 2009-07-14 00:13 - 00006206 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-21 13:52 - 2012-12-15 17:56 - 00091584 _____ () C:\Users\Sara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-21 13:51 - 2012-08-25 19:40 - 00000008 __RSH () C:\Users\Sara\ntuser.pol
2014-12-21 13:51 - 2012-08-25 19:40 - 00000000 ____D () C:\Users\Sara
2014-12-21 13:48 - 2012-07-20 16:53 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1003UA.job
2014-12-21 13:41 - 2012-07-06 17:21 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006UA.job
2014-12-21 13:17 - 2012-08-19 20:06 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-21 13:15 - 2012-07-22 14:14 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001UA.job
2014-12-21 13:15 - 2012-07-22 14:14 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001Core.job
2014-12-21 13:07 - 2012-07-05 14:19 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002UA.job
2014-12-21 12:51 - 2012-08-20 21:43 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Bucksbee Loyalty Plugin 100815.b for Chrome
2014-12-21 12:48 - 2012-07-14 20:40 - 00000008 __RSH () C:\Users\Daddy\ntuser.pol
2014-12-21 12:48 - 2012-04-29 18:44 - 00000000 ____D () C:\Users\Daddy
2014-12-21 09:23 - 2012-07-11 18:57 - 00000008 __RSH () C:\Users\Mommy\ntuser.pol
2014-12-21 09:23 - 2012-04-30 09:58 - 00000000 ____D () C:\Users\Mommy
2014-12-21 09:21 - 2009-07-13 22:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-12-21 08:23 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-12-19 14:21 - 2014-10-07 11:58 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-19 14:21 - 2014-10-07 11:58 - 00000000 ____D () C:\ProgramData\Skype
2014-12-19 14:21 - 2014-10-07 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-19 13:37 - 2013-03-24 12:18 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Spotify
2014-12-19 13:35 - 2010-11-20 22:47 - 00840900 _____ () C:\windows\PFRO.log
2014-12-19 13:25 - 2012-06-09 21:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-12-19 13:19 - 2012-09-15 19:11 - 00020786 _____ () C:\INSTALLHELPER.LOG
2014-12-19 10:04 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-19 09:22 - 2013-06-20 07:02 - 00002374 _____ () C:\Users\Mommy\Desktop\Google Chrome.lnk
2014-12-19 09:18 - 2012-04-29 21:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-19 09:06 - 2009-07-13 21:34 - 00000537 _____ () C:\windows\win.ini
2014-12-18 23:47 - 2013-08-14 02:02 - 00000000 ____D () C:\windows\system32\MRT
2014-12-18 23:30 - 2012-06-01 09:10 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-24 20:42 - 2014-07-17 22:05 - 00000177 _____ () C:\Users\Mommy\Desktop\avgrep.txt
2014-11-24 19:41 - 2012-07-06 17:21 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006Core.job
2014-11-24 19:07 - 2012-07-05 14:19 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002Core.job
2014-11-23 20:33 - 2013-03-24 12:18 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Spotify
2014-11-23 17:35 - 2012-05-20 07:21 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Adobe
2014-11-23 17:30 - 2011-12-21 19:47 - 00002398 _____ () C:\Users\Public\Desktop\Internet Browser.lnk
2014-11-23 17:30 - 2011-12-21 19:47 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-23 06:48 - 2012-07-20 16:53 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1003Core.job

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-21 08:16

==================== End Of Log ============================
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 23rd, 2014, 10:17 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Daddy at 2014-12-23 20:58:25
Running from C:\Users\Shalom\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4223 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bucksbee Loyalty Plugin 100815.b for Chrome (HKLM-x32\...\Bucksbee Loyalty Plugin 100815.b for Chrome) (Version: - )
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ffdshow v1.1.4369 [2012-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4369.0 - )
Google Chrome (HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Chrome (HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Chrome (HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Chrome (HKU\S-1-5-21-4229975068-1931466670-3666739151-1006\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
IHA_MessageCenter (HKLM-x32\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2246 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.00.22080 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.00.21090 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.4827a - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.4827a - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{2BFDA78F-39F7-4537-9995-71424CFA88BB}) (Version: 4.1.2138 - LogMeIn, Inc.)
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0919 - Lenovo)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyTomTom 3.1.0.530 (HKLM-x32\...\MyTomTom) (Version: 3.1.0.530 - TomTom)
OneSoftPerDay 025.375 (HKLM-x32\...\ospd_us_375_is1) (Version: - ONESOFTPERDAY)
Online Plug-in (x32 Version: 13.1.201.3 - Citrix Systems, Inc.) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
Opera Stable 24.0.1558.64 (HKU\S-1-5-21-4229975068-1931466670-3666739151-1004\...\Opera 24.0.1558.64) (Version: 24.0.1558.64 - Opera Software ASA)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6230 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 2.5.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.5 - VS Revo Group, Ltd.)
Self-service Plug-in (x32 Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Spotify (HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.0.0) (Version: 2.0.0.0 - W3i, LLC)
Uninstall Helper (x32 Version: 2.0.0.0 - W3i, LLC) Hidden
Version Checker for Funmoods (HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\Funmoods) (Version: - ) <==== ATTENTION
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Vz In Home Agent (HKLM-x32\...\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}) (Version: 8.03.53 - Verizon)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Wondershare Music Converter(Build 1.3.4.0) (HKLM-x32\...\Wondershare Music Converter_is1) (Version: - Wondershare Software)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

19-11-2014 03:00:12 Windows Update
20-11-2014 03:00:11 Windows Update
21-11-2014 03:00:13 Windows Update
21-11-2014 15:35:11 Windows Update
23-11-2014 03:00:16 Windows Update
23-11-2014 17:48:56 Installed HPDiagnosticCoreDll
23-11-2014 20:50:22 Windows Update
24-11-2014 21:07:22 Windows Update
28-11-2014 10:27:25 Windows Update
18-12-2014 23:21:48 Windows Update
19-12-2014 09:07:25 Windows Update
19-12-2014 10:02:38 Windows Update
19-12-2014 13:21:42 Removed BabylonObjectInstaller

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-12-23 20:49 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {6368AB21-97F4-4BDC-AA96-602A90C7FF08} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001Core.job => C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001UA.job => C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002Core.job => C:\Users\Yael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002UA.job => C:\Users\Yael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1003Core.job => C:\Users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1003UA.job => C:\Users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006Core.job => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006UA.job => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-20 21:44 - 2005-03-11 23:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2011-12-21 19:18 - 2011-03-15 23:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4229975068-1931466670-3666739151-500 - Administrator - Disabled)
Atara (S-1-5-21-4229975068-1931466670-3666739151-1005 - Limited - Enabled) => C:\Users\Atara
Daddy (S-1-5-21-4229975068-1931466670-3666739151-1001 - Administrator - Enabled) => C:\Users\Daddy
Guest (S-1-5-21-4229975068-1931466670-3666739151-501 - Limited - Disabled)
Michal (S-1-5-21-4229975068-1931466670-3666739151-1006 - Limited - Enabled) => C:\Users\Michal
Mommy (S-1-5-21-4229975068-1931466670-3666739151-1003 - Limited - Enabled) => C:\Users\Mommy
Sara (S-1-5-21-4229975068-1931466670-3666739151-1007 - Limited - Enabled) => C:\Users\Sara
Shalom (S-1-5-21-4229975068-1931466670-3666739151-1004 - Limited - Enabled) => C:\Users\Shalom
Yael (S-1-5-21-4229975068-1931466670-3666739151-1002 - Limited - Enabled) => C:\Users\Yael

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/23/2014 08:54:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 08:47:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 08:59:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 07:38:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 07:29:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/22/2014 07:29:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/22/2014 07:28:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/21/2014 05:38:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/21/2014 01:50:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/21/2014 00:57:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/21/2014 00:47:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozwhost service failed to start due to the following error:
%%2

Error: (12/21/2014 00:47:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozhost service failed to start due to the following error:
%%2

Error: (12/21/2014 09:23:26 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/21/2014 08:31:44 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{601787c5-2c31-11e1-b772-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{B312E00D-AB5A-4D05-9E0B-EB06A35F2F57}

Error: (12/21/2014 07:49:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozwhost service failed to start due to the following error:
%%2

Error: (12/21/2014 07:49:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozhost service failed to start due to the following error:
%%2

Error: (12/20/2014 06:07:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozwhost service failed to start due to the following error:
%%2

Error: (12/20/2014 06:07:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozhost service failed to start due to the following error:
%%2

Error: (12/19/2014 02:05:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozwhost service failed to start due to the following error:
%%2

Error: (12/19/2014 02:05:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozhost service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (12/23/2014 08:54:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 08:47:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 08:59:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 07:38:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 07:29:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/22/2014 07:29:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (12/22/2014 07:28:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/21/2014 05:38:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/21/2014 01:50:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/21/2014 00:57:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-06-30 13:42:13.733
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-30 13:42:13.729
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-30 13:42:13.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 00:35:21.896
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 00:35:21.894
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 00:35:21.892
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-31 20:48:51.023
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-31 20:48:51.020
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-31 20:48:51.018
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 36%
Total physical RAM: 5992.37 MB
Available physical RAM: 3796.01 MB
Total Pagefile: 11982.92 MB
Available Pagefile: 10004.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.34 GB) (Free:608.06 GB) NTFS
Drive e: () (Removable) (Total:1.92 GB) (Free:0.26 GB) FAT
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:1397.26 GB) (Free:1330.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4079EF22)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 1397.3 GB) (Disk ID: E6A01404)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: 221E5780)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)

==================== End Of Log ============================
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 23rd, 2014, 10:18 pm

Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Shalom at 2014-12-23 21:22:43
Running from C:\Users\Shalom\Desktop
Boot Mode: Normal

================== Search Registry: "ALOT;AnyProtect;Babylon;BetterBrain;BlockAndSurf;ConvertAd;DealCabby;EasyDriver;RemoteDesktopAccess;RocketTab;Savepass;SearchProtect;snipsmart;StormWatch;Vosteran;WSE_Vosteran;Zoomify" ===========


===================== Search result for "Babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Daddy\AppData\Roaming\BabylonToolbar\Shared\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Daddy\AppData\Roaming\BabylonToolbar\CR\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Daddy\AppData\Roaming\BabylonToolbar\IE\"=""


===================== Search result for "snipsmart" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"snipsmart.BOAS.exe"="1"
====== End Of Search ======
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby Gary R » December 24th, 2014, 2:23 am

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Version Checker for Funmoods


Reboot the computer once its been uninstalled.

(If it can't be uninstalled, don't worry, just continue with the instructions below)

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (don't include Code: Select all)
Code: Select all
HKU\S-1-5-21-4229975068-1931466670-3666739151-1004\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - F:\LaunchU3.exe -a
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir="
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\Shared\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\CR\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\IE\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT" /v "snipsmart.BOAS.exe" /f
Hosts:
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Next ....

Run a new scan and search for the next account please and post me the logs.

Question .... did you used to use McAfee for your anti-virus ?

Please note ... I may be a a bit late getting back to you over the next couple of days, as I may have other commitments, however I will try to reply to your posts as promptly as I'm able to.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 24th, 2014, 10:11 pm

Thank you very much,
I tried to uninstall Version Checker for Funmoods however it was not to be found in the uninstall application
I think we might have used McAfee. I do not remember if it was on this computer or on a previous one.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
Ran by Daddy at 2014-12-24 20:50:42 Run:5
Running from C:\Users\Shalom\Desktop
Loaded Profiles: Daddy & Yael & Mommy & Shalom & Michal & Sara (Available profiles: Daddy & Yael & Mommy & Shalom & Atara & Michal & Sara)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-4229975068-1931466670-3666739151-1004\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - F:\LaunchU3.exe -a
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir="
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\Shared\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\CR\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\IE\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT" /v "snipsmart.BOAS.exe" /f
Hosts:
EmptyTemp:

*****************

"HKU\S-1-5-21-4229975068-1931466670-3666739151-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eef8173-e036-11e1-8a92-c89cdcb53833}" => Key deleted successfully.
"HKCR\CLSID\{4eef8173-e036-11e1-8a92-c89cdcb53833}" => Key not found.
"HKU\S-1-5-21-4229975068-1931466670-3666739151-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
Chrome StartupUrls deleted successfully.

========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\Shared\" /f =========

Delete the registry value C:\Users\Daddy\AppData\Roaming\BabylonToolbar\Shared" /f (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\CR\" /f =========

Delete the registry value C:\Users\Daddy\AppData\Roaming\BabylonToolbar\CR" /f (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\IE\" /f =========

Delete the registry value C:\Users\Daddy\AppData\Roaming\BabylonToolbar\IE" /f (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT" /v "snipsmart.BOAS.exe" /f =========

The operation completed successfully.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 611 KB temporary data.


The system needed a reboot.

==== End of Fixlog ====
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 24th, 2014, 10:12 pm

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Daddy (administrator) on THEMOSTAWESOME on 24-12-2014 20:54:38
Running from C:\Users\Michal\Desktop
Loaded Profiles: Daddy & Michal (Available profiles: Daddy & Yael & Mommy & Shalom & Atara & Michal & Sara)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brother Industries, Ltd.) C:\Windows\System32\BrmfRsmg.exe
(Brother Industries, Ltd.) C:\Windows\System32\BrmfRsmg.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
() C:\Windows\jmesoft\Service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Run: [Google Update] => C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-22] (Google Inc.)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1006\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1006\...\Run: [Google Update] => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-06] (Google Inc.)
Startup: C:\Users\Yael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-4229975068-1931466670-3666739151-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-4229975068-1931466670-3666739151-1001] => http=127.0.0.1:62855;https=127.0.0.1:62855
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
HKU\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LEND
HKU\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=LEND
URLSearchHook: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121225094235.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121225094235.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4229975068-1931466670-3666739151-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4229975068-1931466670-3666739151-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4229975068-1931466670-3666739151-1006: @tools.google.com/Google Update;version=3 -> C:\Users\Michal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4229975068-1931466670-3666739151-1006: @tools.google.com/Google Update;version=9 -> C:\Users\Michal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-01-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Daddy\AppData\Local\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Daddy\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Daddy\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Daddy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-14]
CHR Extension: (Google Search) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-14]
CHR Extension: (Google Wallet) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Yael\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 brmfrsmg; C:\Windows\system32\BrmfRsmg.exe [52736 2009-07-13] (Brother Industries, Ltd.)
S4 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [290832 2011-12-12] (Verizon) [File not signed]
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-11-03] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-11-03] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
S4 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-11-09] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [177680 2012-11-09] (McAfee, Inc.)
S4 0134851357934090mcinstcleanup; C:\Users\Daddy\AppData\Local\Temp\013485~1.EXE -cleanup -nolog [X]
S3 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe" Start=service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 brfilt; C:\Windows\System32\Drivers\Brfilt.sys [6144 2009-06-10] (Brother Industries Ltd.)
R3 BrUsbScn; C:\Windows\System32\Drivers\BrUsbScn.sys [14336 2009-06-10] (Brother Industries Ltd.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-11-09] (McAfee, Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-11-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-11-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-11-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-11-09] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-11-09] (McAfee, Inc.)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-24 20:55 - 2014-12-24 20:55 - 00000000 ____D () C:\Users\Michal\AppData\Local\Logitech® Webcam Software
2014-12-24 20:54 - 2014-12-24 20:55 - 00023181 _____ () C:\Users\Michal\Desktop\FRST.txt
2014-12-24 20:53 - 2014-12-24 20:53 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\AVG2015
2014-12-24 20:53 - 2014-12-24 20:53 - 00000000 ____D () C:\Users\Michal\AppData\Local\Avg2015
2014-12-24 20:53 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Michal\Desktop\FRST64.exe
2014-12-23 21:22 - 2014-12-23 21:22 - 00001118 _____ () C:\Users\Shalom\Desktop\Search.txt
2014-12-23 21:02 - 2014-12-23 21:02 - 00000000 ____D () C:\Users\Shalom\AppData\Local\Apple
2014-12-23 20:58 - 2014-12-23 20:58 - 00031095 _____ () C:\Users\Shalom\Desktop\Addition.txt
2014-12-23 20:56 - 2014-12-23 20:58 - 00045467 _____ () C:\Users\Shalom\Desktop\FRST.txt
2014-12-23 20:55 - 2014-12-22 21:20 - 00000183 _____ () C:\Users\Shalom\Desktop\search for virus.txt
2014-12-23 20:55 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Shalom\Desktop\FRST64.exe
2014-12-23 20:54 - 2014-12-23 20:54 - 00000000 ____D () C:\Users\Shalom\AppData\Roaming\AVG2015
2014-12-23 20:54 - 2014-12-23 20:54 - 00000000 ____D () C:\Users\Shalom\AppData\Local\Avg2015
2014-12-22 21:28 - 2014-12-22 21:28 - 00010856 _____ () C:\Users\Atara\Desktop\Search.txt
2014-12-22 21:13 - 2014-12-22 21:13 - 00031021 _____ () C:\Users\Atara\Desktop\Addition.txt
2014-12-22 21:12 - 2014-12-22 21:13 - 00053735 _____ () C:\Users\Atara\Desktop\FRST.txt
2014-12-22 21:11 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Atara\Desktop\FRST64.exe
2014-12-22 21:09 - 2014-12-22 21:09 - 00000000 ____D () C:\Users\Atara\AppData\Roaming\AVG2015
2014-12-22 21:09 - 2014-12-22 21:09 - 00000000 ____D () C:\Users\Atara\AppData\Local\Avg2015
2014-12-21 14:01 - 2014-12-21 14:01 - 00003361 _____ () C:\Users\Sara\Desktop\Search.txt
2014-12-21 14:01 - 2014-12-21 14:01 - 00000000 ____D () C:\Users\Sara\AppData\Local\Microsoft Games
2014-12-21 13:59 - 2014-12-21 13:59 - 00028589 _____ () C:\Users\Sara\Desktop\Addition.txt
2014-12-21 13:58 - 2014-12-21 13:59 - 00034033 _____ () C:\Users\Sara\Desktop\FRST.txt
2014-12-21 13:57 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Sara\Desktop\FRST64.exe
2014-12-21 13:54 - 2014-12-21 13:54 - 00000000 ____D () C:\Users\Sara\AppData\Local\Logitech® Webcam Software
2014-12-21 13:52 - 2014-12-21 13:52 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\AVG2015
2014-12-21 13:52 - 2014-12-21 13:52 - 00000000 ____D () C:\Users\Sara\AppData\Local\Avg2015
2014-12-21 12:49 - 2014-12-21 12:49 - 00000000 ____D () C:\Users\Daddy\Desktop\New folder
2014-12-21 09:29 - 2014-12-21 09:29 - 00027979 _____ () C:\Users\Daddy\Desktop\Search.txt
2014-12-21 09:24 - 2014-12-21 09:25 - 00034752 _____ () C:\Users\Daddy\Desktop\Addition.txt
2014-12-21 09:23 - 2014-12-21 09:25 - 00055826 _____ () C:\Users\Daddy\Desktop\FRST.txt
2014-12-21 09:21 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Daddy\Desktop\FRST64.exe
2014-12-19 09:52 - 2014-12-19 09:52 - 00015719 _____ () C:\Users\Mommy\Desktop\Search.txt
2014-12-19 09:46 - 2014-12-19 09:46 - 00046661 _____ () C:\Users\Mommy\Desktop\Addition.txt
2014-12-19 09:44 - 2014-12-24 20:54 - 00000000 ____D () C:\FRST
2014-12-19 09:44 - 2014-12-19 09:46 - 00060762 _____ () C:\Users\Mommy\Desktop\FRST.txt
2014-12-19 09:35 - 2014-12-19 13:34 - 00000000 ____D () C:\AdwCleaner
2014-12-19 09:35 - 2014-12-19 09:34 - 00000111 _____ () C:\Users\Mommy\Desktop\virus.txt
2014-12-19 09:35 - 2014-12-19 09:30 - 02166272 _____ () C:\Users\Mommy\Desktop\adwcleaner_4.105.exe
2014-12-19 09:35 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Mommy\Desktop\FRST64.exe
2014-12-19 09:18 - 2014-12-19 09:18 - 00000207 _____ () C:\windows\tweaking.com-regbackup-THEMOSTAWESOME-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-12-19 09:16 - 2014-12-19 09:16 - 00002239 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-12-19 09:16 - 2014-12-19 09:16 - 00000000 ____D () C:\RegBackup
2014-12-19 09:16 - 2014-12-19 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-19 09:16 - 2014-12-19 09:16 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-19 09:14 - 2014-12-19 09:14 - 04215584 _____ () C:\Users\Mommy\Desktop\tweaking.com_registry_backup_setup.exe
2014-12-19 09:13 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-19 09:13 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-18 23:30 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-18 23:29 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-18 23:29 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-18 23:29 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-18 23:29 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-18 23:29 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-18 23:29 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-18 23:29 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-18 23:29 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-18 23:29 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-18 23:29 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-18 23:29 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-18 23:29 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-18 23:29 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-18 23:29 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 23:29 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-18 23:29 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-18 23:29 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-18 23:29 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-18 23:29 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-18 23:29 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-18 23:29 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-18 23:29 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-18 23:29 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-18 23:29 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-18 23:29 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-18 23:29 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-18 23:29 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-18 23:29 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-18 23:29 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-18 23:29 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-18 23:29 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-18 23:29 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-18 23:29 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-18 23:29 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-18 23:29 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-18 23:29 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-18 23:29 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-18 23:29 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-18 23:29 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-18 23:29 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-18 23:29 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-18 23:29 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-18 23:29 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-18 23:29 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-18 23:29 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-18 23:29 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-18 23:29 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-18 23:29 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-18 23:29 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-18 23:29 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-18 23:29 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-18 23:29 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-18 23:29 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-18 23:29 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-18 23:29 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-18 23:29 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-18 23:29 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-18 23:29 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-18 23:28 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-18 23:28 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-18 23:21 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-18 23:21 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-18 23:21 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-18 23:21 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-18 23:21 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-18 23:21 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-18 23:21 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-18 23:21 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-18 23:21 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-18 23:21 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-18 23:20 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-18 23:20 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-18 23:14 - 2014-12-18 23:14 - 00026445 _____ () C:\Users\Daddy\Desktop\dds.txt
2014-12-18 23:14 - 2014-12-18 23:14 - 00009128 _____ () C:\Users\Daddy\Desktop\attach.txt
2014-12-18 23:07 - 2014-12-18 23:07 - 00688992 ____R (Swearware) C:\Users\Mommy\Downloads\dds.scr
2014-12-18 23:07 - 2014-12-18 23:07 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\HpUpdate
2014-11-24 20:41 - 2014-11-24 20:42 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Avg2015
2014-11-24 20:41 - 2014-11-24 20:41 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\AVG2015
2014-11-24 20:39 - 2014-11-24 20:39 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-11-24 20:39 - 2014-11-24 20:39 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\AVG2015
2014-11-24 20:39 - 2014-11-24 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-24 20:38 - 2014-12-19 09:04 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-24 20:38 - 2014-11-24 20:38 - 00000000 ___HD () C:\$AVG
2014-11-24 20:38 - 2014-11-24 20:38 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-11-24 20:36 - 2014-12-24 20:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-24 20:36 - 2014-11-24 20:39 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Avg2015
2014-11-24 20:36 - 2014-11-24 20:36 - 04637504 _____ (AVG Technologies) C:\Users\Mommy\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2014-11-24 20:36 - 2014-11-24 20:36 - 00000000 ____D () C:\Users\Daddy\AppData\Local\MFAData
2014-11-24 17:26 - 2014-11-24 17:26 - 01944256 _____ () C:\windows\shost.bin
2014-11-24 07:33 - 2014-12-19 13:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-24 20:55 - 2011-12-21 19:15 - 01148881 _____ () C:\windows\WindowsUpdate.log
2014-12-24 20:53 - 2012-07-11 18:57 - 00000008 __RSH () C:\Users\Michal\ntuser.pol
2014-12-24 20:53 - 2012-05-31 11:08 - 00091584 _____ () C:\Users\Michal\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-24 20:53 - 2012-05-13 13:03 - 00000000 ____D () C:\Users\Michal
2014-12-24 20:52 - 2014-01-23 04:28 - 00000923 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-12-24 20:52 - 2014-01-23 04:28 - 00000907 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-12-24 20:51 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-24 20:51 - 2009-07-13 23:51 - 00075365 _____ () C:\windows\setupact.log
2014-12-24 20:47 - 2009-07-13 23:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-24 20:47 - 2009-07-13 23:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-24 20:40 - 2012-05-01 21:49 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-12-23 20:54 - 2012-08-10 07:53 - 00000008 __RSH () C:\Users\Shalom\ntuser.pol
2014-12-23 20:54 - 2012-06-09 21:24 - 00091584 _____ () C:\Users\Shalom\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-23 20:54 - 2012-06-09 21:17 - 00000000 ____D () C:\Users\Shalom
2014-12-22 21:09 - 2014-05-27 14:12 - 00091584 _____ () C:\Users\Atara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-22 21:09 - 2012-07-22 09:21 - 00000008 __RSH () C:\Users\Atara\ntuser.pol
2014-12-22 21:09 - 2012-05-03 09:01 - 00000000 ____D () C:\Users\Atara
2014-12-22 19:29 - 2009-07-14 00:13 - 00006206 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-21 13:52 - 2012-12-15 17:56 - 00091584 _____ () C:\Users\Sara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-21 13:51 - 2012-08-25 19:40 - 00000008 __RSH () C:\Users\Sara\ntuser.pol
2014-12-21 13:51 - 2012-08-25 19:40 - 00000000 ____D () C:\Users\Sara
2014-12-21 13:48 - 2012-07-20 16:53 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1003UA.job
2014-12-21 13:41 - 2012-07-06 17:21 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006UA.job
2014-12-21 13:17 - 2012-08-19 20:06 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-21 13:15 - 2012-07-22 14:14 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001UA.job
2014-12-21 13:15 - 2012-07-22 14:14 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001Core.job
2014-12-21 13:07 - 2012-07-05 14:19 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002UA.job
2014-12-21 12:51 - 2012-08-20 21:43 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Bucksbee Loyalty Plugin 100815.b for Chrome
2014-12-21 12:48 - 2012-07-14 20:40 - 00000008 __RSH () C:\Users\Daddy\ntuser.pol
2014-12-21 12:48 - 2012-04-29 18:44 - 00000000 ____D () C:\Users\Daddy
2014-12-21 09:23 - 2012-07-11 18:57 - 00000008 __RSH () C:\Users\Mommy\ntuser.pol
2014-12-21 09:23 - 2012-04-30 09:58 - 00000000 ____D () C:\Users\Mommy
2014-12-21 09:21 - 2009-07-13 22:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-12-21 08:23 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-12-19 14:21 - 2014-10-07 11:58 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-19 14:21 - 2014-10-07 11:58 - 00000000 ____D () C:\ProgramData\Skype
2014-12-19 14:21 - 2014-10-07 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-19 13:37 - 2013-03-24 12:18 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Spotify
2014-12-19 13:35 - 2010-11-20 22:47 - 00840900 _____ () C:\windows\PFRO.log
2014-12-19 13:25 - 2012-06-09 21:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-12-19 13:19 - 2012-09-15 19:11 - 00020786 _____ () C:\INSTALLHELPER.LOG
2014-12-19 10:04 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-19 09:22 - 2013-06-20 07:02 - 00002374 _____ () C:\Users\Mommy\Desktop\Google Chrome.lnk
2014-12-19 09:18 - 2012-04-29 21:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-19 09:06 - 2009-07-13 21:34 - 00000537 _____ () C:\windows\win.ini
2014-12-18 23:47 - 2013-08-14 02:02 - 00000000 ____D () C:\windows\system32\MRT
2014-12-18 23:30 - 2012-06-01 09:10 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-24 20:42 - 2014-07-17 22:05 - 00000177 _____ () C:\Users\Mommy\Desktop\avgrep.txt
2014-11-24 19:41 - 2012-07-06 17:21 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006Core.job
2014-11-24 19:07 - 2012-07-05 14:19 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002Core.job

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-21 08:16

==================== End Of Log ============================
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 24th, 2014, 10:13 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Daddy at 2014-12-24 20:56:25
Running from C:\Users\Michal\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4223 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bucksbee Loyalty Plugin 100815.b for Chrome (HKLM-x32\...\Bucksbee Loyalty Plugin 100815.b for Chrome) (Version: - )
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ffdshow v1.1.4369 [2012-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4369.0 - )
Google Chrome (HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Chrome (HKU\S-1-5-21-4229975068-1931466670-3666739151-1006\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
IHA_MessageCenter (HKLM-x32\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2246 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.00.22080 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.00.21090 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.4827a - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.4827a - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{2BFDA78F-39F7-4537-9995-71424CFA88BB}) (Version: 4.1.2138 - LogMeIn, Inc.)
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0919 - Lenovo)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyTomTom 3.1.0.530 (HKLM-x32\...\MyTomTom) (Version: 3.1.0.530 - TomTom)
OneSoftPerDay 025.375 (HKLM-x32\...\ospd_us_375_is1) (Version: - ONESOFTPERDAY)
Online Plug-in (x32 Version: 13.1.201.3 - Citrix Systems, Inc.) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6230 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 2.5.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.5 - VS Revo Group, Ltd.)
Self-service Plug-in (x32 Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.0.0) (Version: 2.0.0.0 - W3i, LLC)
Uninstall Helper (x32 Version: 2.0.0.0 - W3i, LLC) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Vz In Home Agent (HKLM-x32\...\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}) (Version: 8.03.53 - Verizon)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Wondershare Music Converter(Build 1.3.4.0) (HKLM-x32\...\Wondershare Music Converter_is1) (Version: - Wondershare Software)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Michal\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Michal\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

19-11-2014 03:00:12 Windows Update
20-11-2014 03:00:11 Windows Update
21-11-2014 03:00:13 Windows Update
21-11-2014 15:35:11 Windows Update
23-11-2014 03:00:16 Windows Update
23-11-2014 17:48:56 Installed HPDiagnosticCoreDll
23-11-2014 20:50:22 Windows Update
24-11-2014 21:07:22 Windows Update
28-11-2014 10:27:25 Windows Update
18-12-2014 23:21:48 Windows Update
19-12-2014 09:07:25 Windows Update
19-12-2014 10:02:38 Windows Update
19-12-2014 13:21:42 Removed BabylonObjectInstaller

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-12-24 20:50 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {6368AB21-97F4-4BDC-AA96-602A90C7FF08} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001Core.job => C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001UA.job => C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002Core.job => C:\Users\Yael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002UA.job => C:\Users\Yael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1003Core.job => C:\Users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1003UA.job => C:\Users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006Core.job => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006UA.job => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-20 21:44 - 2005-03-11 23:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2011-12-21 19:18 - 2011-03-15 23:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4229975068-1931466670-3666739151-500 - Administrator - Disabled)
Atara (S-1-5-21-4229975068-1931466670-3666739151-1005 - Limited - Enabled) => C:\Users\Atara
Daddy (S-1-5-21-4229975068-1931466670-3666739151-1001 - Administrator - Enabled) => C:\Users\Daddy
Guest (S-1-5-21-4229975068-1931466670-3666739151-501 - Limited - Disabled)
Michal (S-1-5-21-4229975068-1931466670-3666739151-1006 - Limited - Enabled) => C:\Users\Michal
Mommy (S-1-5-21-4229975068-1931466670-3666739151-1003 - Limited - Enabled) => C:\Users\Mommy
Sara (S-1-5-21-4229975068-1931466670-3666739151-1007 - Limited - Enabled) => C:\Users\Sara
Shalom (S-1-5-21-4229975068-1931466670-3666739151-1004 - Limited - Enabled) => C:\Users\Shalom
Yael (S-1-5-21-4229975068-1931466670-3666739151-1002 - Limited - Enabled) => C:\Users\Yael

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/24/2014 08:53:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 08:41:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 09:21:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 08:54:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 08:47:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 08:59:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 07:38:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 07:29:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/22/2014 07:29:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/22/2014 07:28:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/21/2014 00:47:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozwhost service failed to start due to the following error:
%%2

Error: (12/21/2014 00:47:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozhost service failed to start due to the following error:
%%2

Error: (12/21/2014 09:23:26 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/21/2014 08:31:44 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{601787c5-2c31-11e1-b772-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{B312E00D-AB5A-4D05-9E0B-EB06A35F2F57}

Error: (12/21/2014 07:49:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozwhost service failed to start due to the following error:
%%2

Error: (12/21/2014 07:49:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozhost service failed to start due to the following error:
%%2

Error: (12/20/2014 06:07:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozwhost service failed to start due to the following error:
%%2

Error: (12/20/2014 06:07:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozhost service failed to start due to the following error:
%%2

Error: (12/19/2014 02:05:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozwhost service failed to start due to the following error:
%%2

Error: (12/19/2014 02:05:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozhost service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (12/24/2014 08:53:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 08:41:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 09:21:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 08:54:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 08:47:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 08:59:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 07:38:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 07:29:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/22/2014 07:29:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (12/22/2014 07:28:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-06-30 13:42:13.733
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-30 13:42:13.729
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-30 13:42:13.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 00:35:21.896
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 00:35:21.894
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 00:35:21.892
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-31 20:48:51.023
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-31 20:48:51.020
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-31 20:48:51.018
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 37%
Total physical RAM: 5992.37 MB
Available physical RAM: 3748.3 MB
Total Pagefile: 11982.92 MB
Available Pagefile: 9914.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.34 GB) (Free:608.04 GB) NTFS
Drive e: () (Removable) (Total:1.92 GB) (Free:0.26 GB) FAT
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:1397.26 GB) (Free:1330.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4079EF22)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 1397.3 GB) (Disk ID: E6A01404)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: 221E5780)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)

==================== End Of Log ============================
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 24th, 2014, 10:14 pm

Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Daddy at 2014-12-24 21:02:10
Running from C:\Users\Michal\Desktop
Boot Mode: Normal

================== Search Registry: "ALOT;AnyProtect;Babylon;BetterBrain;BlockAndSurf;ConvertAd;DealCabby;EasyDriver;RemoteDesktopAccess;RocketTab;Savepass;SearchProtect;snipsmart;StormWatch;Vosteran;WSE_Vosteran;Zoomify" ===========


===================== Search result for "ALOT" ==========

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION]
"ALOTWidgets.exe"="0"


===================== Search result for "Babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Daddy\AppData\Roaming\BabylonToolbar\Shared\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Daddy\AppData\Roaming\BabylonToolbar\CR\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Daddy\AppData\Roaming\BabylonToolbar\IE\"=""


===================== Search result for "Savepass" ==========

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A804CA56-C99-44DD-8FF2-EC862D599F69}]
"AppPath"="C:\Program Files (x86)\Savepass 3.0"


===================== Search result for "Vosteran" ==========

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
"Progid"="VosteranHTML.XAQEHVRZTKJGE27YQRA7GQFX4I"

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
"Progid"="VosteranHTML.XAQEHVRZTKJGE27YQRA7GQFX4I"

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
"Progid"="VosteranHTML.XAQEHVRZTKJGE27YQRA7GQFX4I"

====== End Of Search ======
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby Gary R » December 25th, 2014, 2:08 am

Since you're no longer using McAfee, we need to remove the remnants of it that are still present on your computer, or they may interfere with AVG, which you are currently using for your Anti-Virus.

Please download and run ... MCPR.exe ... which is a tool created by McAfee to completely remove their products.

For a list of which products it removes see ... http://mcafee-removal-tool.com/

Reboot your computer once it has completed.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (don't include Code: Select all)
Code: Select all
URLSearchHook: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121225094235.dll No File
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121225094235.dll No File
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-01-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir="
S4 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
S4 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-11-09] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [177680 2012-11-09] (McAfee, Inc.)
S4 0134851357934090mcinstcleanup; C:\Users\Daddy\AppData\Local\Temp\013485~1.EXE -cleanup -nolog [X]
C:\windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee
C:\Users\Daddy\AppData\Local\Temp\013485~1.EXE
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-11-09] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-11-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-11-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-11-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-11-09] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-11-09] (McAfee, Inc.)
C:\Windows\System32\drivers\cfwids.sys
C:\Windows\System32\drivers\mfeapfk.sys
C:\Windows\System32\drivers\mfeavfk.sys
C:\Windows\System32\drivers\mfefirek.sys
C:\Windows\System32\drivers\mfehidk.sys
C:\Windows\System32\drivers\mfewfpk.sys
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION" /v "ALOTWidgets.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\Shared\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" / v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\CR\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\IE\" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A804CA56-C99-44DD-8FF2-EC862D599F69}" /v "AppPath" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice" /v "Progid" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice" /v "Progid" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice" /v "Progid" /f
Hosts:
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Next ...

Please run a FRST scan and search on the next account, and post me the logs.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 25th, 2014, 10:12 pm

Thank you
I ran MCPR.exe and this next account is the last
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
Ran by Daddy at 2014-12-25 20:51:02 Run:6
Running from C:\Users\Michal\Desktop
Loaded Profiles: Daddy & Michal (Available profiles: Daddy & Yael & Mommy & Shalom & Atara & Michal & Sara)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
URLSearchHook: HKU\S-1-5-21-4229975068-1931466670-3666739151-1006 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121225094235.dll No File
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121225094235.dll No File
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-01-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir="
S4 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
S4 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-11-09] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [177680 2012-11-09] (McAfee, Inc.)
S4 0134851357934090mcinstcleanup; C:\Users\Daddy\AppData\Local\Temp\013485~1.EXE -cleanup -nolog [X]
C:\windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee
C:\Users\Daddy\AppData\Local\Temp\013485~1.EXE
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-11-09] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-11-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-11-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-11-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-11-09] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-11-09] (McAfee, Inc.)
C:\Windows\System32\drivers\cfwids.sys
C:\Windows\System32\drivers\mfeapfk.sys
C:\Windows\System32\drivers\mfeavfk.sys
C:\Windows\System32\drivers\mfefirek.sys
C:\Windows\System32\drivers\mfehidk.sys
C:\Windows\System32\drivers\mfewfpk.sys
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION" /v "ALOTWidgets.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\Shared\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" / v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\CR\" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\IE\" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A804CA56-C99-44DD-8FF2-EC862D599F69}" /v "AppPath" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice" /v "Progid" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice" /v "Progid" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice" /v "Progid" /f
Hosts:
EmptyTemp:

*****************

HKU\S-1-5-21-4229975068-1931466670-3666739151-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => Key not found.
"HKCR\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => Key not found.
"HKCR\Wow6432Node\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MVT" => Key deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60} => value deleted successfully.
C:\Program Files (x86)\Common Files\McAfee\SystemCore not found.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => Value not found.
Chrome StartupUrls deleted successfully.
HomeNetSvc => Service not found.
McProxy => Service not found.
mfefire => Service not found.
mfevtp => Service not found.
0134851357934090mcinstcleanup => Service deleted successfully.
"C:\windows\system32\mfevtps.exe" => File/Directory not found.
"C:\Program Files\Common Files\McAfee" => File/Directory not found.
"C:\Users\Daddy\AppData\Local\Temp\013485~1.EXE" => File/Directory not found.
cfwids => Service not found.
mfeapfk => Service not found.
mfeavfk => Service not found.
mfefirek => Service not found.
mfehidk => Service not found.
mfewfpk => Service not found.
"C:\Windows\System32\drivers\cfwids.sys" => File/Directory not found.
"C:\Windows\System32\drivers\mfeapfk.sys" => File/Directory not found.
"C:\Windows\System32\drivers\mfeavfk.sys" => File/Directory not found.
"C:\Windows\System32\drivers\mfefirek.sys" => File/Directory not found.
"C:\Windows\System32\drivers\mfehidk.sys" => File/Directory not found.
"C:\Windows\System32\drivers\mfewfpk.sys" => File/Directory not found.

========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION" /v "ALOTWidgets.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\Shared\" /f =========

Delete the registry value C:\Users\Daddy\AppData\Roaming\BabylonToolbar\Shared" /f (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" / v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\CR\" /f =========

ERROR: Invalid syntax.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders" /v "C:\Users\Daddy\AppData\Roaming\BabylonToolbar\IE\" /f =========

Delete the registry value C:\Users\Daddy\AppData\Roaming\BabylonToolbar\IE" /f (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A804CA56-C99-44DD-8FF2-EC862D599F69}" /v "AppPath" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice" /v "Progid" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice" /v "Progid" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice" /v "Progid" /f =========

ERROR: Access is denied.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 18.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 25th, 2014, 10:12 pm

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Daddy (administrator) on THEMOSTAWESOME on 25-12-2014 20:55:41
Running from C:\Users\Yael\Desktop
Loaded Profiles: Daddy & Yael (Available profiles: Daddy & Yael & Mommy & Shalom & Atara & Michal & Sara)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brother Industries, Ltd.) C:\Windows\System32\BrmfRsmg.exe
(Brother Industries, Ltd.) C:\Windows\System32\BrmfRsmg.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
() C:\Windows\jmesoft\Service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Users\Yael\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Yael\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Spotify Ltd) C:\Users\Yael\AppData\Roaming\Spotify\spotify.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Yael\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Yael\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Yael\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
() C:\Users\Yael\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Users\Yael\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Users\Yael\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Run: [Google Update] => C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-22] (Google Inc.)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\Run: [Google Update] => C:\Users\Yael\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-05] (Google Inc.)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\Run: [Spotify Web Helper] => C:\Users\Yael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-12-25] (Spotify Ltd)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\Run: [Spotify] => C:\Users\Yael\AppData\Roaming\Spotify\spotify.exe [6170168 2014-12-25] (Spotify Ltd)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - F:\LaunchU3.exe -a
Startup: C:\Users\Yael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-4229975068-1931466670-3666739151-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-4229975068-1931466670-3666739151-1001] => http=127.0.0.1:62855;https=127.0.0.1:62855
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.com/ig/redirectdomain ... &bmod=LEND
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> Backup.Old.DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> {72DE6055-3568-696D-18F3-25733E4372F6} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4229975068-1931466670-3666739151-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4229975068-1931466670-3666739151-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Daddy\AppData\Local\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Daddy\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Daddy\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Daddy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-14]
CHR Extension: (Google Search) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-14]
CHR Extension: (Google Wallet) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Yael\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 brmfrsmg; C:\Windows\system32\BrmfRsmg.exe [52736 2009-07-13] (Brother Industries, Ltd.)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [290832 2011-12-12] (Verizon) [File not signed]
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-11-03] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-11-03] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
S3 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe" Start=service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 brfilt; C:\Windows\System32\Drivers\Brfilt.sys [6144 2009-06-10] (Brother Industries Ltd.)
R3 BrUsbScn; C:\Windows\System32\Drivers\BrUsbScn.sys [14336 2009-06-10] (Brother Industries Ltd.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-25 20:55 - 2014-12-25 20:56 - 00021884 _____ () C:\Users\Yael\Desktop\FRST.txt
2014-12-25 20:55 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Yael\Desktop\FRST64.exe
2014-12-25 20:54 - 2014-12-25 20:54 - 00000000 ____D () C:\Users\Yael\AppData\Roaming\AVG2015
2014-12-25 20:54 - 2014-12-25 20:54 - 00000000 ____D () C:\Users\Yael\AppData\Local\Avg2015
2014-12-24 21:02 - 2014-12-24 21:02 - 00002075 _____ () C:\Users\Michal\Desktop\Search.txt
2014-12-24 20:56 - 2014-12-24 20:56 - 00030769 _____ () C:\Users\Michal\Desktop\Addition.txt
2014-12-24 20:55 - 2014-12-24 20:55 - 00000000 ____D () C:\Users\Michal\AppData\Local\Logitech® Webcam Software
2014-12-24 20:54 - 2014-12-24 20:56 - 00044091 _____ () C:\Users\Michal\Desktop\FRST.txt
2014-12-24 20:53 - 2014-12-24 20:53 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\AVG2015
2014-12-24 20:53 - 2014-12-24 20:53 - 00000000 ____D () C:\Users\Michal\AppData\Local\Avg2015
2014-12-24 20:53 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Michal\Desktop\FRST64.exe
2014-12-23 21:22 - 2014-12-23 21:22 - 00001118 _____ () C:\Users\Shalom\Desktop\Search.txt
2014-12-23 21:02 - 2014-12-23 21:02 - 00000000 ____D () C:\Users\Shalom\AppData\Local\Apple
2014-12-23 20:58 - 2014-12-23 20:58 - 00031095 _____ () C:\Users\Shalom\Desktop\Addition.txt
2014-12-23 20:56 - 2014-12-23 20:58 - 00045467 _____ () C:\Users\Shalom\Desktop\FRST.txt
2014-12-23 20:55 - 2014-12-22 21:20 - 00000183 _____ () C:\Users\Shalom\Desktop\search for virus.txt
2014-12-23 20:55 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Shalom\Desktop\FRST64.exe
2014-12-23 20:54 - 2014-12-23 20:54 - 00000000 ____D () C:\Users\Shalom\AppData\Roaming\AVG2015
2014-12-23 20:54 - 2014-12-23 20:54 - 00000000 ____D () C:\Users\Shalom\AppData\Local\Avg2015
2014-12-22 21:28 - 2014-12-22 21:28 - 00010856 _____ () C:\Users\Atara\Desktop\Search.txt
2014-12-22 21:13 - 2014-12-22 21:13 - 00031021 _____ () C:\Users\Atara\Desktop\Addition.txt
2014-12-22 21:12 - 2014-12-22 21:13 - 00053735 _____ () C:\Users\Atara\Desktop\FRST.txt
2014-12-22 21:11 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Atara\Desktop\FRST64.exe
2014-12-22 21:09 - 2014-12-22 21:09 - 00000000 ____D () C:\Users\Atara\AppData\Roaming\AVG2015
2014-12-22 21:09 - 2014-12-22 21:09 - 00000000 ____D () C:\Users\Atara\AppData\Local\Avg2015
2014-12-21 14:01 - 2014-12-21 14:01 - 00003361 _____ () C:\Users\Sara\Desktop\Search.txt
2014-12-21 14:01 - 2014-12-21 14:01 - 00000000 ____D () C:\Users\Sara\AppData\Local\Microsoft Games
2014-12-21 13:59 - 2014-12-21 13:59 - 00028589 _____ () C:\Users\Sara\Desktop\Addition.txt
2014-12-21 13:58 - 2014-12-21 13:59 - 00034033 _____ () C:\Users\Sara\Desktop\FRST.txt
2014-12-21 13:57 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Sara\Desktop\FRST64.exe
2014-12-21 13:54 - 2014-12-21 13:54 - 00000000 ____D () C:\Users\Sara\AppData\Local\Logitech® Webcam Software
2014-12-21 13:52 - 2014-12-21 13:52 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\AVG2015
2014-12-21 13:52 - 2014-12-21 13:52 - 00000000 ____D () C:\Users\Sara\AppData\Local\Avg2015
2014-12-21 12:49 - 2014-12-21 12:49 - 00000000 ____D () C:\Users\Daddy\Desktop\New folder
2014-12-21 09:29 - 2014-12-21 09:29 - 00027979 _____ () C:\Users\Daddy\Desktop\Search.txt
2014-12-21 09:24 - 2014-12-21 09:25 - 00034752 _____ () C:\Users\Daddy\Desktop\Addition.txt
2014-12-21 09:23 - 2014-12-21 09:25 - 00055826 _____ () C:\Users\Daddy\Desktop\FRST.txt
2014-12-21 09:21 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Daddy\Desktop\FRST64.exe
2014-12-19 09:52 - 2014-12-19 09:52 - 00015719 _____ () C:\Users\Mommy\Desktop\Search.txt
2014-12-19 09:46 - 2014-12-19 09:46 - 00046661 _____ () C:\Users\Mommy\Desktop\Addition.txt
2014-12-19 09:44 - 2014-12-25 20:55 - 00000000 ____D () C:\FRST
2014-12-19 09:44 - 2014-12-19 09:46 - 00060762 _____ () C:\Users\Mommy\Desktop\FRST.txt
2014-12-19 09:35 - 2014-12-19 13:34 - 00000000 ____D () C:\AdwCleaner
2014-12-19 09:35 - 2014-12-19 09:34 - 00000111 _____ () C:\Users\Mommy\Desktop\virus.txt
2014-12-19 09:35 - 2014-12-19 09:30 - 02166272 _____ () C:\Users\Mommy\Desktop\adwcleaner_4.105.exe
2014-12-19 09:35 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Mommy\Desktop\FRST64.exe
2014-12-19 09:18 - 2014-12-19 09:18 - 00000207 _____ () C:\windows\tweaking.com-regbackup-THEMOSTAWESOME-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-12-19 09:16 - 2014-12-19 09:16 - 00002239 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-12-19 09:16 - 2014-12-19 09:16 - 00000000 ____D () C:\RegBackup
2014-12-19 09:16 - 2014-12-19 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-19 09:16 - 2014-12-19 09:16 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-19 09:14 - 2014-12-19 09:14 - 04215584 _____ () C:\Users\Mommy\Desktop\tweaking.com_registry_backup_setup.exe
2014-12-19 09:13 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-19 09:13 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-18 23:30 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-18 23:29 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-18 23:29 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-18 23:29 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-18 23:29 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-18 23:29 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-18 23:29 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-18 23:29 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-18 23:29 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-18 23:29 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-18 23:29 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-18 23:29 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-18 23:29 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-18 23:29 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-18 23:29 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 23:29 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-18 23:29 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-18 23:29 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-18 23:29 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-18 23:29 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-18 23:29 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-18 23:29 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-18 23:29 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-18 23:29 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-18 23:29 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-18 23:29 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-18 23:29 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-18 23:29 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-18 23:29 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-18 23:29 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-18 23:29 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-18 23:29 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-18 23:29 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-18 23:29 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-18 23:29 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-18 23:29 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-18 23:29 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-18 23:29 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-18 23:29 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-18 23:29 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-18 23:29 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-18 23:29 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-18 23:29 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-18 23:29 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-18 23:29 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-18 23:29 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-18 23:29 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-18 23:29 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-18 23:29 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-18 23:29 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-18 23:29 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-18 23:29 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-18 23:29 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-18 23:29 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-18 23:29 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-18 23:29 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-18 23:29 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-18 23:29 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-18 23:29 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-18 23:28 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-18 23:28 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-18 23:21 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-18 23:21 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-18 23:21 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-18 23:21 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-18 23:21 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-18 23:21 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-18 23:21 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-18 23:21 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-18 23:21 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-18 23:21 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-18 23:20 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-18 23:20 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-18 23:14 - 2014-12-18 23:14 - 00026445 _____ () C:\Users\Daddy\Desktop\dds.txt
2014-12-18 23:14 - 2014-12-18 23:14 - 00009128 _____ () C:\Users\Daddy\Desktop\attach.txt
2014-12-18 23:07 - 2014-12-18 23:07 - 00688992 ____R (Swearware) C:\Users\Mommy\Downloads\dds.scr
2014-12-18 23:07 - 2014-12-18 23:07 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\HpUpdate

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-25 20:54 - 2014-01-23 04:28 - 00000923 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-12-25 20:54 - 2014-01-23 04:28 - 00000907 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-12-25 20:54 - 2013-07-03 16:22 - 00000000 ____D () C:\Users\Yael\AppData\Roaming\Spotify
2014-12-25 20:54 - 2012-07-11 18:57 - 00000278 __RSH () C:\Users\Yael\ntuser.pol
2014-12-25 20:54 - 2012-05-07 01:56 - 00091584 _____ () C:\Users\Yael\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-25 20:54 - 2012-04-29 22:59 - 00000000 ____D () C:\Users\Yael
2014-12-25 20:54 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-25 20:54 - 2009-07-13 23:51 - 00075589 _____ () C:\windows\setupact.log
2014-12-25 20:53 - 2011-12-21 19:15 - 01168213 _____ () C:\windows\WindowsUpdate.log
2014-12-25 20:53 - 2009-07-13 23:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-25 20:53 - 2009-07-13 23:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-25 19:39 - 2010-11-20 22:47 - 00841690 _____ () C:\windows\PFRO.log
2014-12-25 19:37 - 2014-11-24 20:36 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-25 19:32 - 2012-05-01 21:49 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-12-24 20:53 - 2012-07-11 18:57 - 00000008 __RSH () C:\Users\Michal\ntuser.pol
2014-12-24 20:53 - 2012-05-31 11:08 - 00091584 _____ () C:\Users\Michal\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-24 20:53 - 2012-05-13 13:03 - 00000000 ____D () C:\Users\Michal
2014-12-23 20:54 - 2012-08-10 07:53 - 00000008 __RSH () C:\Users\Shalom\ntuser.pol
2014-12-23 20:54 - 2012-06-09 21:24 - 00091584 _____ () C:\Users\Shalom\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-23 20:54 - 2012-06-09 21:17 - 00000000 ____D () C:\Users\Shalom
2014-12-22 21:09 - 2014-05-27 14:12 - 00091584 _____ () C:\Users\Atara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-22 21:09 - 2012-07-22 09:21 - 00000008 __RSH () C:\Users\Atara\ntuser.pol
2014-12-22 21:09 - 2012-05-03 09:01 - 00000000 ____D () C:\Users\Atara
2014-12-22 19:29 - 2009-07-14 00:13 - 00006206 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-21 13:52 - 2012-12-15 17:56 - 00091584 _____ () C:\Users\Sara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-21 13:51 - 2012-08-25 19:40 - 00000008 __RSH () C:\Users\Sara\ntuser.pol
2014-12-21 13:51 - 2012-08-25 19:40 - 00000000 ____D () C:\Users\Sara
2014-12-21 13:48 - 2012-07-20 16:53 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1003UA.job
2014-12-21 13:41 - 2012-07-06 17:21 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006UA.job
2014-12-21 13:17 - 2012-08-19 20:06 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-21 13:15 - 2012-07-22 14:14 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001UA.job
2014-12-21 13:15 - 2012-07-22 14:14 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001Core.job
2014-12-21 13:07 - 2012-07-05 14:19 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002UA.job
2014-12-21 12:51 - 2012-08-20 21:43 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Bucksbee Loyalty Plugin 100815.b for Chrome
2014-12-21 12:48 - 2012-07-14 20:40 - 00000008 __RSH () C:\Users\Daddy\ntuser.pol
2014-12-21 12:48 - 2012-04-29 18:44 - 00000000 ____D () C:\Users\Daddy
2014-12-21 09:23 - 2012-07-11 18:57 - 00000008 __RSH () C:\Users\Mommy\ntuser.pol
2014-12-21 09:23 - 2012-04-30 09:58 - 00000000 ____D () C:\Users\Mommy
2014-12-21 09:21 - 2009-07-13 22:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-12-21 08:23 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-12-19 14:21 - 2014-10-07 11:58 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-19 14:21 - 2014-10-07 11:58 - 00000000 ____D () C:\ProgramData\Skype
2014-12-19 14:21 - 2014-10-07 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-19 13:37 - 2013-03-24 12:18 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Spotify
2014-12-19 13:25 - 2012-06-09 21:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-12-19 13:19 - 2012-09-15 19:11 - 00020786 _____ () C:\INSTALLHELPER.LOG
2014-12-19 13:16 - 2014-11-24 07:33 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-19 10:04 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-19 09:22 - 2013-06-20 07:02 - 00002374 _____ () C:\Users\Mommy\Desktop\Google Chrome.lnk
2014-12-19 09:18 - 2012-04-29 21:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-19 09:06 - 2009-07-13 21:34 - 00000537 _____ () C:\windows\win.ini
2014-12-19 09:04 - 2014-11-24 20:38 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-18 23:47 - 2013-08-14 02:02 - 00000000 ____D () C:\windows\system32\MRT
2014-12-18 23:30 - 2012-06-01 09:10 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-21 08:16

==================== End Of Log ============================
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 25th, 2014, 10:14 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Daddy at 2014-12-25 20:56:58
Running from C:\Users\Yael\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4223 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bucksbee Loyalty Plugin 100815.b for Chrome (HKLM-x32\...\Bucksbee Loyalty Plugin 100815.b for Chrome) (Version: - )
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ffdshow v1.1.4369 [2012-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4369.0 - )
Google Chrome (HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Chrome (HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
IHA_MessageCenter (HKLM-x32\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2246 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.00.22080 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.00.21090 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.4827a - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.4827a - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{2BFDA78F-39F7-4537-9995-71424CFA88BB}) (Version: 4.1.2138 - LogMeIn, Inc.)
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0919 - Lenovo)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyTomTom 3.1.0.530 (HKLM-x32\...\MyTomTom) (Version: 3.1.0.530 - TomTom)
OneSoftPerDay 025.375 (HKLM-x32\...\ospd_us_375_is1) (Version: - ONESOFTPERDAY)
Online Plug-in (x32 Version: 13.1.201.3 - Citrix Systems, Inc.) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6230 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 2.5.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.5 - VS Revo Group, Ltd.)
Self-service Plug-in (x32 Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.0.0) (Version: 2.0.0.0 - W3i, LLC)
Uninstall Helper (x32 Version: 2.0.0.0 - W3i, LLC) Hidden
Version Checker for Funmoods (HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\Funmoods) (Version: - ) <==== ATTENTION
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Vz In Home Agent (HKLM-x32\...\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}) (Version: 8.03.53 - Verizon)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Wondershare Music Converter(Build 1.3.4.0) (HKLM-x32\...\Wondershare Music Converter_is1) (Version: - Wondershare Software)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Yael\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Yael\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Yael\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

19-11-2014 03:00:12 Windows Update
20-11-2014 03:00:11 Windows Update
21-11-2014 03:00:13 Windows Update
21-11-2014 15:35:11 Windows Update
23-11-2014 03:00:16 Windows Update
23-11-2014 17:48:56 Installed HPDiagnosticCoreDll
23-11-2014 20:50:22 Windows Update
24-11-2014 21:07:22 Windows Update
28-11-2014 10:27:25 Windows Update
18-12-2014 23:21:48 Windows Update
19-12-2014 09:07:25 Windows Update
19-12-2014 10:02:38 Windows Update
19-12-2014 13:21:42 Removed BabylonObjectInstaller

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-12-25 20:51 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {6368AB21-97F4-4BDC-AA96-602A90C7FF08} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001Core.job => C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001UA.job => C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002Core.job => C:\Users\Yael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002UA.job => C:\Users\Yael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1003Core.job => C:\Users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1003UA.job => C:\Users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006Core.job => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006UA.job => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-20 21:44 - 2005-03-11 23:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2011-12-21 19:18 - 2011-03-15 23:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2013-09-23 17:06 - 2014-12-25 20:54 - 00598072 _____ () C:\Users\Yael\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-03 16:23 - 2014-12-25 20:54 - 36966968 _____ () C:\Users\Yael\AppData\Roaming\Spotify\Data\libcef.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-09-23 17:06 - 2014-12-25 20:54 - 00886840 _____ () C:\Users\Yael\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-23 17:06 - 2014-12-25 20:54 - 00108600 _____ () C:\Users\Yael\AppData\Roaming\Spotify\Data\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4229975068-1931466670-3666739151-500 - Administrator - Disabled)
Atara (S-1-5-21-4229975068-1931466670-3666739151-1005 - Limited - Enabled) => C:\Users\Atara
Daddy (S-1-5-21-4229975068-1931466670-3666739151-1001 - Administrator - Enabled) => C:\Users\Daddy
Guest (S-1-5-21-4229975068-1931466670-3666739151-501 - Limited - Disabled)
Michal (S-1-5-21-4229975068-1931466670-3666739151-1006 - Limited - Enabled) => C:\Users\Michal
Mommy (S-1-5-21-4229975068-1931466670-3666739151-1003 - Limited - Enabled) => C:\Users\Mommy
Sara (S-1-5-21-4229975068-1931466670-3666739151-1007 - Limited - Enabled) => C:\Users\Sara
Shalom (S-1-5-21-4229975068-1931466670-3666739151-1004 - Limited - Enabled) => C:\Users\Shalom
Yael (S-1-5-21-4229975068-1931466670-3666739151-1002 - Limited - Enabled) => C:\Users\Yael

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/25/2014 08:55:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 08:51:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 07:33:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 08:53:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 08:41:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 09:21:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 08:54:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 08:47:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 08:59:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 07:38:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/21/2014 00:47:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozwhost service failed to start due to the following error:
%%2

Error: (12/21/2014 00:47:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozhost service failed to start due to the following error:
%%2

Error: (12/21/2014 09:23:26 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/21/2014 08:31:44 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{601787c5-2c31-11e1-b772-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{B312E00D-AB5A-4D05-9E0B-EB06A35F2F57}

Error: (12/21/2014 07:49:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozwhost service failed to start due to the following error:
%%2

Error: (12/21/2014 07:49:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozhost service failed to start due to the following error:
%%2

Error: (12/20/2014 06:07:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozwhost service failed to start due to the following error:
%%2

Error: (12/20/2014 06:07:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozhost service failed to start due to the following error:
%%2

Error: (12/19/2014 02:05:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozwhost service failed to start due to the following error:
%%2

Error: (12/19/2014 02:05:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozhost service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (12/25/2014 08:55:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 08:51:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 07:33:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 08:53:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 08:41:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 09:21:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 08:54:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 08:47:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 08:59:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 07:38:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-06-30 13:42:13.733
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-30 13:42:13.729
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-30 13:42:13.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 00:35:21.896
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 00:35:21.894
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 00:35:21.892
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-31 20:48:51.023
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-31 20:48:51.020
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-31 20:48:51.018
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 29%
Total physical RAM: 5992.37 MB
Available physical RAM: 4243.25 MB
Total Pagefile: 11982.92 MB
Available Pagefile: 10077.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.34 GB) (Free:608.15 GB) NTFS
Drive e: () (Removable) (Total:1.92 GB) (Free:0.26 GB) FAT
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:1397.26 GB) (Free:1330.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4079EF22)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 1397.3 GB) (Disk ID: E6A01404)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: 221E5780)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)

==================== End Of Log ============================
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby Gary R » December 26th, 2014, 3:04 am

I don't see the Search log for this account, did you not run the Search, or was there nothing found when you ran the Search ?

Also, can you try logging into the very first account again, and let me know if you're still getting messages when you attempt to run any program.


In the meantime, till I've got the answers from you to those two questions, here's a part fix for the items in the two logs you supplied for the last account ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (don't include Code: Select all)
Code: Select all
HKU\S-1-5-21-4229975068-1931466670-3666739151-1002\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - F:\LaunchU3.exe -a
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://start.funmoods.com/results.php?f=4&q= {searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://start.funmoods.com/results.php?f=4&q= {searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir="
Hosts:
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 120 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware