Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected with IDP.Program.D1B0A5C0

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 18th, 2014, 9:28 pm

Help please,
I am running Windows 7 with AVG and AVG detected this virus IDP.Program.D1B0A5C0 and I can't seem to get rid of it.
Adware keeps on installing on my computer and popups keep on coming and avg and malwarebytes can't get rid of them
Thank you very much,
Shalon
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420
Run by Daddy at 23:09:01 on 2014-12-18
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\BetterBrain_1.10.0.2\Service\bbsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\PROGRA~3\zoomify2\110~1.27\cozhost.exe
C:\Users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Mommy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\PROGRA~3\zoomify2\110~1.27\cozwhost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\ospd_us_375\ospd_us_375.exe
C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Windows\jmesoft\Service.exe
C:\Users\Daddy\AppData\Roaming\VOPackage\VOsrv.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\windows\SysWOW64\ctfmon.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\ProgramData\zoomify2\1.1.0.27\cozahost.exe
C:\Program Files (x86)\snipsmart\updatesnipsmart.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\ProgramData\zoomify2\1.1.0.27\cozahost.exe
C:\ProgramData\zoomify2\1.1.0.27\coz32host.exe
C:\ProgramData\zoomify2\1.1.0.27\coz32host.exe
C:\Program Files (x86)\snipsmart\bin\snipsmart.expext.exe
C:\Program Files (x86)\snipsmart\bin\snipsmart.BOASHelper.exe
C:\Program Files (x86)\snipsmart\bin\snipsmart.BOASPRT.exe
C:\Program Files (x86)\snipsmart\bin\snipsmart.BOASPRT.exe
C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter.exe
C:\Program Files (x86)\snipsmart\bin\snipsmart.BOAS.exe
C:\Program Files (x86)\snipsmart\bin\snipsmart.BOAS.exe
C:\Program Files (x86)\snipsmart\bin\snipsmart.BRT.Helper.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\ProgramData\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe
C:\ProgramData\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT333161 ... 868F&SSPV=
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://www.lenovo.com
uProxyServer = hxxp=127.0.0.1:62855;https=127.0.0.1:62855
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: BlockAndSurf: {2EDBD663-9EDC-5512-DC0D-3053229038A5} - C:\Program Files (x86)\ver9BlockAndSurf\183.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll
BHO: {72351B45-9636-4F99-820B-7C552D27897D}} - <orphaned>
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: BetterBrain: {C2DF6D43-F814-4C32-B021-209A74BAACA5} - C:\Program Files (x86)\BetterBrain_1.10.0.2\IE\BetterBrainClientIE.dll
TB: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
uRun: [Google Update] "C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Easy Driver Pro] C:\Program Files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [ospd_us_375] "C:\Program Files (x86)\ospd_us_375\ospd_us_375.exe"
mRun: [ConvertAd] C:\Users\Daddy\AppData\Local\ConvertAd\ConvertAd.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRunOnce: [Update] C:\Users\Daddy\AppData\Roaming\VOPackage\VOPackage.exe /runonce
mRunOnce: [upospd_us_375.exe] C:\Users\Daddy\AppData\Local\ospd_us_375\upospd_us_375.exe -runonce
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwa ... wflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2BA35979-0F4C-4C41-9828-D18186E6EDF9} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: BlockAndSurf: {2EDBD663-9EDC-5512-DC0D-3053229038A5} - C:\Program Files (x86)\ver9BlockAndSurf\183_x64.dll
x64-BHO: {72351B45-9636-4F99-820B-7C552D27897D}} - <orphaned>
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: BetterBrain: {C2DF6D43-F814-4C32-B021-209A74BAACA5} - C:\Program Files\BetterBrain_1.10.0.2\IE\BetterBrainClientIE.dll
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: PFW - <no file>
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\System32\wpdshserviceobj.dll
Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
Hosts: 0.0.0.0 tracking.opencandy.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R? 0134851357934090mcinstcleanup;McAfee Application Installer Cleanup (0134851357934090)
R? AlotService;ALOT Update Service
R? BrSerIb;Brother MFC Serial Interface Driver(WDM)
R? BrUsbSIb;Brother MFC Serial USB Driver(WDM)
R? cfwids;McAfee Inc. cfwids
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? globalUpdate;globalUpdate Update Service (globalUpdate)
R? globalUpdatem;globalUpdate Update Service (globalUpdatem)
R? HomeNetSvc;McAfee Home Network
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? LMIRfsClientNP;LMIRfsClientNP
R? LVRS64;Logitech RightSound Filter Driver
R? LVUVC64;Logitech HD Webcam C310(UVC)
R? McProxy;McAfee Proxy Service
R? Orbiter;Orbiter
R? Revoflt;Revoflt
R? SkypeUpdate;Skype Updater
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies Service
R? webinstrT;webinstrT
R? wlcrasvc;Windows Live Mesh remote connections service
R? wsvd;wsvd
R? yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller
S? {34f74bed-9d31-4690-9930-3756a4e56d17}Gw64;{34f74bed-9d31-4690-9930-3756a4e56d17}Gw64
S? {7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64;{7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64
S? {e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64;{e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64
S? Avgdiska;AVG Disk Driver
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSHA;AVGIDSHA
S? Avgldx64;AVG AVI Loader Driver
S? Avgloga;AVG Logging Driver
S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx64;AVG Anti-Rootkit Driver
S? Avgtdia;AVG TDI Driver
S? avgwd;AVG WatchDog
S? bbnfd_1_10_0_2;bbnfd_1_10_0_2
S? bbsvc_1.10.0.2;Better Brain 1.10.0.2 Client Service
S? brfilt;Brother MFC Filter Driver
S? brmfrsmg;Brother Resource manager service
S? BrUsbScn;Brother MFC USB Scanner driver
S? c2cautoupdatesvc;Skype Click to Call Updater
S? c2cpnrsvc;Skype Click to Call PNR Service
S? cozhost;cozhost
S? cozwhost;cozwhost
S? IHA_MessageCenter;IHA_MessageCenter
S? IntcDAud;Intel(R) Display Audio
S? IntuitUpdateServiceV4;Intuit Update Service v4
S? JME Keyboard;JME Keyboard Driver
S? LMIGuardianSvc;LMIGuardianSvc
S? LMIInfo;LogMeIn Kernel Information Provider
S? LMIRfsDriver;LogMeIn Remote File System Driver
S? mfeavfk;McAfee Inc. mfeavfk
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfevtp;McAfee Validation Trust Protection Service
S? mfewfpk;McAfee Inc. mfewfpk
S? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
S? servervo;VO Service component
S? Unchecky;Unchecky
S? UNS;Intel(R) Management and Security Application User Notification Service
S? Update snipsmart;Update snipsmart
S? Util snipsmart;Util snipsmart
S? WinI2C-DDC;WinI2C-DDC Kernel Mode Driver
S? WsAudio_DeviceS(1);WsAudio_DeviceS(1)
S? WsAudio_DeviceS(2);WsAudio_DeviceS(2)
S? WsAudio_DeviceS(3);WsAudio_DeviceS(3)
S? WsAudio_DeviceS(4);WsAudio_DeviceS(4)
S? WsAudio_DeviceS(5);WsAudio_DeviceS(5)
.
=============== Created Last 30 ================
.
2014-12-19 04:07:34 -------- d-----w- C:\ProgramData\Avg_Update_1214av
2014-12-19 04:05:51 48784 ----a-w- C:\windows\System32\drivers\{7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64.sys
2014-11-28 15:23:36 48784 ----a-w- C:\windows\System32\drivers\{34f74bed-9d31-4690-9930-3756a4e56d17}Gw64.sys
2014-11-25 01:39:42 -------- d-----w- C:\Users\Daddy\AppData\Roaming\AVG2015
2014-11-25 01:38:58 -------- d--h--w- C:\$AVG
2014-11-25 01:38:58 -------- d-----w- C:\ProgramData\AVG2015
2014-11-25 01:38:50 -------- d-----w- C:\Program Files (x86)\AVG
2014-11-25 01:36:49 -------- d-----w- C:\Users\Daddy\AppData\Local\MFAData
2014-11-25 01:36:49 -------- d-----w- C:\Users\Daddy\AppData\Local\Avg2015
2014-11-25 01:36:49 -------- d-----w- C:\ProgramData\MFAData
2014-11-24 22:26:02 1944256 ----a-w- C:\windows\shost.bin
2014-11-23 23:39:51 628496 ----a-w- C:\Users\Daddy\AppData\Local\nsh3FDD.tmp
2014-11-23 23:01:29 613057 ----a-w- C:\Users\Daddy\AppData\Local\nsi226C.tmp
2014-11-23 23:00:02 -------- d-----w- C:\Users\Daddy\AppData\Local\WorldofTanks
2014-11-23 22:59:47 -------- d-----w- C:\Users\Daddy\AppData\Local\StormFall
2014-11-23 22:41:58 613057 ----a-w- C:\Users\Daddy\AppData\Local\nsa441E.tmp
2014-11-23 22:41:58 -------- d-sh--w- C:\Users\Daddy\AppData\Roaming\AnyProtectEx
2014-11-23 22:41:58 -------- d-----w- C:\Program Files (x86)\AnyProtectEx
2014-11-23 22:40:52 1875 ----a-w- C:\windows\patsearch.bin
2014-11-23 22:40:46 -------- d-----w- C:\Users\Daddy\AppData\Local\ConvertAd
2014-11-23 22:40:43 -------- d-----w- C:\Program Files (x86)\ver9BlockAndSurf
2014-11-23 22:40:18 -------- d-----w- C:\Users\Daddy\AppData\Local\ospd_us_375
2014-11-23 22:40:18 -------- d-----w- C:\Program Files (x86)\ospd_us_375
2014-11-23 22:40:10 -------- d-----w- C:\Users\Daddy\AppData\Local\Vosteran
2014-11-23 22:39:58 -------- d-----w- C:\Users\Daddy\AppData\Roaming\WSE_Vosteran
2014-11-23 22:39:58 -------- d-----w- C:\Program Files (x86)\WSE_Vosteran
2014-11-23 22:39:54 -------- d-----w- C:\Program Files\BetterBrain_1.10.0.2
2014-11-23 22:39:52 -------- d-----w- C:\Program Files (x86)\BetterBrain_1.10.0.2
2014-11-23 22:39:49 -------- d-----w- C:\ProgramData\Unchecky
2014-11-23 22:39:48 -------- d-----w- C:\Program Files (x86)\Unchecky
2014-11-23 22:35:44 48784 ----a-w- C:\windows\System32\drivers\{e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64.sys
2014-11-23 22:32:04 -------- d-----w- C:\Program Files (x86)\Search Extensions
2014-11-23 22:31:20 -------- d-----w- C:\Users\Daddy\AppData\Local\SearchProtect
2014-11-23 22:31:13 -------- d-----w- C:\Program Files (x86)\ORBTR
2014-11-23 22:31:12 -------- d-----w- C:\Program Files (x86)\SearchProtect
2014-11-23 22:30:12 -------- d-----w- C:\Program Files (x86)\9f89fda5-f787-4f83-a8b8-ac793b300a6c
2014-11-23 22:30:02 -------- d-----w- C:\Users\Daddy\AppData\Local\globalUpdate
2014-11-23 22:30:02 -------- d-----w- C:\Program Files (x86)\globalUpdate
2014-11-23 22:30:01 -------- d-----w- C:\Program Files (x86)\Savepass 3.0
2014-11-23 22:28:59 -------- d-----w- C:\Users\Daddy\AppData\Roaming\VOPackage
2014-11-23 22:28:31 -------- d-----w- C:\Users\Daddy\AppData\Local\Weather_Protector_LLC
2014-11-23 22:28:26 -------- d-----w- C:\Users\Daddy\AppData\Local\StormWatch
2014-11-23 22:27:35 -------- d-----w- C:\ProgramData\Visan
2014-11-23 22:27:35 -------- d-----w- C:\ProgramData\HP Photo Creations
2014-11-23 22:27:35 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
2014-11-23 22:27:06 -------- d-----w- C:\Users\Daddy\AppData\Roaming\HpUpdate
2014-11-23 22:26:41 763912 ------w- C:\windows\System32\HPDiscoPMC211.dll
2014-11-23 22:26:26 -------- d-----w- C:\ProgramData\zoomify2
2014-11-23 22:26:19 -------- d-----w- C:\Program Files (x86)\HP
2014-11-23 22:26:18 -------- d-----w- C:\Program Files\HP
2014-11-23 22:25:54 -------- d-----w- C:\Program Files (x86)\snipsmart
2014-11-23 22:22:59 -------- d-----w- C:\Users\Daddy\AppData\Local\HP
2014-11-19 08:45:26 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-11-19 08:45:26 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-11-19 08:45:26 241152 ----a-w- C:\windows\System32\pku2u.dll
2014-11-19 08:45:26 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
.
==================== Find3M ====================
.
2014-11-06 04:04:03 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-03 23:04:51 92520 ----a-w- C:\windows\System32\LMIinit.dll
2014-11-03 23:04:51 35688 ----a-w- C:\windows\System32\LMIport.dll
2014-11-03 23:04:51 107392 ----a-w- C:\windows\System32\LMIRfsClientNP.dll
2014-10-30 21:42:06 58232 ----a-w- C:\windows\System32\drivers\bbnfd_1_10_0_2.sys
2014-10-30 02:35:16 263960 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2014-10-25 01:57:59 77824 ----a-w- C:\windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\windows\SysWow64\packager.dll
2014-10-22 23:24:34 107392 ----a-w- C:\windows\System32\LMIRfsClientNP.dll.000.bak
2014-10-18 02:05:23 861696 ----a-w- C:\windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\windows\SysWow64\adtschema.dll
2014-10-10 19:14:32 274200 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2014-10-10 00:57:42 3198976 ----a-w- C:\windows\System32\win32k.sys
2014-10-07 03:02:39 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-07 03:02:39 701104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-10-06 01:41:40 124184 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2014-10-03 02:12:00 500224 ----a-w- C:\windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\windows\SysWow64\AudioSes.dll
2014-09-25 02:08:38 371712 ----a-w- C:\windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\windows\SysWow64\qdvd.dll
.
============= FINISH: 23:14:57.13 ===============

.
==== Hosts File Hijack ======================
.
Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
Hosts: 0.0.0.0 tracking.opencandy.com
Hosts: 0.0.0.0 api.opencandy.com
Hosts: 0.0.0.0 installer.betterinstaller.com
Hosts: 0.0.0.0 installer.filebulldog.com
Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
Hosts: 0.0.0.0 inno.bisrv.com
Hosts: 0.0.0.0 nsis.bisrv.com
Hosts: 0.0.0.0 cdn.file2desktop.com
Hosts: 0.0.0.0 cdn.goateastcach.us
Hosts: 0.0.0.0 cdn.guttastatdk.us
Hosts: 0.0.0.0 cdn.inskinmedia.com
Hosts: 0.0.0.0 cdn.insta.oibundles2.com
Hosts: 0.0.0.0 cdn.insta.playbryte.com
Hosts: 0.0.0.0 cdn.llogetfastcach.us
Hosts: 0.0.0.0 cdn.montiera.com
Hosts: 0.0.0.0 cdn.msdwnld.com
Hosts: 0.0.0.0 cdn.mypcbackup.com
Hosts: 0.0.0.0 cdn.ppdownload.com
Hosts: 0.0.0.0 cdn.riceateastcach.us
Hosts: 0.0.0.0 cdn.shyapotato.us
Hosts: 0.0.0.0 cdn.solimba.com
Hosts: 0.0.0.0 cdn.tuto4pc.com
Hosts: 0.0.0.0 cdn.appround.biz
Hosts: 0.0.0.0 cdn.bigspeedpro.com
Hosts: 0.0.0.0 cdn.bispd.com
Hosts: 0.0.0.0 cdn.bisrv.com
Hosts: 0.0.0.0 cdn.cdndp.com
Hosts: 0.0.0.0 cdn.download.sweetpacks.com
Hosts: 0.0.0.0 cdn.dpdownload.com
Hosts: 0.0.0.0 cdn.visualbee.net
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader X (10.1.7)
ALOT Appbar
AnyProtect
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2015
AVS Audio Converter 7
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Babylon toolbar on IE
BabylonObjectInstaller
Better Brain 1.10.0.2
BlockAndSurf
Bonjour
Bucksbee Loyalty Plugin 100815.b for Chrome
CameraHelperMsi
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
ConvertAd
Coupon Printer for Windows
D3DX10
DealCabby
Definition Update for Microsoft Office 2010 (KB2899521) 32-Bit Edition
Driver Support
Easy Driver Pro
erLT
ffdshow v1.1.4369 [2012-03-03]
Google Chrome
Google Talk Plugin
HP Deskjet 2540 series Basic Device Software
HP Deskjet 2540 series Help
HP Photo Creations
HP Update
HPDiagnosticCoreDll
IHA_MessageCenter
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Network Connections Drivers
Intel(R) Processor Graphics
iTunes
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
Lenovo Blacksilk USB Keyboard Driver
Lenovo Driver and Application Installation
Lenovo Dynamic Brightness System
Lenovo Eye Distance System
Lenovo Power2Go
Lenovo Rescue System
Logitech Webcam Software
LogMeIn
LVT
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Pictures And Video
LWS Twitter
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 2.0.2.1012
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyTomTom 3.1.0.530
OneSoftPerDay 025.375
Online Plug-in
Open Freely
PDFCreator
PinPhotoZoom
Product Improvement Study for HP Deskjet 2540 series
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Remote Desktop Access (VuuPC)
Revo Uninstaller Pro 2.5.5
RocketTab
Savepass 3.0
Search Protect
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition
Self-service Plug-in
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shared C Run-time for x64
Skype Click to Call
Skype™ 6.21
snipsmart
StormWatch
The Weather Channel App
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wnjiper
TurboTax 2012 wnyiper
TurboTax 2012 wrapper
TurboTax 2013
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wnjiper
TurboTax 2013 wnyiper
TurboTax 2013 wrapper
Unchecky v0.3.4
Uninstall Helper
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2889935) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2878251) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Visual Studio C++ 10.0 Runtime
Vosteran
Vz In Home Agent
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Wondershare Music Converter(Build 1.3.4.0)
WSE_Vosteran
Yahoo! Software Update
Yahoo! Toolbar
Zoomify
.
==== End Of File ===========================
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm
Advertisement
Register to Remove

Re: Infected with IDP.Program.D1B0A5C0

Unread postby Gary R » December 19th, 2014, 1:59 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected with IDP.Program.D1B0A5C0

Unread postby Gary R » December 19th, 2014, 2:06 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi shalom123

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Before we start to clean your computer, I need you to run some further scans for me.

First ....

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Next ....

  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Next ....

I also need you to run a Search for me using FRST ....

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;snipsmart

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • FRST.txt
  • Addition.txt
  • Search.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 19th, 2014, 10:58 am

# AdwCleaner v4.105 - Report created 19/12/2014 at 09:35:58
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Daddy - THEMOSTAWESOME
# Running from : C:\Users\Mommy\Desktop\adwcleaner_4.105.exe
# Option : Scan

***** [ Services ] *****

Service Found : AlotService
Service Found : globalUpdate
Service Found : globalUpdatem
Service Found : servervo
Service Found : Orbiter
Service Found : Update snipsmart
Service Found : YahooAUService
Service Found : bbnfd_1_10_0_2
Service Found : c2cautoupdatesvc
Service Found : c2cpnrsvc
Service Found : Update snipsmart
Service Found : Util snipsmart
Service Found : {34f74bed-9d31-4690-9930-3756a4e56d17}Gw64
Service Found : {7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64
Service Found : {e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64

***** [ Files / Folders ] *****

File Found : \alotserviceruntime.log
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Daddy\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
File Found : C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
File Found : C:\Users\Daddy\Desktop\AnyProtect.lnk
File Found : C:\Users\Daddy\Desktop\Continue Live Installation.lnk
File Found : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage-journal
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\windows\System32\drivers\{34f74bed-9d31-4690-9930-3756a4e56d17}Gw64.sys
File Found : C:\windows\System32\drivers\{7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64.sys
File Found : C:\windows\System32\drivers\{e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64.sys
Folder Found : C:\Program Files (x86)\alotappbar
Folder Found : C:\Program Files (x86)\AnyProtectEx
Folder Found : C:\Program Files (x86)\BabylonToolbar
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Driver Support
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\ORBTR
Folder Found : C:\Program Files (x86)\Probit Software
Folder Found : C:\Program Files (x86)\Savepass 3.0
Folder Found : C:\Program Files (x86)\Savepass 3.0
Folder Found : C:\Program Files (x86)\Search Extensions
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\snipsmart
Folder Found : C:\Program Files (x86)\snipsmart
Folder Found : C:\Program Files (x86)\ver9BlockAndSurf
Folder Found : C:\Program Files (x86)\w3i
Folder Found : C:\Program Files (x86)\WSE_Vosteran
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Driver Support
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\w3i
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\ProgramData\zoomify2
Folder Found : C:\Users\Daddy\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Daddy\AppData\Local\ConvertAd
Folder Found : C:\Users\Daddy\AppData\Local\globalUpdate
Folder Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Daddy\AppData\Local\SearchProtect
Folder Found : C:\Users\Daddy\AppData\Local\StormWatch
Folder Found : C:\Users\Daddy\AppData\Local\Temp\mt_ffx
Folder Found : C:\Users\Daddy\AppData\Local\Temp\snipsmart
Folder Found : C:\Users\Daddy\AppData\Local\Temp\snipsmart
Folder Found : C:\Users\Daddy\AppData\Local\Vosteran
Folder Found : C:\Users\Daddy\AppData\Local\Weather_Protector_LLC
Folder Found : C:\Users\Daddy\AppData\LocalLow\alotappbar
Folder Found : C:\Users\Daddy\AppData\LocalLow\alotservice
Folder Found : C:\Users\Daddy\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Daddy\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Daddy\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Daddy\AppData\LocalLow\zoomify
Folder Found : C:\Users\Daddy\AppData\Roaming\AnyProtectEx
Folder Found : C:\Users\Daddy\AppData\Roaming\Babylon
Folder Found : C:\Users\Daddy\AppData\Roaming\BabylonToolbar
Folder Found : C:\Users\Daddy\AppData\Roaming\defaulttab
Folder Found : C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Folder Found : C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
Folder Found : C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Found : C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
Folder Found : C:\Users\Daddy\AppData\Roaming\VOPackage
Folder Found : C:\Users\Daddy\AppData\Roaming\WSE_Vosteran
Folder Found : C:\Users\Daddy\Documents\Probit Software
Folder Found : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbdamgnimlipjnpgiakiojcbbmcmiibn
Folder Found : C:\Users\Michal\AppData\LocalLow\alotappbar
Folder Found : C:\Users\Michal\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Mommy\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Folder Found : C:\Users\Mommy\AppData\Local\SearchProtect
Folder Found : C:\Users\Mommy\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Sara\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Yael\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbdamgnimlipjnpgiakiojcbbmcmiibn
Folder Found : C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Yael\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Yael\AppData\Roaming\Funmoods

***** [ Scheduled Tasks ] *****

Task Found : APSnotifierPP1
Task Found : APSnotifierPP2
Task Found : APSnotifierPP3
Task Found : BlockAndSurf Update
Task Found : Driver Support-RTMRules
Task Found : Driver Support-RTMScan
Task Found : Driver Support-RTMUpdater
Task Found : DTReg
Task Found : Funmoods
Task Found : globalUpdateUpdateTaskMachineCore
Task Found : globalUpdateUpdateTaskMachineUA
Task Found : RocketTab Update Task
Task Found : RocketTab
Task Found : WSE_Vosteran
Task Found : 2b25e704-375b-4ded-aacf-2ca34ab66425-1
Task Found : 2b25e704-375b-4ded-aacf-2ca34ab66425-11
Task Found : 2b25e704-375b-4ded-aacf-2ca34ab66425-2
Task Found : 2b25e704-375b-4ded-aacf-2ca34ab66425-4
Task Found : 2b25e704-375b-4ded-aacf-2ca34ab66425-5
Task Found : 2b25e704-375b-4ded-aacf-2ca34ab66425-5_user
Task Found : 2b25e704-375b-4ded-aacf-2ca34ab66425-6
Task Found : 2b25e704-375b-4ded-aacf-2ca34ab66425-7
Task Found : 9cb59dba-8284-4bfe-9ec7-b64f013044d6
Task Found : a6c7015d-3094-4303-a638-873c475371e3

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\AppDataLow\Software\alotAppbar
Key Found : HKCU\Software\AppDataLow\Software\BlockAndSurf
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\Savepass 3.0
Key Found : HKCU\Software\AppDataLow\Software\Savepass 3.0
Key Found : HKCU\Software\AppDataLow\Software\Savepass 3.0
Key Found : HKCU\Software\AppDataLow\Software\zoomify
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\timesheraldonline.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.timesheraldonline.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\StormWatch
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran
Key Found : HKCU\Software\RocketTabInstalled
Key Found : HKCU\Software\Search Extensions
Key Found : HKCU\Software\snipsmart
Key Found : HKCU\Software\snipsmart
Key Found : HKCU\Software\StormWatch
Key Found : HKCU\Software\StormWatchApp
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\Vosteran
Key Found : HKCU\Software\Vosteran Browser
Key Found : HKCU\Software\WSE_Vosteran
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\DefaultTab
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Microsoft\Babylon
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Key Found : [x64] HKCU\Software\RocketTabInstalled
Key Found : [x64] HKCU\Software\Search Extensions
Key Found : [x64] HKCU\Software\snipsmart
Key Found : [x64] HKCU\Software\snipsmart
Key Found : [x64] HKCU\Software\StormWatch
Key Found : [x64] HKCU\Software\StormWatchApp
Key Found : [x64] HKCU\Software\Tutorials
Key Found : [x64] HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\Vosteran
Key Found : [x64] HKCU\Software\Vosteran Browser
Key Found : [x64] HKCU\Software\WSE_Vosteran
Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\BetterBrain_1.10.0.2
Key Found : HKLM\SOFTWARE\Classes\AppID\{011166B1-9A69-4174-93D5-F7D3324553FE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611611161}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EDBD663-9EDC-5512-DC0D-3053229038A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EDBD663-9EDC-5512-DC0D-3053229038A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{68261aaa-dc9f-4c2b-a168-c323e304c3a2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C2DF6D43-F814-4C32-B021-209A74BAACA5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4086DF47-C0E9-4EA0-A7E4-FDD954B182A1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655615561}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666616661}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0c8e7de5-d3f4-4ff0-be7d-2547ff22a3bb}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644614461}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644614461}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Found : HKLM\SOFTWARE\Default Tab
Key Found : HKLM\SOFTWARE\DefaultTab
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mbdamgnimlipjnpgiakiojcbbmcmiibn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0c83a006-90c0-43da-832c-548bfd0297a4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343263AB-D732-4066-A274-4A487A07F108}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{966d045c-60f6-4103-80a6-0b47f658a874}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42103E4-7D10-4CC9-B2B4-C546BCCF8706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EDBD663-9EDC-5512-DC0D-3053229038A5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EDBD663-9EDC-5512-DC0D-3053229038A5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2DF6D43-F814-4C32-B021-209A74BAACA5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5dfd64a7-81dd-45a9-9874-1fe13b7f4d56}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3A039E65-F01E-A3D8-2BFB-268F6EFC97FF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3A039E65-F01E-A3D8-2BFB-268F6EFC97FF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotAppbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BetterBrain_1.10.0.2
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Easy Driver Pro
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savepass 3.0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savepass 3.0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savepass 3.0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Vosteran
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zoomify
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : HKLM\SOFTWARE\ORBTR
Key Found : HKLM\SOFTWARE\RocketTab
Key Found : HKLM\SOFTWARE\Savepass 3.0
Key Found : HKLM\SOFTWARE\Savepass 3.0
Key Found : HKLM\SOFTWARE\Savepass 3.0
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\SimplyGen
Key Found : HKLM\SOFTWARE\snipsmart
Key Found : HKLM\SOFTWARE\snipsmart
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\zoomify
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update snipsmart
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util snipsmart
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622612261}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2EDBD663-9EDC-5512-DC0D-3053229038A5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2EDBD663-9EDC-5512-DC0D-3053229038A5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{C2DF6D43-F814-4C32-B021-209A74BAACA5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4086DF47-C0E9-4EA0-A7E4-FDD954B182A1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655615561}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666616661}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0c83a006-90c0-43da-832c-548bfd0297a4}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{966d045c-60f6-4103-80a6-0b47f658a874}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EDBD663-9EDC-5512-DC0D-3053229038A5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EDBD663-9EDC-5512-DC0D-3053229038A5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2DF6D43-F814-4C32-B021-209A74BAACA5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\snipsmart
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\snipsmart
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Easy Driver Pro]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A531D99C-5A22-449B-83DA-872725C6D0ED}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ConvertAd]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT333161 ... 868F&SSPV=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.funmoods.com/?f=2&a=adknlg ... =996414931

-\\ Google Chrome v

[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=NT_ss&s=web&rlz=0&as=3&ac=0%2C66
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=NT_ss&s=web&rlz=0&as=3&ac=0%2C66
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.nydailynews.com/search-resul ... s-7.113?q={searchTerms}&nydn-search-url=site&nydn-search-submit=Search
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir=
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir=
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&search=&qsrc=0&o=0&l=dir
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : hphibigbodkkohoglgfkddblldpfohjl
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : kincjchfokkeneeofpeefomkikfkiedl
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : mbdamgnimlipjnpgiakiojcbbmcmiibn
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : geggofhlfbcmanadhknllmlajiafopoh
[C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://kosheronabudget.com/search-resul ... -8859-1&q={searchTerms}&sa=Search
[C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
[C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_ ... osn=-1&v1={searchTerms}&search_submit=
[C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : mbdamgnimlipjnpgiakiojcbbmcmiibn
[C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [39165 octets] - [19/12/2014 09:35:58]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [39226 octets] ##########
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 19th, 2014, 10:59 am

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Daddy (administrator) on THEMOSTAWESOME on 19-12-2014 09:44:48
Running from C:\Users\Mommy\Desktop
Loaded Profiles: Daddy & Mommy (Available profiles: Daddy & Yael & Mommy & Shalom & Atara & Michal & Sara)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Better Brain) C:\Program Files (x86)\BetterBrain_1.10.0.2\Service\bbsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brother Industries, Ltd.) C:\Windows\System32\BrmfRsmg.exe
(Brother Industries, Ltd.) C:\Windows\System32\BrmfRsmg.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\jmesoft\Service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Users\Daddy\AppData\Roaming\VOPackage\VOsrv.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
() C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe
() C:\Program Files (x86)\snipsmart\bin\snipsmart.PurBrowse64.exe
() C:\Program Files (x86)\snipsmart\updatesnipsmart.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Google Inc.) C:\Users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Spotify Ltd) C:\Users\Mommy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\ospd_us_375\ospd_us_375.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter.exe
() C:\Program Files (x86)\snipsmart\bin\snipsmart.BOASHelper.exe
() C:\Program Files (x86)\snipsmart\bin\snipsmart.expext.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\snipsmart\bin\snipsmart.BOASPRT.exe
() C:\Program Files (x86)\snipsmart\bin\snipsmart.BOAS.exe
() C:\Program Files (x86)\snipsmart\bin\snipsmart.BRT.Helper.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ospd_us_375] => C:\Program Files (x86)\ospd_us_375\ospd_us_375.exe [3976136 2014-11-06] ()
HKLM-x32\...\Run: [ConvertAd] => C:\Users\Daddy\AppData\Local\ConvertAd\ConvertAd.exe [2140672 2014-11-23] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: [Update] => C:\Users\Daddy\AppData\Roaming\VOPackage\VOPackage.exe [289336 2014-11-23] ( )
HKLM-x32\...\RunOnce: [upospd_us_375.exe] => C:\Users\Daddy\AppData\Local\ospd_us_375\upospd_us_375.exe [3306440 2014-11-06] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Run: [Google Update] => C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-22] (Google Inc.)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Run: [Easy Driver Pro] => C:\Program Files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe [198960 2014-01-07] (Probit Software)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - F:\LaunchU3.exe -a
HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\...\Run: [Google Update] => C:\Users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-20] (Google Inc.)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\...\Run: [Spotify Web Helper] => C:\Users\Mommy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-04] (Spotify Ltd)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\...\Run: [Spotify] => C:\Users\Mommy\AppData\Roaming\Spotify\spotify.exe [6553144 2014-10-04] (Spotify Ltd)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [5789536 2014-10-17] (PC Drivers Headquarters)
HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\...\MountPoints2: F - F:\LaunchU3.exe -a
Startup: C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
ShortcutTarget: StormWatch.lnk -> C:\Users\Daddy\AppData\Local\StormWatch\StormWatch.exe (Weather Protector LLC)
Startup: C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
ShortcutTarget: StormWatchApp.lnk -> C:\Users\Daddy\AppData\Local\StormWatch\StormWatchApp.exe ()
Startup: C:\Users\Yael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4229975068-1931466670-3666739151-1002\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-4229975068-1931466670-3666739151-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-4229975068-1931466670-3666739151-1001] => http=127.0.0.1:62855;https=127.0.0.1:62855
AutoConfigURL: [S-1-5-21-4229975068-1931466670-3666739151-1003] => file://C:\Program Files (x86)\snipsmart\bin\Pac9064.js
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT333161 ... 868F&SSPV=
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig/redirectdomain ... &bmod=LEND
http://www.lenovo.com
HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LEND
HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=LEND
URLSearchHook: HKU\S-1-5-21-4229975068-1931466670-3666739151-1003 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.trovi.com/Results.aspx?gd=&c ... FF9868F&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir=
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.trovi.com/Results.aspx?gd=&c ... FF9868F&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1003 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1003 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: BlockAndSurf -> {2EDBD663-9EDC-5512-DC0D-3053229038A5} -> C:\Program Files (x86)\ver9BlockAndSurf\183_x64.dll ()
BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} -> No File
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121225094235.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: BetterBrain -> {C2DF6D43-F814-4C32-B021-209A74BAACA5} -> C:\Program Files\BetterBrain_1.10.0.2\IE\BetterBrainClientIE.dll (Better Brain)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
BHO-x32: BlockAndSurf -> {2EDBD663-9EDC-5512-DC0D-3053229038A5} -> C:\Program Files (x86)\ver9BlockAndSurf\183.dll ()
BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} -> No File
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121225094235.dll No File
BHO-x32: ALOT Appbar Helper -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} -> C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro, Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: BetterBrain -> {C2DF6D43-F814-4C32-B021-209A74BAACA5} -> C:\Program Files (x86)\BetterBrain_1.10.0.2\IE\BetterBrainClientIE.dll (Better Brain)
Toolbar: HKLM-x32 - ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll (Vertro, Inc)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4229975068-1931466670-3666739151-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4229975068-1931466670-3666739151-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4229975068-1931466670-3666739151-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Mommy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-4229975068-1931466670-3666739151-1003: @talk.google.com/O1DPlugin -> C:\Users\Mommy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-4229975068-1931466670-3666739151-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Mommy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4229975068-1931466670-3666739151-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Mommy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-01-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Firefox\Extensions: [{7DB8D991-102A-F011-64C5-1BED39E7F0B6}] - C:\Program Files (x86)\ver9BlockAndSurf\183.xpi
FF Extension: BlockAndSurf - C:\Program Files (x86)\ver9BlockAndSurf\183.xpi [2014-11-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_cmi_14_4 ... 361997&ir=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Daddy\AppData\Local\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Daddy\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Daddy\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Daddy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-14]
CHR Extension: (No Name) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjgogddongfaokicfnleepbfacjneaf [2014-11-23]
CHR Extension: (Google Search) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-14]
CHR Extension: (snipsmart) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaccgfkbmhkegoljkoefhpifoaehnhjp [2014-11-23]
CHR Extension: (BucksBee RewardsBar) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajcmjjdlglpcfblcnjilhodiondejlm [2014-01-26]
CHR Extension: (Skype Click to Call) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-08]
CHR Extension: (AVG SafeGuard toolbar) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-06-30]
CHR Extension: (Google Wallet) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-14]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Daddy\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-06-27]
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lajcmjjdlglpcfblcnjilhodiondejlm] - C:\Users\Daddy\AppData\Roaming\Bucksbee Loyalty Plugin 100815.b for Chrome\Toolbar_production_100815_12.crx [2012-05-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mbdamgnimlipjnpgiakiojcbbmcmiibn] - C:\Program Files (x86)\PinPhotoZoom\chrome\PinPhotoZoomChrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\15.3.0.11\avg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR StartMenuInternet: Google Chrome - C:\Users\Yael\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 0134851357934090mcinstcleanup; C:\Users\Daddy\AppData\Local\Temp\013485~1.EXE [832664 2012-09-28] () [File not signed]
S4 AlotService; C:\Users\Daddy\AppData\LocalLow\alotservice\alotservice.exe [255880 2012-08-23] (Vertro Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 bbsvc_1.10.0.2; C:\Program Files (x86)\BetterBrain_1.10.0.2\Service\bbsvc.exe [277584 2014-10-30] (Better Brain)
R2 brmfrsmg; C:\Windows\system32\BrmfRsmg.exe [52736 2009-07-13] (Brother Industries, Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 cozhost; C:\ProgramData\zoomify2\1.1.0.27\cozhost.exe [491504 2014-11-10] (Zoomify Agent)
S2 cozwhost; C:\ProgramData\zoomify2\1.1.0.27\cozwhost.exe [199152 2014-11-10] (Zoomify Agent)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-23] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-23] (globalUpdate) [File not signed]
S4 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [290832 2011-12-12] (Verizon) [File not signed]
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-11-03] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-11-03] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
S4 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-11-09] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [177680 2012-11-09] (McAfee, Inc.)
R2 servervo; C:\Users\Daddy\AppData\Roaming\VOPackage\VOsrv.exe [89600 2014-11-23] () [File not signed]
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-11-23] (RaMMicHaeL)
R2 Update snipsmart; C:\Program Files (x86)\snipsmart\updatesnipsmart.exe [519408 2014-12-19] ()
R2 Util snipsmart; C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe [519408 2014-12-19] ()
S3 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe" Start=service [X]
S2 Orbiter; C:/Program Files (x86)/ORBTR/orbiter.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 bbnfd_1_10_0_2; C:\Windows\System32\drivers\bbnfd_1_10_0_2.sys [58232 2014-10-30] (Better Brain)
R3 brfilt; C:\Windows\System32\Drivers\Brfilt.sys [6144 2009-06-10] (Brother Industries Ltd.)
R3 BrUsbScn; C:\Windows\System32\Drivers\BrUsbScn.sys [14336 2009-06-10] (Brother Industries Ltd.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-11-09] (McAfee, Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-11-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-11-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-11-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-11-09] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-11-09] (McAfee, Inc.)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
R1 {34f74bed-9d31-4690-9930-3756a4e56d17}Gw64; C:\Windows\System32\drivers\{34f74bed-9d31-4690-9930-3756a4e56d17}Gw64.sys [48784 2014-11-27] (StdLib)
R1 {7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64; C:\Windows\System32\drivers\{7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64.sys [48784 2014-12-18] (StdLib)
R1 {e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64; C:\Windows\System32\drivers\{e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64.sys [48784 2014-11-23] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 09:44 - 2014-12-19 09:45 - 00037546 _____ () C:\Users\Mommy\Desktop\FRST.txt
2014-12-19 09:44 - 2014-12-19 09:44 - 00000000 ____D () C:\FRST
2014-12-19 09:35 - 2014-12-19 09:37 - 00000000 ____D () C:\AdwCleaner
2014-12-19 09:35 - 2014-12-19 09:34 - 00000111 _____ () C:\Users\Mommy\Desktop\virus.txt
2014-12-19 09:35 - 2014-12-19 09:30 - 02166272 _____ () C:\Users\Mommy\Desktop\adwcleaner_4.105.exe
2014-12-19 09:35 - 2014-12-19 09:30 - 02121216 _____ (Farbar) C:\Users\Mommy\Desktop\FRST64.exe
2014-12-19 09:18 - 2014-12-19 09:18 - 00000207 _____ () C:\windows\tweaking.com-regbackup-THEMOSTAWESOME-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-12-19 09:16 - 2014-12-19 09:16 - 00002239 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-12-19 09:16 - 2014-12-19 09:16 - 00000000 ____D () C:\RegBackup
2014-12-19 09:16 - 2014-12-19 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-19 09:16 - 2014-12-19 09:16 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-19 09:14 - 2014-12-19 09:14 - 04215584 _____ () C:\Users\Mommy\Desktop\tweaking.com_registry_backup_setup.exe
2014-12-18 23:33 - 2014-12-18 23:48 - 00000308 _____ () C:\windows\Tasks\Tempo Runner coz32host.job
2014-12-18 23:33 - 2014-12-18 23:47 - 00002762 _____ () C:\windows\System32\Tasks\Tempo Runner coz64host
2014-12-18 23:31 - 2014-12-18 23:48 - 00000306 _____ () C:\windows\Tasks\Tempo Runner cozahost.job
2014-12-18 23:28 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-18 23:28 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-18 23:21 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-18 23:21 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-18 23:21 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-18 23:21 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-18 23:21 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-18 23:21 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-18 23:21 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-18 23:21 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-18 23:21 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-18 23:21 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-18 23:20 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-18 23:20 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-18 23:14 - 2014-12-18 23:14 - 00026445 _____ () C:\Users\Daddy\Desktop\dds.txt
2014-12-18 23:14 - 2014-12-18 23:14 - 00009128 _____ () C:\Users\Daddy\Desktop\attach.txt
2014-12-18 23:07 - 2014-12-18 23:07 - 00688992 ____R (Swearware) C:\Users\Mommy\Downloads\dds.scr
2014-12-18 23:07 - 2014-12-18 23:07 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\HpUpdate
2014-12-18 23:05 - 2014-12-18 19:27 - 00048784 _____ (StdLib) C:\windows\system32\Drivers\{7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64.sys
2014-11-28 10:23 - 2014-11-27 19:51 - 00048784 _____ (StdLib) C:\windows\system32\Drivers\{34f74bed-9d31-4690-9930-3756a4e56d17}Gw64.sys
2014-11-24 20:41 - 2014-11-24 20:42 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Avg2015
2014-11-24 20:41 - 2014-11-24 20:41 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\AVG2015
2014-11-24 20:39 - 2014-11-24 20:39 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-11-24 20:39 - 2014-11-24 20:39 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\AVG2015
2014-11-24 20:39 - 2014-11-24 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-24 20:38 - 2014-12-19 09:04 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-24 20:38 - 2014-11-24 20:38 - 00000000 ___HD () C:\$AVG
2014-11-24 20:38 - 2014-11-24 20:38 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-11-24 20:36 - 2014-12-19 09:09 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-24 20:36 - 2014-11-24 20:39 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Avg2015
2014-11-24 20:36 - 2014-11-24 20:36 - 04637504 _____ (AVG Technologies) C:\Users\Mommy\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2014-11-24 20:36 - 2014-11-24 20:36 - 00000000 ____D () C:\Users\Daddy\AppData\Local\MFAData
2014-11-24 20:18 - 2014-11-24 20:18 - 00000000 ____D () C:\Users\Mommy\AppData\Local\SearchProtect
2014-11-24 20:17 - 2014-11-24 20:17 - 00000000 ____D () C:\Users\Mommy\AppData\Local\ospd_us_375
2014-11-24 17:26 - 2014-11-24 17:26 - 01944256 _____ () C:\windows\shost.bin
2014-11-24 07:33 - 2014-12-19 09:05 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-11-23 18:54 - 2014-11-23 18:54 - 00000000 __SHD () C:\Users\Mommy\AppData\Local\EmieBrowserModeList
2014-11-23 18:53 - 2014-11-23 18:53 - 00000000 ____D () C:\Users\Mommy\AppData\Local\HP
2014-11-23 18:40 - 2014-11-23 18:40 - 00000047 _____ () C:\Users\Daddy\AppData\Roaming\WB.CFG
2014-11-23 18:39 - 2014-11-23 18:39 - 00628496 _____ (CMI Limited) C:\Users\Daddy\AppData\Local\nsh3FDD.tmp
2014-11-23 18:39 - 2014-11-23 18:39 - 00001097 _____ () C:\Users\Daddy\Desktop\Continue Live Installation.lnk
2014-11-23 18:08 - 2014-11-23 18:09 - 00000000 ____D () C:\Users\Mommy\AppData\Local\{8F85811F-A8AD-4ABD-82A8-29D28DC27661}
2014-11-23 18:01 - 2014-11-23 18:01 - 00613057 _____ (CMI Limited) C:\Users\Daddy\AppData\Local\nsi226C.tmp
2014-11-23 18:00 - 2014-11-23 18:00 - 00000000 ____D () C:\Users\Daddy\AppData\Local\WorldofTanks
2014-11-23 17:59 - 2014-11-23 17:59 - 00000000 ____D () C:\Users\Daddy\AppData\Local\StormFall
2014-11-23 17:52 - 2014-11-23 17:53 - 106859936 _____ () C:\Users\Daddy\Downloads\DJ2540_188 (1).exe
2014-11-23 17:44 - 2014-11-24 07:31 - 00000378 _____ () C:\windows\Tasks\APSnotifierPP1.job
2014-11-23 17:44 - 2014-11-24 07:31 - 00000376 _____ () C:\windows\Tasks\APSnotifierPP3.job
2014-11-23 17:44 - 2014-11-24 07:31 - 00000376 _____ () C:\windows\Tasks\APSnotifierPP2.job
2014-11-23 17:44 - 2014-11-23 20:35 - 00002828 _____ () C:\windows\System32\Tasks\APSnotifierPP1
2014-11-23 17:44 - 2014-11-23 20:35 - 00002826 _____ () C:\windows\System32\Tasks\APSnotifierPP3
2014-11-23 17:44 - 2014-11-23 20:35 - 00002826 _____ () C:\windows\System32\Tasks\APSnotifierPP2
2014-11-23 17:44 - 2014-11-23 18:41 - 00001049 _____ () C:\Users\Daddy\Desktop\AnyProtect.lnk
2014-11-23 17:44 - 2014-11-23 17:44 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2014-11-23 17:41 - 2014-11-23 17:44 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2014-11-23 17:41 - 2014-11-23 17:41 - 00613057 _____ (CMI Limited) C:\Users\Daddy\AppData\Local\nsa441E.tmp
2014-11-23 17:41 - 2014-11-23 17:41 - 00000000 __SHD () C:\Users\Daddy\AppData\Roaming\AnyProtectEx
2014-11-23 17:40 - 2014-12-19 09:40 - 00000292 _____ () C:\windows\Tasks\WSE_Vosteran.job
2014-11-23 17:40 - 2014-12-19 09:07 - 00000424 _____ () C:\windows\Tasks\BlockAndSurf Update.job
2014-11-23 17:40 - 2014-11-23 20:46 - 00000000 ____D () C:\Users\Daddy\AppData\Local\ospd_us_375
2014-11-23 17:40 - 2014-11-23 18:08 - 00001875 _____ () C:\windows\patsearch.bin
2014-11-23 17:40 - 2014-11-23 18:00 - 00000000 ____D () C:\Users\Daddy\AppData\Local\ConvertAd
2014-11-23 17:40 - 2014-11-23 17:40 - 00003244 _____ () C:\windows\System32\Tasks\WSE_Vosteran
2014-11-23 17:40 - 2014-11-23 17:40 - 00003072 _____ () C:\windows\System32\Tasks\BlockAndSurf Update
2014-11-23 17:40 - 2014-11-23 17:40 - 00002275 _____ () C:\Users\Daddy\Desktop\Vosteran.lnk
2014-11-23 17:40 - 2014-11-23 17:40 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstrT_01009.Wdf
2014-11-23 17:40 - 2014-11-23 17:40 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2014-11-23 17:40 - 2014-11-23 17:40 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Vosteran
2014-11-23 17:40 - 2014-11-23 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
2014-11-23 17:40 - 2014-11-23 17:40 - 00000000 ____D () C:\Program Files (x86)\ver9BlockAndSurf
2014-11-23 17:40 - 2014-11-23 17:40 - 00000000 ____D () C:\Program Files (x86)\ospd_us_375
2014-11-23 17:39 - 2014-11-23 18:01 - 00000000 ____D () C:\ProgramData\Unchecky
2014-11-23 17:39 - 2014-11-23 17:40 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\WSE_Vosteran
2014-11-23 17:39 - 2014-11-23 17:40 - 00000000 ____D () C:\Program Files (x86)\WSE_Vosteran
2014-11-23 17:39 - 2014-11-23 17:39 - 00001023 _____ () C:\Users\Public\Desktop\Unchecky.lnk
2014-11-23 17:39 - 2014-11-23 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2014-11-23 17:39 - 2014-11-23 17:39 - 00000000 ____D () C:\Program Files\BetterBrain_1.10.0.2
2014-11-23 17:39 - 2014-11-23 17:39 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2014-11-23 17:39 - 2014-11-23 17:39 - 00000000 ____D () C:\Program Files (x86)\BetterBrain_1.10.0.2
2014-11-23 17:35 - 2014-11-23 17:35 - 106859936 _____ () C:\Users\Daddy\Downloads\Unconfirmed 828580.crdownload
2014-11-23 17:35 - 2014-11-23 03:25 - 00048784 _____ (StdLib) C:\windows\system32\Drivers\{e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64.sys
2014-11-23 17:33 - 2014-11-23 17:33 - 00834488 _____ (SlimWare Utilities, Inc.) C:\Users\Daddy\Downloads\DriverUpdate-setup.exe
2014-11-23 17:32 - 2014-11-23 17:32 - 00004336 _____ () C:\windows\System32\Tasks\RocketTab Update Task
2014-11-23 17:32 - 2014-11-23 17:32 - 00003550 _____ () C:\windows\System32\Tasks\RocketTab
2014-11-23 17:32 - 2014-11-23 17:32 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-11-23 17:31 - 2014-12-19 09:07 - 00002428 _____ () C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5_user.job
2014-11-23 17:31 - 2014-12-19 09:07 - 00002428 _____ () C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5.job
2014-11-23 17:31 - 2014-11-24 21:06 - 00000000 ____D () C:\Program Files (x86)\ORBTR
2014-11-23 17:31 - 2014-11-23 17:36 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-11-23 17:31 - 2014-11-23 17:31 - 00005458 _____ () C:\windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5
2014-11-23 17:31 - 2014-11-23 17:31 - 00000000 ____D () C:\Users\Daddy\AppData\Local\SearchProtect
2014-11-23 17:30 - 2014-12-19 09:30 - 00005500 _____ () C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-6.job
2014-11-23 17:30 - 2014-12-19 09:07 - 00005166 _____ () C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-11.job
2014-11-23 17:30 - 2014-12-19 09:07 - 00005164 _____ () C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-7.job
2014-11-23 17:30 - 2014-12-19 09:07 - 00004140 _____ () C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-4.job
2014-11-23 17:30 - 2014-12-19 09:07 - 00003430 _____ () C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-1.job
2014-11-23 17:30 - 2014-12-19 09:07 - 00002092 _____ () C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-2.job
2014-11-23 17:30 - 2014-12-19 09:07 - 00001432 _____ () C:\windows\Tasks\9cb59dba-8284-4bfe-9ec7-b64f013044d6.job
2014-11-23 17:30 - 2014-12-19 09:07 - 00000880 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-11-23 17:30 - 2014-12-19 09:07 - 00000612 _____ () C:\windows\Tasks\a6c7015d-3094-4303-a638-873c475371e3.job
2014-11-23 17:30 - 2014-12-18 23:35 - 00000884 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-11-23 17:30 - 2014-12-18 23:04 - 00000000 ____D () C:\Program Files (x86)\Savepass 3.0
2014-11-23 17:30 - 2014-11-23 17:30 - 00008528 _____ () C:\windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-6
2014-11-23 17:30 - 2014-11-23 17:30 - 00008196 _____ () C:\windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-11
2014-11-23 17:30 - 2014-11-23 17:30 - 00008194 _____ () C:\windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-7
2014-11-23 17:30 - 2014-11-23 17:30 - 00007170 _____ () C:\windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-4
2014-11-23 17:30 - 2014-11-23 17:30 - 00006460 _____ () C:\windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-1
2014-11-23 17:30 - 2014-11-23 17:30 - 00005122 _____ () C:\windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-2
2014-11-23 17:30 - 2014-11-23 17:30 - 00004462 _____ () C:\windows\System32\Tasks\9cb59dba-8284-4bfe-9ec7-b64f013044d6
2014-11-23 17:30 - 2014-11-23 17:30 - 00003882 _____ () C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-11-23 17:30 - 2014-11-23 17:30 - 00003650 _____ () C:\windows\System32\Tasks\a6c7015d-3094-4303-a638-873c475371e3
2014-11-23 17:30 - 2014-11-23 17:30 - 00003628 _____ () C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-11-23 17:30 - 2014-11-23 17:30 - 00000000 ____D () C:\Users\Daddy\AppData\Local\globalUpdate
2014-11-23 17:30 - 2014-11-23 17:30 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-11-23 17:30 - 2014-11-23 17:30 - 00000000 ____D () C:\Program Files (x86)\9f89fda5-f787-4f83-a8b8-ac793b300a6c
2014-11-23 17:28 - 2014-11-23 17:29 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\VOPackage
2014-11-23 17:28 - 2014-11-23 17:28 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-11-23 17:28 - 2014-11-23 17:28 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
2014-11-23 17:28 - 2014-11-23 17:28 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Weather_Protector_LLC
2014-11-23 17:28 - 2014-11-23 17:28 - 00000000 ____D () C:\Users\Daddy\AppData\Local\StormWatch
2014-11-23 17:27 - 2014-11-23 17:27 - 00003626 _____ () C:\windows\System32\Tasks\HPCustParticipation HP Deskjet 2540 series
2014-11-23 17:27 - 2014-11-23 17:27 - 00001995 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-11-23 17:27 - 2014-11-23 17:27 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\HpUpdate
2014-11-23 17:27 - 2014-11-23 17:27 - 00000000 ____D () C:\ProgramData\Visan
2014-11-23 17:27 - 2014-11-23 17:27 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-11-23 17:27 - 2014-11-23 17:27 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-11-23 17:27 - 2014-11-23 17:27 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-11-23 17:26 - 2014-11-23 17:51 - 00000000 ____D () C:\Program Files (x86)\HP
2014-11-23 17:26 - 2014-11-23 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-11-23 17:26 - 2014-11-23 17:26 - 00002212 _____ () C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
2014-11-23 17:26 - 2014-11-23 17:26 - 00001159 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 2540 series.lnk
2014-11-23 17:26 - 2014-11-23 17:26 - 00000000 ____D () C:\ProgramData\zoomify2
2014-11-23 17:26 - 2014-11-23 17:26 - 00000000 ____D () C:\ProgramData\HP
2014-11-23 17:26 - 2014-11-23 17:26 - 00000000 ____D () C:\Program Files\HP
2014-11-23 17:26 - 2014-03-06 12:51 - 00763912 ____N (Hewlett-Packard Co.) C:\windows\system32\HPDiscoPMC211.dll
2014-11-23 17:25 - 2014-12-19 09:06 - 00000000 ____D () C:\Program Files (x86)\snipsmart
2014-11-23 17:25 - 2014-11-23 17:25 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-11-23 17:23 - 2014-11-23 17:24 - 106859936 _____ () C:\Users\Daddy\Downloads\DJ2540_188.exe
2014-11-23 17:22 - 2014-11-23 17:27 - 00000000 ____D () C:\Users\Daddy\AppData\Local\HP
2014-11-23 12:41 - 2014-11-23 12:41 - 00584504 _____ () C:\Users\Daddy\Downloads\Installation.exe
2014-11-23 09:01 - 2014-11-23 09:01 - 00012678 _____ () C:\Users\Daddy\Downloads\contemp- cash flow.xlsx
2014-11-19 19:40 - 2014-11-19 19:40 - 00002937 _____ () C:\Users\Mommy\Documents\Microsoft PowerPoint 2010.lnk
2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\windows\SysWOW64\FM20.DLL
2014-11-19 03:45 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 03:45 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 03:45 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 03:45 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 09:41 - 2012-07-06 17:21 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006UA.job
2014-12-19 09:38 - 2009-07-14 00:13 - 00006206 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-19 09:24 - 2011-12-21 19:15 - 02071094 _____ () C:\windows\WindowsUpdate.log
2014-12-19 09:22 - 2013-06-20 07:02 - 00002374 _____ () C:\Users\Mommy\Desktop\Google Chrome.lnk
2014-12-19 09:18 - 2012-04-29 21:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-19 09:17 - 2012-08-19 20:06 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-19 09:17 - 2009-07-13 23:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-19 09:17 - 2009-07-13 23:45 - 00020688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-19 09:15 - 2012-07-22 14:14 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001UA.job
2014-12-19 09:10 - 2013-03-24 12:18 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Spotify
2014-12-19 09:07 - 2012-07-05 14:19 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002UA.job
2014-12-19 09:06 - 2009-07-13 21:34 - 00000537 _____ () C:\windows\win.ini
2014-12-19 09:05 - 2014-01-23 04:28 - 00000923 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-12-19 09:05 - 2014-01-23 04:28 - 00000907 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-12-19 09:05 - 2012-05-01 21:49 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-12-19 09:05 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-19 09:05 - 2009-07-13 23:51 - 00073617 _____ () C:\windows\setupact.log
2014-12-18 23:48 - 2012-07-20 16:53 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1003UA.job
2014-12-18 23:47 - 2013-08-14 02:02 - 00000000 ____D () C:\windows\system32\MRT
2014-12-18 23:30 - 2012-06-01 09:10 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-24 20:42 - 2014-07-17 22:05 - 00000177 _____ () C:\Users\Mommy\Desktop\avgrep.txt
2014-11-24 19:41 - 2012-07-06 17:21 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006Core.job
2014-11-24 19:07 - 2012-07-05 14:19 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002Core.job
2014-11-24 13:15 - 2012-07-22 14:14 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001Core.job
2014-11-24 07:31 - 2010-11-20 22:47 - 00828658 _____ () C:\windows\PFRO.log
2014-11-23 20:33 - 2013-03-24 12:18 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Spotify
2014-11-23 17:35 - 2012-05-20 07:21 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Adobe
2014-11-23 17:30 - 2012-06-09 21:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-11-23 17:30 - 2011-12-21 19:47 - 00002398 _____ () C:\Users\Public\Desktop\Internet Browser.lnk
2014-11-23 17:30 - 2011-12-21 19:47 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-23 06:48 - 2012-07-20 16:53 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1003Core.job

Files to move or delete:
====================
C:\ProgramData\flashax10.exe


Some content of TEMP:
====================
C:\Users\Daddy\AppData\Local\Temp\0134851357934090mcinst.exe
C:\Users\Daddy\AppData\Local\Temp\2F658057-A565-F64A-D98A-1AE05C625B6D.dll
C:\Users\Daddy\AppData\Local\Temp\2F658057-A565-F64A-D98A-1AE05C625B6D.exe
C:\Users\Daddy\AppData\Local\Temp\321D0B64-DA79-1F48-57D5-F28ACE24334D.exe
C:\Users\Daddy\AppData\Local\Temp\avg-dfc21d4c-ec33-4d5f-838b-bf2ecb78a763.exe
C:\Users\Daddy\AppData\Local\Temp\bq4u_otq.dll
C:\Users\Daddy\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe
C:\Users\Daddy\AppData\Local\Temp\mcinsint.exe
C:\Users\Daddy\AppData\Local\Temp\n1hex_8y.dll
C:\Users\Daddy\AppData\Local\Temp\oi_{7E984432-BFC1-4E2B-BAD6-05CC4B3F7F45}.exe
C:\Users\Daddy\AppData\Local\Temp\ose00000.exe
C:\Users\Daddy\AppData\Local\Temp\Package_en_ww.exe
C:\Users\Daddy\AppData\Local\Temp\Setup.exe
C:\Users\Daddy\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Daddy\AppData\Local\Temp\System.Data.SQLite31822.dll
C:\Users\Daddy\AppData\Local\Temp\System.Data.SQLite66487.dll
C:\Users\Daddy\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Daddy\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Daddy\AppData\Local\Temp\VASInstallerWizard.exe
C:\Users\Daddy\AppData\Local\Temp\winziprosetup.exe
C:\Users\Yael\AppData\Local\Temp\mcinsint.exe
C:\Users\Yael\AppData\Local\Temp\VASInstallerWizard.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 18:19

==================== End Of Log ============================
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 19th, 2014, 11:00 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Daddy at 2014-12-19 09:46:09
Running from C:\Users\Mommy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
ALOT Appbar (HKLM-x32\...\alotAppbar) (Version: - ALOT) <==== ATTENTION
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.4 - CMI Limited) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4223 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Babylon toolbar on IE (HKLM-x32\...\BabylonToolbar) (Version: - BabylonToolbar) <==== ATTENTION
BabylonObjectInstaller (HKLM-x32\...\{83AA2913-C123-4146-85BD-AD8F93971D39}) (Version: 2.0.0.3 - Babylon Ltd) <==== ATTENTION
Better Brain 1.10.0.2 (HKLM-x32\...\BetterBrain_1.10.0.2) (Version: 1.10.0.2 - Better Brain)
BlockAndSurf (HKLM-x32\...\3A039E65-F01E-A3D8-2BFB-268F6EFC97FF) (Version: - BlockAndSurf-software) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bucksbee Loyalty Plugin 100815.b for Chrome (HKLM-x32\...\Bucksbee Loyalty Plugin 100815.b for Chrome) (Version: - )
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
ConvertAd (HKLM-x32\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION!
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DealCabby (HKLM-x32\...\DealCabby) (Version: 1.0702.0952 - DealCabby) <==== ATTENTION!
Driver Support (HKLM-x32\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 9.1.4.35 - PC Drivers Headquarters, LP)
Easy Driver Pro (HKLM-x32\...\Easy Driver Pro) (Version: 8.1.2 - Probit Software LTD) <==== ATTENTION
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ffdshow v1.1.4369 [2012-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4369.0 - )
Google Chrome (HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Chrome (HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
IHA_MessageCenter (HKLM-x32\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2246 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.00.22080 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.00.21090 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.4827a - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.4827a - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{2BFDA78F-39F7-4537-9995-71424CFA88BB}) (Version: 4.1.2138 - LogMeIn, Inc.)
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0919 - Lenovo)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyTomTom 3.1.0.530 (HKLM-x32\...\MyTomTom) (Version: 3.1.0.530 - TomTom)
OneSoftPerDay 025.375 (HKLM-x32\...\ospd_us_375_is1) (Version: - ONESOFTPERDAY)
Online Plug-in (x32 Version: 13.1.201.3 - Citrix Systems, Inc.) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
PinPhotoZoom (HKLM-x32\...\{5dfd64a7-81dd-45a9-9874-1fe13b7f4d56}_is1) (Version: - PinPhotoZoom)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6230 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Revo Uninstaller Pro 2.5.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.5 - VS Revo Group, Ltd.)
RocketTab (HKLM-x32\...\RocketTab) (Version: - RocketTab) <==== ATTENTION!
Savepass 3.0 (HKLM-x32\...\Savepass 3.0) (Version: 1.35.9.29 - OB) <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.18.20.210 - Search Protect) <==== ATTENTION
Self-service Plug-in (x32 Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
snipsmart (HKLM\...\snipsmart) (Version: 2014.11.23.202126 - snipsmart) <==== ATTENTION!
Spotify (HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
StormWatch (HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\StormWatch) (Version: 1.0.1.27 - StormWatch) <==== ATTENTION!
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Unchecky v0.3.4 (HKLM-x32\...\Unchecky) (Version: 0.3.4 - RaMMicHaeL)
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.0.0) (Version: 2.0.0.0 - W3i, LLC)
Uninstall Helper (x32 Version: 2.0.0.0 - W3i, LLC) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Vosteran (HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Vosteran) (Version: 31.0.1650.23 - Vosteran) <==== ATTENTION!
Vz In Home Agent (HKLM-x32\...\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}) (Version: 8.03.53 - Verizon)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Wondershare Music Converter(Build 1.3.4.0) (HKLM-x32\...\Wondershare Music Converter_is1) (Version: - Wondershare Software)
WSE_Vosteran (HKLM-x32\...\WSE_Vosteran) (Version: - WSE_Vosteran) <==== ATTENTION!
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
Zoomify (HKLM-x32\...\zoomify) (Version: 1.1.0.27 - Zoomify) <==== ATTENTION!

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Daddy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Mommy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mommy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Mommy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mommy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mommy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4229975068-1931466670-3666739151-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mommy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

19-11-2014 03:00:12 Windows Update
20-11-2014 03:00:11 Windows Update
21-11-2014 03:00:13 Windows Update
21-11-2014 15:35:11 Windows Update
23-11-2014 03:00:16 Windows Update
23-11-2014 17:48:56 Installed HPDiagnosticCoreDll
23-11-2014 20:50:22 Windows Update
24-11-2014 21:07:22 Windows Update
28-11-2014 10:27:25 Windows Update
18-12-2014 23:21:48 Windows Update
19-12-2014 09:07:25 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-12-19 09:05 - 00001993 ____A C:\windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00795989-470E-4684-8A9D-906937F4C470} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001Core => C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22] (Google Inc.)
Task: {0B955546-F8C1-4DBA-8B6F-83155CE7AC99} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-10-17] (PC Drivers Headquarters)
Task: {0CF59D43-8EB3-4A71-937C-65EE6DB5F042} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-11 => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-11.exe <==== ATTENTION
Task: {1000D3AB-9434-44CF-8D6B-734A5DD37CAE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001UA => C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22] (Google Inc.)
Task: {146528BB-FFA9-456E-8A09-36384BD798E8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006Core => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-06] (Google Inc.)
Task: {2020BA66-8A14-4BCE-A037-E3FF2948531A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1003UA => C:\Users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20] (Google Inc.)
Task: {23EF0288-1795-4513-96F2-4CE613B5C84D} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-4 => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-4.exe <==== ATTENTION
Task: {249B4500-0CA6-453E-BE43-4B6536A0CAFF} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5 => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-5.exe <==== ATTENTION
Task: {2546A71A-71DE-4711-A7CA-861CCBDF234A} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-6 => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-6.exe <==== ATTENTION
Task: {2A32A0C1-AE4C-4ECC-8A9F-A7A0BEAA6A87} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\ver9BlockAndSurf\R0BlockAndSurfQ33.exe [2014-11-23] () <==== ATTENTION
Task: {2E659AD9-FC16-479D-8550-B0C319D2E331} - System32\Tasks\a6c7015d-3094-4303-a638-873c475371e3 => C:\Program Files (x86)\Savepass 3.0\a6c7015d-3094-4303-a638-873c475371e3.exe [2014-11-23] () <==== ATTENTION
Task: {38DF6085-0128-4DED-B910-6A93E0C2E96F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-06] (Adobe Systems Incorporated)
Task: {3AB368A3-87A1-4CE2-8646-5E1F38BA9066} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {422984D8-6E74-44EC-9288-F1AD2DAF0486} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-11-23] (globalUpdate) <==== ATTENTION
Task: {6368AB21-97F4-4BDC-AA96-602A90C7FF08} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {67C8A8D1-9662-4FE8-A19D-13CEF5A22FF8} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-10-17] (PC Drivers Headquarters)
Task: {6B1C516F-7506-4701-9753-363C91B76045} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5_user => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-5.exe <==== ATTENTION
Task: {6C0FB0D0-BEAE-45DC-9015-919D23B69C66} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {7D286873-B342-4257-B76A-771CA6AD7CC4} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-10-17] (PC Drivers Headquarters)
Task: {82CF8671-0559-4467-AB12-6AA04A2B7366} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-11-23] (AnyProtect.com) <==== ATTENTION
Task: {8B0865E0-009A-44FF-BF76-29054FAAE1D4} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-11-23] (AnyProtect.com) <==== ATTENTION
Task: {9816FAC7-E576-4F38-9A87-5A611323D59D} - System32\Tasks\Tempo Runner coz64host => C:\ProgramData\zoomify2\1.1.0.27\cozhost.exe [2014-11-10] (Zoomify Agent)
Task: {99CF03C7-333A-4179-A452-227579C02576} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {9C96AD14-335D-4F53-A686-D7D4F3A6F929} - System32\Tasks\WSE_Vosteran => C:\Users\Daddy\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe [2014-11-23] () <==== ATTENTION
Task: {A11B168D-E4AE-4FBD-9397-2041B487AB8A} - System32\Tasks\Funmoods => C:\Users\Yael\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {AD7861D0-9A5A-474E-ABDB-F780D0583FDC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1003Core => C:\Users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20] (Google Inc.)
Task: {B2617A12-4249-4966-AD0A-BAD11FB25D56} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002Core => C:\Users\Yael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05] (Google Inc.)
Task: {B562DE6A-51BD-442A-BDBF-4B9B017ECBF2} - System32\Tasks\9cb59dba-8284-4bfe-9ec7-b64f013044d6 => C:\Program Files (x86)\Savepass 3.0\9cb59dba-8284-4bfe-9ec7-b64f013044d6.exe <==== ATTENTION
Task: {BA35E852-174B-4ACB-8230-2CD713FA5133} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-2 => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-2.exe <==== ATTENTION
Task: {BD60DC31-998E-4C8E-B3ED-D301DBB8FDC2} - System32\Tasks\Opera scheduled Autoupdate 1412647504 => C:\Users\Shalom\AppData\Local\Programs\Opera\launcher.exe [2014-09-25] (Opera Software)
Task: {C641F037-5575-41E7-B0BB-00BCE3163C35} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-11-23] (AnyProtect.com) <==== ATTENTION
Task: {D1AA1649-1882-47D1-BCB1-55A182565AE2} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-11-23] (globalUpdate) <==== ATTENTION
Task: {D27C348A-A4F2-424D-9471-57DC44A6B561} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-1 => C:\Program Files (x86)\Savepass 3.0\Savepass 3.0-codedownloader.exe <==== ATTENTION
Task: {D56A13A7-0A7D-4F1A-81D0-694AACEEE584} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-7 => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-7.exe <==== ATTENTION
Task: {E0FC6E57-0FB6-4108-B63E-050180347C59} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-11-23] () <==== ATTENTION
Task: {EC091ED9-EE8E-4248-8D11-E097EC08C003} - System32\Tasks\DTReg => C:\Users\Daddy\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {FB1B7925-2108-442C-9449-7926650ECBA3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006UA => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-06] (Google Inc.)
Task: {FDCA8E1E-79C4-42C0-9FF5-7911D11BE7E4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002UA => C:\Users\Yael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05] (Google Inc.)
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-1.job => C:\Program Files (x86)\Savepass 3.0\Savepass 3.0-codedownloader.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-11.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-11.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-2.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-2.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-4.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-4.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-5.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5_user.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-5.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-6.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-6.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-7.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-7.exe <==== ATTENTION
Task: C:\windows\Tasks\9cb59dba-8284-4bfe-9ec7-b64f013044d6.job => C:\Program Files (x86)\Savepass 3.0\9cb59dba-8284-4bfe-9ec7-b64f013044d6.exe <==== ATTENTION
Task: C:\windows\Tasks\a6c7015d-3094-4303-a638-873c475371e3.job => C:\Program Files (x86)\Savepass 3.0\a6c7015d-3094-4303-a638-873c475371e3.exe <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\ver9BlockAndSurf\R0BlockAndSurfQ33.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001Core.job => C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1001UA.job => C:\Users\Daddy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002Core.job => C:\Users\Yael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1002UA.job => C:\Users\Yael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1003Core.job => C:\Users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1003UA.job => C:\Users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006Core.job => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4229975068-1931466670-3666739151-1006UA.job => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Tempo Runner coz32host.job => C:\ProgramData\zoomify2\1.1.0.27\coz32host.exe
Task: C:\windows\Tasks\Tempo Runner cozahost.job => C:\ProgramData\zoomify2\1.1.0.27\cozahost.exe
Task: C:\windows\Tasks\WSE_Vosteran.job => C:\Users\Daddy\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-08-20 21:44 - 2005-03-11 23:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2011-12-21 19:18 - 2011-03-15 23:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-11-23 17:29 - 2014-11-23 17:29 - 00089600 _____ () C:\Users\Daddy\AppData\Roaming\VOPackage\VOsrv.exe
2014-11-23 17:34 - 2014-12-19 09:06 - 00519408 _____ () C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe
2014-11-23 17:35 - 2014-12-18 19:27 - 00353008 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.PurBrowse64.exe
2014-11-23 15:21 - 2014-12-19 09:07 - 00519408 _____ () C:\Program Files (x86)\snipsmart\updatesnipsmart.exe
2014-10-17 09:35 - 2014-10-17 09:35 - 00313720 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Common.XmlSerializers.dll
2014-10-17 09:36 - 2014-10-17 09:36 - 00461192 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll
2014-10-17 09:35 - 2014-10-17 09:35 - 00067960 _____ () C:\Program Files (x86)\Driver Support\Driver Support\RuleEngine.XmlSerializers.dll
2014-11-23 17:40 - 2014-11-06 13:16 - 03976136 _____ () C:\Program Files (x86)\ospd_us_375\ospd_us_375.exe
2014-11-23 17:36 - 2014-12-18 21:37 - 00098544 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter.exe
2014-11-28 10:25 - 2014-12-17 16:43 - 01649904 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BOASHelper.exe
2014-11-28 10:24 - 2014-12-19 02:54 - 00101616 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.expext.exe
2014-11-28 10:25 - 2014-12-17 16:43 - 01786608 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BOASPRT.exe
2014-11-28 10:25 - 2014-12-17 16:43 - 01791216 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BOAS.exe
2014-12-18 23:06 - 2014-12-17 16:43 - 00161520 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BRT.Helper.exe
2014-11-23 17:36 - 2014-12-18 21:37 - 00114928 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter64.exe
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-11-28 10:24 - 2014-12-19 02:54 - 00082160 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.expextdll.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Mommy\Downloads\launch.ica:icasource

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4229975068-1931466670-3666739151-500 - Administrator - Disabled)
Atara (S-1-5-21-4229975068-1931466670-3666739151-1005 - Limited - Enabled) => C:\Users\Atara
Daddy (S-1-5-21-4229975068-1931466670-3666739151-1001 - Administrator - Enabled) => C:\Users\Daddy
Guest (S-1-5-21-4229975068-1931466670-3666739151-501 - Limited - Disabled)
Michal (S-1-5-21-4229975068-1931466670-3666739151-1006 - Limited - Enabled) => C:\Users\Michal
Mommy (S-1-5-21-4229975068-1931466670-3666739151-1003 - Limited - Enabled) => C:\Users\Mommy
Sara (S-1-5-21-4229975068-1931466670-3666739151-1007 - Limited - Enabled) => C:\Users\Sara
Shalom (S-1-5-21-4229975068-1931466670-3666739151-1004 - Limited - Enabled) => C:\Users\Shalom
Yael (S-1-5-21-4229975068-1931466670-3666739151-1002 - Limited - Enabled) => C:\Users\Yael

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/19/2014 09:37:57 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/19/2014 09:37:57 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/19/2014 09:06:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 11:24:17 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.

Error: (12/18/2014 11:24:17 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.

Error: (12/18/2014 11:04:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2014 10:28:44 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.

Error: (11/28/2014 10:28:44 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.

Error: (11/28/2014 10:22:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 09:08:50 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.


System errors:
=============
Error: (12/19/2014 09:21:56 AM) (Source: DCOM) (EventID: 10016) (User: themostawesome)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}themostawesomeMommyS-1-5-21-4229975068-1931466670-3666739151-1003LocalHost (Using LRPC)

Error: (12/19/2014 09:21:16 AM) (Source: DCOM) (EventID: 10016) (User: themostawesome)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}themostawesomeMommyS-1-5-21-4229975068-1931466670-3666739151-1003LocalHost (Using LRPC)

Error: (12/19/2014 09:11:14 AM) (Source: DCOM) (EventID: 10016) (User: themostawesome)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}themostawesomeMommyS-1-5-21-4229975068-1931466670-3666739151-1003LocalHost (Using LRPC)

Error: (12/19/2014 09:11:05 AM) (Source: DCOM) (EventID: 10016) (User: themostawesome)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}themostawesomeMommyS-1-5-21-4229975068-1931466670-3666739151-1003LocalHost (Using LRPC)

Error: (12/19/2014 09:08:26 AM) (Source: DCOM) (EventID: 10016) (User: themostawesome)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}themostawesomeMommyS-1-5-21-4229975068-1931466670-3666739151-1003LocalHost (Using LRPC)

Error: (12/19/2014 09:05:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Orbiter service terminated with the following error:
%%126

Error: (12/19/2014 09:05:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IHA_MessageCenter service failed to start due to the following error:
%%1053

Error: (12/19/2014 09:05:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the IHA_MessageCenter service to connect.

Error: (12/19/2014 09:05:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozwhost service failed to start due to the following error:
%%5

Error: (12/19/2014 09:05:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozhost service failed to start due to the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (12/19/2014 09:37:57 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/19/2014 09:37:57 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (12/19/2014 09:06:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 11:24:17 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/18/2014 11:24:17 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/18/2014 11:04:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2014 10:28:44 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/28/2014 10:28:44 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/28/2014 10:22:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 09:08:50 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
Date: 2013-06-30 13:42:13.733
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-30 13:42:13.729
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-30 13:42:13.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 00:35:21.896
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 00:35:21.894
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 00:35:21.892
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-31 20:48:51.023
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-31 20:48:51.020
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-31 20:48:51.018
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 38%
Total physical RAM: 5992.37 MB
Available physical RAM: 3693.73 MB
Total Pagefile: 11982.92 MB
Available Pagefile: 9320.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.34 GB) (Free:573.92 GB) NTFS
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:1397.26 GB) (Free:1330.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4079EF22)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 1397.3 GB) (Disk ID: E6A01404)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 19th, 2014, 11:01 am

Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Daddy at 2014-12-19 09:52:15
Running from C:\Users\Mommy\Desktop
Boot Mode: Normal

================== Search Registry: "Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;snipsmart" ===========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Trolltech]

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Trolltech]

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193]
"ProductName"="BabylonObjectInstaller"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}]
""="Babylon toolbar helper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}\InprocServer32]
""="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Daddy\AppData\Roaming\BabylonToolbar\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Daddy\AppData\Roaming\BabylonToolbar\FF\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA5BD2D3CA2D6943A1A233CD3F88CE7]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonChromeToolbar1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonChromeToolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD11FD45FC7B9E46A8F4B69F3A66E35]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonIEToolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF9BD2952384A9C49B4A5D3D95329890]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonFFToolbar1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193\InstallProperties]
"Publisher"="Babylon Ltd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb]
"path"="C:\Users\Daddy\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
""="Babylon toolbar helper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar]
"DisplayName"="Babylon toolbar on IE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar]
"DisplayIcon"=""C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarsrv.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}]
"Publisher"="Babylon Ltd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}]
""="Babylon toolbar helper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}\InprocServer32]
""="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll"

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Babylon]

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Babylon]
"BabylonToolbar1"="1"

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Babylon]
"BabylonChromeToolbar1"="1"

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Babylon]
"BabylonIEToolbar1"="1"

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Babylon]
"BabylonFFToolbar1"="1"


===================== Search result for "conduit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"045F27F206F16624596059B2126D46D0"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"


===================== Search result for "snipsmart" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32]
""="C:\Program Files (x86)\snipsmart\bin\{7db8d663-3d4c-4384-b607-22c1e314b57e}64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4086DF47-C0E9-4EA0-A7E4-FDD954B182A1}]
""="IsnipsmartBHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0C8E7DE5-D3F4-4FF0-BE7D-2547FF22A3BB}\1.0]
""="snipsmartIEClientLib"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0C8E7DE5-D3F4-4FF0-BE7D-2547FF22A3BB}\1.0\HELPDIR]
""="C:\Program Files (x86)\snipsmart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\HELPDIR]
""="C:\Program Files (x86)\snipsmart\bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32]
""="C:\Program Files (x86)\snipsmart\bin\{7db8d663-3d4c-4384-b607-22c1e314b57e}.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{68261aaa-dc9f-4c2b-a168-c323e304c3a2}\InprocServer32]
""="C:\Program Files (x86)\snipsmart\snipsmartbho.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4086DF47-C0E9-4EA0-A7E4-FDD954B182A1}]
""="IsnipsmartBHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0C8E7DE5-D3F4-4FF0-BE7D-2547FF22A3BB}\1.0]
""="snipsmartIEClientLib"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0C8E7DE5-D3F4-4FF0-BE7D-2547FF22A3BB}\1.0\HELPDIR]
""="C:\Program Files (x86)\snipsmart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\HELPDIR]
""="C:\Program Files (x86)\snipsmart\bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\snipsmart]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\snipsmart]
"UninstallString"="C:\Program Files (x86)\snipsmart\snipsmartuninstall.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\snipsmart]
"InstallLocation"="C:\Program Files (x86)\snipsmart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\snipsmart]
"Publisher"="snipsmart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\snipsmart]
"URLUpdateInfo"="http://snipsmart.info"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"snipsmart.BOAS.exe"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"snipsmart.BOAS.exe"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING]
"snipsmart.BOAS.exe"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"snipsmart.BOAS.exe"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION]
"snipsmart.BOAS.exe"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\snipsmart_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatesnipsmart_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilsnipsmart_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\snipsmart]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32]
""="C:\Program Files (x86)\snipsmart\bin\{7db8d663-3d4c-4384-b607-22c1e314b57e}.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{68261aaa-dc9f-4c2b-a168-c323e304c3a2}\InprocServer32]
""="C:\Program Files (x86)\snipsmart\snipsmartbho.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{4086DF47-C0E9-4EA0-A7E4-FDD954B182A1}]
""="IsnipsmartBHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0C8E7DE5-D3F4-4FF0-BE7D-2547FF22A3BB}\1.0]
""="snipsmartIEClientLib"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0C8E7DE5-D3F4-4FF0-BE7D-2547FF22A3BB}\1.0\HELPDIR]
""="C:\Program Files (x86)\snipsmart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\HELPDIR]
""="C:\Program Files (x86)\snipsmart\bin"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Update snipsmart]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc\Parameters\Internet\ManualProxies]
""="0file://C:\Program Files (x86)\snipsmart\bin\Pac9064.js"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6A44294F-8FC4-4C85-8E40-82C32421EF5C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\snipsmart\bin\snipsmart.BRT.Helper.exe|Name=snipsmart.BRT.Helper.exe|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Update snipsmart]
"ImagePath"=""C:\Program Files (x86)\snipsmart\updatesnipsmart.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Util snipsmart]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Util snipsmart]
"DisplayName"="Util snipsmart"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Update snipsmart]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C61E1BB8-C039-4913-90C2-1EDA84237B4A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\snipsmart\bin\snipsmart.BRT.Helper.exe|Name=snipsmart.BRT.Helper.exe|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Update snipsmart]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Update snipsmart]
"DisplayName"="Update snipsmart"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Util snipsmart]
"ImagePath"=""C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations"="\??\C:\Program Files (x86)\snipsmart\bin\tmp8E3B.tmp

\??\C:\windows\system32\spool\DRIVERS\x64\3\New\mxdwdrv.dll
\??\C:\windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
\??\C:\windows\system32\spool\DRIVERS\x64\3\New\unidrvui.dll
\??\C:\windows\system32\spool\DRIVERS\x64\3\unidrvui.dll
\??\C:\windows\system32\spool\DRIVERS\x64\3\New\sendtoonenote.gpd
\??\C:\windows\system32\spool\DRIVERS\x64\3\sendtoonenote.gpd
\??\C:\windows\system32\spool\DRIVERS\x64\3\New\unidrv.hlp
\??\C:\windows\system32\spool\DRIVERS\x64\3\unidrv.hlp
\??\C:\windows\system32\spool\DRIVERS\x64\3\New\stdnames.gpd
\??\C:\windows\system32\spool\DRIVERS\x64\3\stdnames.gpd
\??\C:\windows\system32\spool\DRIVERS\x64\3\New\stddtype.gdl
\??\C:\windows\system32\spool\DRIVERS\x64\3\stddtype.gdl
\??\C:\windows\system32\spool\DRIVERS\x64\3\New\stdschem.gdl
\??\C:\windows\system32\spool\DRIVERS\x64\3\stdschem.gdl
\??\C:\windows\system32\spool\DRIVERS\x64\3\New\stdschmx.gdl
\??\C:\windows\system32\spool\DRIVERS\x64\3\stdschmx.gdl
\??\C:\windows\system32\spool\DRIVERS\x64\3\New\unidrv.dll
\??\C:\windows\system32\spool\DRIVERS\x64\3\unidrv.dll
\??\C:\windows\system32\spool\DRIVERS\x64\3\New\unires.dll
\??\C:\windows\system32\spool\DRIVERS\x64\3\unires.dll
\??\C:\windows\system32\spool\DRIVERS\x64\3\New\XpsSvcs.dll
\??\C:\windows\system32\spool\DRIVERS\x64\3\XpsSvcs.dll
\??\C:\windows\system32\spool\DRIVERS\x64\3\New\SendToOneNoteFilter.dll
\??\C:\windows\system32\spool\DRIVERS\x64\3\SendToOneNoteFilter.dll
\??\C:\windows\system32\spool\DRIVERS\x64\3\New\SendToOneNoteFilter.gpd
\??\C:\windows\system32\spool\DRIVERS\x64\3\SendToOneNoteFilter.gpd
\??\C:\windows\system32\spool\DRIVERS\x64\3\New\SendToOneNoteNames.gpd
\??\C:\windows\system32\spool\DRIVERS\x64\3\SendToOneNoteNames.gpd
\??\C:\windows\system32\spool\DRIVERS\x64\3\New\SendToOneNote-PipelineConfig.xml
\??\C:\windows\system32\spool\DRIVERS\x64\3\SendToOneNote-PipelineConfig.xml
\??\C:\windows\system32\spool\DRIVERS\x64\3\New\SendToOneNoteUI.dll
\??\C:\windows\system32\spool\DRIVERS\x64\3\SendToOneNoteUI.dll
\??\C:\windows\system32\spool\DRIVERS\x64\3\New\SendToOneNote.ini
\??\C:\windows\system32\spool\DRIVERS\x64\3\SendToOneNote.ini"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Util snipsmart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C61E1BB8-C039-4913-90C2-1EDA84237B4A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\snipsmart\bin\snipsmart.BRT.Helper.exe|Name=snipsmart.BRT.Helper.exe|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Update snipsmart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Update snipsmart]
"DisplayName"="Update snipsmart"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Util snipsmart]
"ImagePath"=""C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe""

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\snipsmart]

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\AppDataLow\Software\snipsmart]

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1382c0bf_0]
""="{0.0.0.00000000}.{ac8da424-b853-4e50-b219-96acac38218b}|\Device\HarddiskVolume2\Program Files (x86)\snipsmart\bin\snipsmart.BOAS.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apisnipsmartinfo-a.akamaihd.net]

[HKEY_USERS\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"="file://C:\Program Files (x86)\snipsmart\bin\Pac9064.js"

====== End Of Search ======
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 19th, 2014, 11:01 am

Thank you very much,
Shalom
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby Gary R » December 19th, 2014, 1:31 pm

Congratulations, you have without doubt one of the most infected machines I've seen in quite some time.

It's going to take a while to remove all signs of infection from your computer, and we're going to have to scan and re-scan to make sure that we don't miss anything, so stick with it, and we should be able to get you clean.

OK, let's get started.

First ....

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

µTorrent
ALOT Appbar
AnyProtect
Babylon toolbar on IE
BabylonObjectInstaller
Better Brain 1.10.0.2
BlockAndSurf
ConvertAd
DealCabby
Easy Driver Pro
Remote Desktop Access
RocketTab
Savepass 3.0
Search Protect
snipsmart
StormWatch
Vosteran
WSE_Vosteran
Zoomify


Reboot your computer once they've all been uninstalled.

Please note ... if any of them won't uninstall, just leave it and continue with the rest of the instructions, we'll come back to it later.

Next ....

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ....

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (don't include Code: Select all)
Code: Select all
C:\Users\Daddy\AppData\Roaming\VOPackage
C:\Program Files (x86)\snipsmart
C:\Program Files (x86)\BetterBrain_1.10.0.2
C:\ProgramData\zoomify2
C:\Program Files (x86)\globalUpdate
C:/Program Files (x86)/ORBTR
C:\Windows\System32\drivers\bbnfd_1_10_0_2.sys
C:\Windows\System32\drivers\{34f74bed-9d31-4690-9930-3756a4e56d17}Gw64.sys [48784 2014-11-27] (StdLib)
C:\Windows\System32\drivers\{7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64.sys [48784 2014-12-18] (StdLib)
C:\Windows\System32\drivers\{e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64.sys [48784 2014-11-23] (StdLib)
HKLM-x32\...\Run: [ospd_us_375] => C:\Program Files (x86)\ospd_us_375\ospd_us_375.exe [3976136 2014-11-06] ()
HKLM-x32\...\Run: [ConvertAd] => C:\Users\Daddy\AppData\Local\ConvertAd\ConvertAd.exe [2140672 2014-11-23] ()
HKLM-x32\...\RunOnce: [Update] => C:\Users\Daddy\AppData\Roaming\VOPackage\VOPackage.exe [289336 2014-11-23] ( )
HKLM-x32\...\RunOnce: [upospd_us_375.exe] => C:\Users\Daddy\AppData\Local\ospd_us_375\upospd_us_375.exe [3306440 2014-11-06] ()
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - F:\LaunchU3.exe -a
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4229975068-1931466670-3666739151-1002\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AutoConfigURL: [S-1-5-21-4229975068-1931466670-3666739151-1003] => file://C :\Program Files (x86)\snipsmart\bin\Pac9064.js
ProxyEnable: [S-1-5-21-4229975068-1931466670-3666739151-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-4229975068-1931466670-3666739151-1001] => http=127.0.0.1:62855;https=127.0.0.1:62855
AutoConfigURL: [S-1-5-21-4229975068-1931466670-3666739151-1003] => file://C :\Program Files (x86)\snipsmart\bin\Pac9064.js
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT333161 ... 868F&SSPV=
URLSearchHook: HKU\S-1-5-21-4229975068-1931466670-3666739151-1003 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q= {searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q= {searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q= {searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q= {searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.trovi.com/Results.aspx?gd=&c ... FF9868F&q= {searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://Vosteran.com/results.php?f=4&q= {searchTerms}&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir=
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.trovi.com/Results.aspx?gd=&c ... FF9868F&q= {searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: BlockAndSurf -> {2EDBD663-9EDC-5512-DC0D-3053229038A5} -> C:\Program Files (x86)\ver9BlockAndSurf\183_x64.dll ()
BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} -> No File
BHO: BetterBrain -> {C2DF6D43-F814-4C32-B021-209A74BAACA5} -> C:\Program Files\BetterBrain_1.10.0.2\IE\BetterBrainClientIE.dll (Better Brain)
BHO-x32: BlockAndSurf -> {2EDBD663-9EDC-5512-DC0D-3053229038A5} -> C:\Program Files (x86)\ver9BlockAndSurf\183.dll ()
BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} -> No File
BHO-x32: ALOT Appbar Helper -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} -> C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro, Inc)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: BetterBrain -> {C2DF6D43-F814-4C32-B021-209A74BAACA5} -> C:\Program Files (x86)\BetterBrain_1.10.0.2\IE\BetterBrainClientIE.dll (Better Brain)
Toolbar: HKLM-x32 - ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll (Vertro, Inc)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Hosts:
FF HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Firefox\Extensions: [{7DB8D991-102A-F011-64C5-1BED39E7F0B6}] - C:\Program Files (x86)\ver9BlockAndSurf\183.xpi
FF Extension: BlockAndSurf - C:\Program Files (x86)\ver9BlockAndSurf\183.xpi [2014-11-23]
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_cmi_14_4 ... 361997&ir=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir="
CHR Extension: (snipsmart) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaccgfkbmhkegoljkoefhpifoaehnhjp [2014-11-23]
CHR Extension: (BucksBee RewardsBar) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajcmjjdlglpcfblcnjilhodiondejlm [2014-01-26]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Daddy\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-06-27]
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lajcmjjdlglpcfblcnjilhodiondejlm] - C:\Users\Daddy\AppData\Roaming\Bucksbee Loyalty Plugin 100815.b for Chrome\Toolbar_production_100815_12.crx [2012-05-21]
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
S4 AlotService; C:\Users\Daddy\AppData\LocalLow\alotservice\alotservice.exe [255880 2012-08-23] (Vertro Inc.)
R2 bbsvc_1.10.0.2; C:\Program Files (x86)\BetterBrain_1.10.0.2\Service\bbsvc.exe [277584 2014-10-30] (Better Brain)
S2 cozhost; C:\ProgramData\zoomify2\1.1.0.27\cozhost.exe [491504 2014-11-10] (Zoomify Agent)
S2 cozwhost; C:\ProgramData\zoomify2\1.1.0.27\cozwhost.exe [199152 2014-11-10] (Zoomify Agent)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-23] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-23] (globalUpdate) [File not signed]
R2 servervo; C:\Users\Daddy\AppData\Roaming\VOPackage\VOsrv.exe [89600 2014-11-23] () [File not signed]
R2 Update snipsmart; C:\Program Files (x86)\snipsmart\updatesnipsmart.exe [519408 2014-12-19] ()
R2 Util snipsmart; C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe [519408 2014-12-19] ()
S2 Orbiter; C:/Program Files (x86)/ORBTR/orbiter.dll [X]
R1 bbnfd_1_10_0_2; C:\Windows\System32\drivers\bbnfd_1_10_0_2.sys [58232 2014-10-30] (Better Brain)
R1 {34f74bed-9d31-4690-9930-3756a4e56d17}Gw64; C:\Windows\System32\drivers\{34f74bed-9d31-4690-9930-3756a4e56d17}Gw64.sys [48784 2014-11-27] (StdLib)
R1 {7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64; C:\Windows\System32\drivers\{7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64.sys [48784 2014-12-18] (StdLib)
R1 {e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64; C:\Windows\System32\drivers\{e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64.sys [48784 2014-11-23] (StdLib)
2014-12-18 23:05 - 2014-12-18 19:27 - 00048784 _____ (StdLib) C:\windows\system32\Drivers\{7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64.sys
2014-11-28 10:23 - 2014-11-27 19:51 - 00048784 _____ (StdLib) C:\windows\system32\Drivers\{34f74bed-9d31-4690-9930-3756a4e56d17}Gw64.sys
2014-11-24 20:18 - 2014-11-24 20:18 - 00000000 ____D () C:\Users\Mommy\AppData\Local\SearchProtect
2014-11-23 17:40 - 2014-12-19 09:40 - 00000292 _____ () C:\windows\Tasks\WSE_Vosteran.job
2014-11-23 17:40 - 2014-12-19 09:07 - 00000424 _____ () C:\windows\Tasks\BlockAndSurf Update.job
2014-11-23 17:40 - 2014-11-23 20:46 - 00000000 ____D () C:\Users\Daddy\AppData\Local\ospd_us_375
2014-11-23 17:40 - 2014-11-23 18:08 - 00001875 _____ () C:\windows\patsearch.bin
2014-11-23 17:40 - 2014-11-23 18:00 - 00000000 ____D () C:\Users\Daddy\AppData\Local\ConvertAd
2014-11-23 17:40 - 2014-11-23 17:40 - 00003244 _____ () C:\windows\System32\Tasks\WSE_Vosteran
2014-11-23 17:40 - 2014-11-23 17:40 - 00003072 _____ () C:\windows\System32\Tasks\BlockAndSurf Update
2014-11-23 17:40 - 2014-11-23 17:40 - 00002275 _____ () C:\Users\Daddy\Desktop\Vosteran.lnk
2014-11-23 17:40 - 2014-11-23 17:40 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstrT_01009.Wdf
2014-11-23 17:40 - 2014-11-23 17:40 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2014-11-23 17:40 - 2014-11-23 17:40 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Vosteran
2014-11-23 17:40 - 2014-11-23 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
2014-11-23 17:40 - 2014-11-23 17:40 - 00000000 ____D () C:\Program Files (x86)\ver9BlockAndSurf
2014-11-23 17:40 - 2014-11-23 17:40 - 00000000 ____D () C:\Program Files (x86)\ospd_us_375
2014-11-23 17:39 - 2014-11-23 17:40 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\WSE_Vosteran
2014-11-23 17:39 - 2014-11-23 17:40 - 00000000 ____D () C:\Program Files (x86)\WSE_Vosteran
2014-11-23 17:39 - 2014-11-23 17:39 - 00000000 ____D () C:\Program Files\BetterBrain_1.10.0.2
2014-11-23 17:39 - 2014-11-23 17:39 - 00000000 ____D () C:\Program Files (x86)\BetterBrain_1.10.0.2
2014-11-23 17:35 - 2014-11-23 17:35 - 106859936 _____ () C:\Users\Daddy\Downloads\Unconfirmed 828580.crdownload
2014-11-23 17:35 - 2014-11-23 03:25 - 00048784 _____ (StdLib) C:\windows\system32\Drivers\{e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64.sys
C:\ProgramData\flashax10.exe
Task: {0CF59D43-8EB3-4A71-937C-65EE6DB5F042} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-11 => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-11.exe <==== ATTENTION
Task: {23EF0288-1795-4513-96F2-4CE613B5C84D} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-4 => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-4.exe <==== ATTENTION
Task: {249B4500-0CA6-453E-BE43-4B6536A0CAFF} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5 => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-5.exe <==== ATTENTION
Task: {2546A71A-71DE-4711-A7CA-861CCBDF234A} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-6 => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-6.exe <==== ATTENTION
Task: {2A32A0C1-AE4C-4ECC-8A9F-A7A0BEAA6A87} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\ver9BlockAndSurf\R0BlockAndSurfQ33.exe [2014-11-23] () <==== ATTENTION
Task: {2E659AD9-FC16-479D-8550-B0C319D2E331} - System32\Tasks\a6c7015d-3094-4303-a638-873c475371e3 => C:\Program Files (x86)\Savepass 3.0\a6c7015d-3094-4303-a638-873c475371e3.exe [2014-11-23] () <==== ATTENTION
Task: {422984D8-6E74-44EC-9288-F1AD2DAF0486} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-11-23] (globalUpdate) <==== ATTENTION
Task: {6B1C516F-7506-4701-9753-363C91B76045} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5_user => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-5.exe <==== ATTENTION
Task: {6C0FB0D0-BEAE-45DC-9015-919D23B69C66} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {82CF8671-0559-4467-AB12-6AA04A2B7366} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-11-23] (AnyProtect.com) <==== ATTENTION
Task: {8B0865E0-009A-44FF-BF76-29054FAAE1D4} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-11-23] (AnyProtect.com) <==== ATTENTION
Task: {9816FAC7-E576-4F38-9A87-5A611323D59D} - System32\Tasks\Tempo Runner coz64host => C:\ProgramData\zoomify2\1.1.0.27\cozhost.exe [2014-11-10] (Zoomify Agent)
Task: {9C96AD14-335D-4F53-A686-D7D4F3A6F929} - System32\Tasks\WSE_Vosteran => C:\Users\Daddy\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe [2014-11-23] () <==== ATTENTION
Task: {A11B168D-E4AE-4FBD-9397-2041B487AB8A} - System32\Tasks\Funmoods => C:\Users\Yael\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {B562DE6A-51BD-442A-BDBF-4B9B017ECBF2} - System32\Tasks\9cb59dba-8284-4bfe-9ec7-b64f013044d6 => C:\Program Files (x86)\Savepass 3.0\9cb59dba-8284-4bfe-9ec7-b64f013044d6.exe <==== ATTENTION
Task: {BA35E852-174B-4ACB-8230-2CD713FA5133} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-2 => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-2.exe <==== ATTENTION
Task: {C641F037-5575-41E7-B0BB-00BCE3163C35} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-11-23] (AnyProtect.com) <==== ATTENTION
Task: {D1AA1649-1882-47D1-BCB1-55A182565AE2} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-11-23] (globalUpdate) <==== ATTENTION
Task: {D27C348A-A4F2-424D-9471-57DC44A6B561} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-1 => C:\Program Files (x86)\Savepass 3.0\Savepass 3.0-codedownloader.exe <==== ATTENTION
Task: {D56A13A7-0A7D-4F1A-81D0-694AACEEE584} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-7 => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-7.exe <==== ATTENTION
Task: {E0FC6E57-0FB6-4108-B63E-050180347C59} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-11-23] () <==== ATTENTION
Task: {EC091ED9-EE8E-4248-8D11-E097EC08C003} - System32\Tasks\DTReg => C:\Users\Daddy\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-11.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-11.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-2.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-2.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-4.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-4.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-5.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5_user.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-5.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-6.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-6.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-7.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-7.exe <==== ATTENTION
Task: C:\windows\Tasks\9cb59dba-8284-4bfe-9ec7-b64f013044d6.job => C:\Program Files (x86)\Savepass 3.0\9cb59dba-8284-4bfe-9ec7-b64f013044d6.exe <==== ATTENTION
Task: C:\windows\Tasks\a6c7015d-3094-4303-a638-873c475371e3.job => C:\Program Files (x86)\Savepass 3.0\a6c7015d-3094-4303-a638-873c475371e3.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\ver9BlockAndSurf\R0BlockAndSurfQ33.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\WSE_Vosteran.job => C:\Users\Daddy\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
2014-11-23 17:29 - 2014-11-23 17:29 - 00089600 _____ () C:\Users\Daddy\AppData\Roaming\VOPackage\VOsrv.exe
2014-11-23 17:34 - 2014-12-19 09:06 - 00519408 _____ () C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe
2014-11-23 17:35 - 2014-12-18 19:27 - 00353008 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.PurBrowse64.exe
2014-11-23 15:21 - 2014-12-19 09:07 - 00519408 _____ () C:\Program Files (x86)\snipsmart\updatesnipsmart.exe
2014-11-23 17:36 - 2014-12-18 21:37 - 00098544 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter.exe
2014-11-28 10:25 - 2014-12-17 16:43 - 01649904 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BOASHelper.exe
2014-11-28 10:24 - 2014-12-19 02:54 - 00101616 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.expext.exe
2014-11-28 10:25 - 2014-12-17 16:43 - 01786608 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BOASPRT.exe
2014-11-28 10:25 - 2014-12-17 16:43 - 01791216 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BOAS.exe
2014-12-18 23:06 - 2014-12-17 16:43 - 00161520 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BRT.Helper.exe
2014-11-23 17:36 - 2014-12-18 21:37 - 00114928 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter64.exe
2014-11-28 10:24 - 2014-12-19 02:54 - 00082160 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.expextdll.dll
AlternateDataStreams: C:\Users\Mommy\Downloads\launch.ica:icasource
Hosts:
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • Fixlog.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.

There will be more scans to run, and more stuff to remove, but I want to see how this first stage goes first.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 19th, 2014, 3:26 pm

# AdwCleaner v4.105 - Report created 19/12/2014 at 13:30:13
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Daddy - THEMOSTAWESOME
# Running from : C:\Users\Mommy\Desktop\adwcleaner_4.105.exe
# Option : Scan

***** [ Services ] *****

Service Found : globalUpdate
Service Found : globalUpdatem
Service Found : Orbiter
Service Found : YahooAUService
Service Found : bbnfd_1_10_0_2
Service Found : c2cautoupdatesvc
Service Found : c2cpnrsvc
Service Found : {34f74bed-9d31-4690-9930-3756a4e56d17}Gw64
Service Found : {7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64
Service Found : {e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64

***** [ Files / Folders ] *****

File Found : \alotserviceruntime.log
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Daddy\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Daddy\Desktop\Continue Live Installation.lnk
File Found : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage-journal
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\windows\System32\drivers\{34f74bed-9d31-4690-9930-3756a4e56d17}Gw64.sys
File Found : C:\windows\System32\drivers\{7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64.sys
File Found : C:\windows\System32\drivers\{e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64.sys
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Driver Support
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\ORBTR
Folder Found : C:\Program Files (x86)\Probit Software
Folder Found : C:\Program Files (x86)\Search Extensions
Folder Found : C:\Program Files (x86)\w3i
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Driver Support
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\w3i
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\ProgramData\zoomify2
Folder Found : C:\Users\Daddy\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Daddy\AppData\Local\globalUpdate
Folder Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Found : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Daddy\AppData\Local\StormWatch
Folder Found : C:\Users\Daddy\AppData\Local\Temp\mt_ffx
Folder Found : C:\Users\Daddy\AppData\Local\Temp\snipsmart
Folder Found : C:\Users\Daddy\AppData\Local\Vosteran
Folder Found : C:\Users\Daddy\AppData\Local\Weather_Protector_LLC
Folder Found : C:\Users\Daddy\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Daddy\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Daddy\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Daddy\AppData\LocalLow\zoomify
Folder Found : C:\Users\Daddy\AppData\Roaming\AnyProtectEx
Folder Found : C:\Users\Daddy\AppData\Roaming\Babylon
Folder Found : C:\Users\Daddy\AppData\Roaming\defaulttab
Folder Found : C:\Users\Daddy\AppData\Roaming\WSE_Vosteran
Folder Found : C:\Users\Daddy\Documents\Probit Software
Folder Found : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbdamgnimlipjnpgiakiojcbbmcmiibn
Folder Found : C:\Users\Michal\AppData\LocalLow\alotappbar
Folder Found : C:\Users\Michal\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Mommy\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Folder Found : C:\Users\Mommy\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Sara\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Yael\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbdamgnimlipjnpgiakiojcbbmcmiibn
Folder Found : C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Yael\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Yael\AppData\Roaming\Funmoods

***** [ Scheduled Tasks ] *****

Task Found : APSnotifierPP1
Task Found : APSnotifierPP2
Task Found : APSnotifierPP3
Task Found : Driver Support-RTMRules
Task Found : Driver Support-RTMScan
Task Found : Driver Support-RTMUpdater
Task Found : DTReg
Task Found : Funmoods
Task Found : globalUpdateUpdateTaskMachineCore
Task Found : globalUpdateUpdateTaskMachineUA

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\Savepass 3.0
Key Found : HKCU\Software\AppDataLow\Software\zoomify
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\timesheraldonline.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.timesheraldonline.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\StormWatch
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran
Key Found : HKCU\Software\StormWatch
Key Found : HKCU\Software\StormWatchApp
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\Vosteran
Key Found : HKCU\Software\Vosteran Browser
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\DefaultTab
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Microsoft\Babylon
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Key Found : [x64] HKCU\Software\StormWatch
Key Found : [x64] HKCU\Software\StormWatchApp
Key Found : [x64] HKCU\Software\Tutorials
Key Found : [x64] HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\Vosteran
Key Found : [x64] HKCU\Software\Vosteran Browser
Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\BetterBrain_1.10.0.2
Key Found : HKLM\SOFTWARE\Classes\AppID\{011166B1-9A69-4174-93D5-F7D3324553FE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655615561}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666616661}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Found : HKLM\SOFTWARE\Default Tab
Key Found : HKLM\SOFTWARE\DefaultTab
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mbdamgnimlipjnpgiakiojcbbmcmiibn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5dfd64a7-81dd-45a9-9874-1fe13b7f4d56}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : HKLM\SOFTWARE\ORBTR
Key Found : HKLM\SOFTWARE\SimplyGen
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\zoomify
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655615561}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666616661}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT333161 ... 868F&SSPV=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.funmoods.com/?f=2&a=adknlg ... =996414931

-\\ Google Chrome v

[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=NT_ss&s=web&rlz=0&as=3&ac=0%2C66
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=NT_ss&s=web&rlz=0&as=3&ac=0%2C66
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.nydailynews.com/search-resul ... s-7.113?q={searchTerms}&nydn-search-url=site&nydn-search-submit=Search
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir=
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir=
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&search=&qsrc=0&o=0&l=dir
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : hphibigbodkkohoglgfkddblldpfohjl
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : kincjchfokkeneeofpeefomkikfkiedl
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : mbdamgnimlipjnpgiakiojcbbmcmiibn
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : geggofhlfbcmanadhknllmlajiafopoh
[C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://kosheronabudget.com/search-resul ... -8859-1&q={searchTerms}&sa=Search
[C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
[C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_ ... osn=-1&v1={searchTerms}&search_submit=
[C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : mbdamgnimlipjnpgiakiojcbbmcmiibn
[C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [39509 octets] - [19/12/2014 09:35:58]
AdwCleaner[R1].txt - [28405 octets] - [19/12/2014 13:30:13]

########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [28466 octets] ##########
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 19th, 2014, 3:27 pm

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
Ran by Mommy at 2014-12-19 13:42:07 Run:1
Running from C:\Users\Mommy\Desktop
Loaded Profile: Mommy (Available profiles: Daddy & Yael & Mommy & Shalom & Atara & Michal & Sara)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Daddy\AppData\Roaming\VOPackage
C:\Program Files (x86)\snipsmart
C:\Program Files (x86)\BetterBrain_1.10.0.2
C:\ProgramData\zoomify2
C:\Program Files (x86)\globalUpdate
C:/Program Files (x86)/ORBTR
C:\Windows\System32\drivers\bbnfd_1_10_0_2.sys
C:\Windows\System32\drivers\{34f74bed-9d31-4690-9930-3756a4e56d17}Gw64.sys [48784 2014-11-27] (StdLib)
C:\Windows\System32\drivers\{7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64.sys [48784 2014-12-18] (StdLib)
C:\Windows\System32\drivers\{e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64.sys [48784 2014-11-23] (StdLib)
HKLM-x32\...\Run: [ospd_us_375] => C:\Program Files (x86)\ospd_us_375\ospd_us_375.exe [3976136 2014-11-06] ()
HKLM-x32\...\Run: [ConvertAd] => C:\Users\Daddy\AppData\Local\ConvertAd\ConvertAd.exe [2140672 2014-11-23] ()
HKLM-x32\...\RunOnce: [Update] => C:\Users\Daddy\AppData\Roaming\VOPackage\VOPackage.exe [289336 2014-11-23] ( )
HKLM-x32\...\RunOnce: [upospd_us_375.exe] => C:\Users\Daddy\AppData\Local\ospd_us_375\upospd_us_375.exe [3306440 2014-11-06] ()
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\MountPoints2: {4eef8173-e036-11e1-8a92-c89cdcb53833} - F:\LaunchU3.exe -a
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4229975068-1931466670-3666739151-1002\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AutoConfigURL: [S-1-5-21-4229975068-1931466670-3666739151-1003] => file://C :\Program Files (x86)\snipsmart\bin\Pac9064.js
ProxyEnable: [S-1-5-21-4229975068-1931466670-3666739151-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-4229975068-1931466670-3666739151-1001] => http=127.0.0.1:62855;https=127.0.0.1:62855
AutoConfigURL: [S-1-5-21-4229975068-1931466670-3666739151-1003] => file://C :\Program Files (x86)\snipsmart\bin\Pac9064.js
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT333161 ... 868F&SSPV=
URLSearchHook: HKU\S-1-5-21-4229975068-1931466670-3666739151-1003 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q= {searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q= {searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q= {searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q= {searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.trovi.com/Results.aspx?gd=&c ... FF9868F&q= {searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://Vosteran.com/results.php?f=4&q= {searchTerms}&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir=
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.trovi.com/Results.aspx?gd=&c ... FF9868F&q= {searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4229975068-1931466670-3666739151-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: BlockAndSurf -> {2EDBD663-9EDC-5512-DC0D-3053229038A5} -> C:\Program Files (x86)\ver9BlockAndSurf\183_x64.dll ()
BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} -> No File
BHO: BetterBrain -> {C2DF6D43-F814-4C32-B021-209A74BAACA5} -> C:\Program Files\BetterBrain_1.10.0.2\IE\BetterBrainClientIE.dll (Better Brain)
BHO-x32: BlockAndSurf -> {2EDBD663-9EDC-5512-DC0D-3053229038A5} -> C:\Program Files (x86)\ver9BlockAndSurf\183.dll ()
BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} -> No File
BHO-x32: ALOT Appbar Helper -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} -> C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro, Inc)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: BetterBrain -> {C2DF6D43-F814-4C32-B021-209A74BAACA5} -> C:\Program Files (x86)\BetterBrain_1.10.0.2\IE\BetterBrainClientIE.dll (Better Brain)
Toolbar: HKLM-x32 - ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll (Vertro, Inc)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKU\S-1-5-21-4229975068-1931466670-3666739151-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Hosts:
FF HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Firefox\Extensions: [{7DB8D991-102A-F011-64C5-1BED39E7F0B6}] - C:\Program Files (x86)\ver9BlockAndSurf\183.xpi
FF Extension: BlockAndSurf - C:\Program Files (x86)\ver9BlockAndSurf\183.xpi [2014-11-23]
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_cmi_14_4 ... 361997&ir=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir="
CHR Extension: (snipsmart) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaccgfkbmhkegoljkoefhpifoaehnhjp [2014-11-23]
CHR Extension: (BucksBee RewardsBar) - C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajcmjjdlglpcfblcnjilhodiondejlm [2014-01-26]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Daddy\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-06-27]
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lajcmjjdlglpcfblcnjilhodiondejlm] - C:\Users\Daddy\AppData\Roaming\Bucksbee Loyalty Plugin 100815.b for Chrome\Toolbar_production_100815_12.crx [2012-05-21]
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
S4 AlotService; C:\Users\Daddy\AppData\LocalLow\alotservice\alotservice.exe [255880 2012-08-23] (Vertro Inc.)
R2 bbsvc_1.10.0.2; C:\Program Files (x86)\BetterBrain_1.10.0.2\Service\bbsvc.exe [277584 2014-10-30] (Better Brain)
S2 cozhost; C:\ProgramData\zoomify2\1.1.0.27\cozhost.exe [491504 2014-11-10] (Zoomify Agent)
S2 cozwhost; C:\ProgramData\zoomify2\1.1.0.27\cozwhost.exe [199152 2014-11-10] (Zoomify Agent)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-23] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-23] (globalUpdate) [File not signed]
R2 servervo; C:\Users\Daddy\AppData\Roaming\VOPackage\VOsrv.exe [89600 2014-11-23] () [File not signed]
R2 Update snipsmart; C:\Program Files (x86)\snipsmart\updatesnipsmart.exe [519408 2014-12-19] ()
R2 Util snipsmart; C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe [519408 2014-12-19] ()
S2 Orbiter; C:/Program Files (x86)/ORBTR/orbiter.dll [X]
R1 bbnfd_1_10_0_2; C:\Windows\System32\drivers\bbnfd_1_10_0_2.sys [58232 2014-10-30] (Better Brain)
R1 {34f74bed-9d31-4690-9930-3756a4e56d17}Gw64; C:\Windows\System32\drivers\{34f74bed-9d31-4690-9930-3756a4e56d17}Gw64.sys [48784 2014-11-27] (StdLib)
R1 {7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64; C:\Windows\System32\drivers\{7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64.sys [48784 2014-12-18] (StdLib)
R1 {e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64; C:\Windows\System32\drivers\{e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64.sys [48784 2014-11-23] (StdLib)
2014-12-18 23:05 - 2014-12-18 19:27 - 00048784 _____ (StdLib) C:\windows\system32\Drivers\{7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64.sys
2014-11-28 10:23 - 2014-11-27 19:51 - 00048784 _____ (StdLib) C:\windows\system32\Drivers\{34f74bed-9d31-4690-9930-3756a4e56d17}Gw64.sys
2014-11-24 20:18 - 2014-11-24 20:18 - 00000000 ____D () C:\Users\Mommy\AppData\Local\SearchProtect
2014-11-23 17:40 - 2014-12-19 09:40 - 00000292 _____ () C:\windows\Tasks\WSE_Vosteran.job
2014-11-23 17:40 - 2014-12-19 09:07 - 00000424 _____ () C:\windows\Tasks\BlockAndSurf Update.job
2014-11-23 17:40 - 2014-11-23 20:46 - 00000000 ____D () C:\Users\Daddy\AppData\Local\ospd_us_375
2014-11-23 17:40 - 2014-11-23 18:08 - 00001875 _____ () C:\windows\patsearch.bin
2014-11-23 17:40 - 2014-11-23 18:00 - 00000000 ____D () C:\Users\Daddy\AppData\Local\ConvertAd
2014-11-23 17:40 - 2014-11-23 17:40 - 00003244 _____ () C:\windows\System32\Tasks\WSE_Vosteran
2014-11-23 17:40 - 2014-11-23 17:40 - 00003072 _____ () C:\windows\System32\Tasks\BlockAndSurf Update
2014-11-23 17:40 - 2014-11-23 17:40 - 00002275 _____ () C:\Users\Daddy\Desktop\Vosteran.lnk
2014-11-23 17:40 - 2014-11-23 17:40 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstrT_01009.Wdf
2014-11-23 17:40 - 2014-11-23 17:40 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2014-11-23 17:40 - 2014-11-23 17:40 - 00000000 ____D () C:\Users\Daddy\AppData\Local\Vosteran
2014-11-23 17:40 - 2014-11-23 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
2014-11-23 17:40 - 2014-11-23 17:40 - 00000000 ____D () C:\Program Files (x86)\ver9BlockAndSurf
2014-11-23 17:40 - 2014-11-23 17:40 - 00000000 ____D () C:\Program Files (x86)\ospd_us_375
2014-11-23 17:39 - 2014-11-23 17:40 - 00000000 ____D () C:\Users\Daddy\AppData\Roaming\WSE_Vosteran
2014-11-23 17:39 - 2014-11-23 17:40 - 00000000 ____D () C:\Program Files (x86)\WSE_Vosteran
2014-11-23 17:39 - 2014-11-23 17:39 - 00000000 ____D () C:\Program Files\BetterBrain_1.10.0.2
2014-11-23 17:39 - 2014-11-23 17:39 - 00000000 ____D () C:\Program Files (x86)\BetterBrain_1.10.0.2
2014-11-23 17:35 - 2014-11-23 17:35 - 106859936 _____ () C:\Users\Daddy\Downloads\Unconfirmed 828580.crdownload
2014-11-23 17:35 - 2014-11-23 03:25 - 00048784 _____ (StdLib) C:\windows\system32\Drivers\{e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64.sys
C:\ProgramData\flashax10.exe
Task: {0CF59D43-8EB3-4A71-937C-65EE6DB5F042} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-11 => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-11.exe <==== ATTENTION
Task: {23EF0288-1795-4513-96F2-4CE613B5C84D} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-4 => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-4.exe <==== ATTENTION
Task: {249B4500-0CA6-453E-BE43-4B6536A0CAFF} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5 => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-5.exe <==== ATTENTION
Task: {2546A71A-71DE-4711-A7CA-861CCBDF234A} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-6 => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-6.exe <==== ATTENTION
Task: {2A32A0C1-AE4C-4ECC-8A9F-A7A0BEAA6A87} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\ver9BlockAndSurf\R0BlockAndSurfQ33.exe [2014-11-23] () <==== ATTENTION
Task: {2E659AD9-FC16-479D-8550-B0C319D2E331} - System32\Tasks\a6c7015d-3094-4303-a638-873c475371e3 => C:\Program Files (x86)\Savepass 3.0\a6c7015d-3094-4303-a638-873c475371e3.exe [2014-11-23] () <==== ATTENTION
Task: {422984D8-6E74-44EC-9288-F1AD2DAF0486} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-11-23] (globalUpdate) <==== ATTENTION
Task: {6B1C516F-7506-4701-9753-363C91B76045} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5_user => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-5.exe <==== ATTENTION
Task: {6C0FB0D0-BEAE-45DC-9015-919D23B69C66} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {82CF8671-0559-4467-AB12-6AA04A2B7366} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-11-23] (AnyProtect.com) <==== ATTENTION
Task: {8B0865E0-009A-44FF-BF76-29054FAAE1D4} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-11-23] (AnyProtect.com) <==== ATTENTION
Task: {9816FAC7-E576-4F38-9A87-5A611323D59D} - System32\Tasks\Tempo Runner coz64host => C:\ProgramData\zoomify2\1.1.0.27\cozhost.exe [2014-11-10] (Zoomify Agent)
Task: {9C96AD14-335D-4F53-A686-D7D4F3A6F929} - System32\Tasks\WSE_Vosteran => C:\Users\Daddy\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe [2014-11-23] () <==== ATTENTION
Task: {A11B168D-E4AE-4FBD-9397-2041B487AB8A} - System32\Tasks\Funmoods => C:\Users\Yael\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {B562DE6A-51BD-442A-BDBF-4B9B017ECBF2} - System32\Tasks\9cb59dba-8284-4bfe-9ec7-b64f013044d6 => C:\Program Files (x86)\Savepass 3.0\9cb59dba-8284-4bfe-9ec7-b64f013044d6.exe <==== ATTENTION
Task: {BA35E852-174B-4ACB-8230-2CD713FA5133} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-2 => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-2.exe <==== ATTENTION
Task: {C641F037-5575-41E7-B0BB-00BCE3163C35} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-11-23] (AnyProtect.com) <==== ATTENTION
Task: {D1AA1649-1882-47D1-BCB1-55A182565AE2} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-11-23] (globalUpdate) <==== ATTENTION
Task: {D27C348A-A4F2-424D-9471-57DC44A6B561} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-1 => C:\Program Files (x86)\Savepass 3.0\Savepass 3.0-codedownloader.exe <==== ATTENTION
Task: {D56A13A7-0A7D-4F1A-81D0-694AACEEE584} - System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-7 => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-7.exe <==== ATTENTION
Task: {E0FC6E57-0FB6-4108-B63E-050180347C59} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-11-23] () <==== ATTENTION
Task: {EC091ED9-EE8E-4248-8D11-E097EC08C003} - System32\Tasks\DTReg => C:\Users\Daddy\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-11.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-11.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-2.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-2.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-4.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-4.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-5.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5_user.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-5.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-6.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-6.exe <==== ATTENTION
Task: C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-7.job => C:\Program Files (x86)\Savepass 3.0\2b25e704-375b-4ded-aacf-2ca34ab66425-7.exe <==== ATTENTION
Task: C:\windows\Tasks\9cb59dba-8284-4bfe-9ec7-b64f013044d6.job => C:\Program Files (x86)\Savepass 3.0\9cb59dba-8284-4bfe-9ec7-b64f013044d6.exe <==== ATTENTION
Task: C:\windows\Tasks\a6c7015d-3094-4303-a638-873c475371e3.job => C:\Program Files (x86)\Savepass 3.0\a6c7015d-3094-4303-a638-873c475371e3.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\ver9BlockAndSurf\R0BlockAndSurfQ33.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\WSE_Vosteran.job => C:\Users\Daddy\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
2014-11-23 17:29 - 2014-11-23 17:29 - 00089600 _____ () C:\Users\Daddy\AppData\Roaming\VOPackage\VOsrv.exe
2014-11-23 17:34 - 2014-12-19 09:06 - 00519408 _____ () C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe
2014-11-23 17:35 - 2014-12-18 19:27 - 00353008 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.PurBrowse64.exe
2014-11-23 15:21 - 2014-12-19 09:07 - 00519408 _____ () C:\Program Files (x86)\snipsmart\updatesnipsmart.exe
2014-11-23 17:36 - 2014-12-18 21:37 - 00098544 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter.exe
2014-11-28 10:25 - 2014-12-17 16:43 - 01649904 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BOASHelper.exe
2014-11-28 10:24 - 2014-12-19 02:54 - 00101616 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.expext.exe
2014-11-28 10:25 - 2014-12-17 16:43 - 01786608 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BOASPRT.exe
2014-11-28 10:25 - 2014-12-17 16:43 - 01791216 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BOAS.exe
2014-12-18 23:06 - 2014-12-17 16:43 - 00161520 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BRT.Helper.exe
2014-11-23 17:36 - 2014-12-18 21:37 - 00114928 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter64.exe
2014-11-28 10:24 - 2014-12-19 02:54 - 00082160 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.expextdll.dll
AlternateDataStreams: C:\Users\Mommy\Downloads\launch.ica:icasource
Hosts:
EmptyTemp:
*****************

"C:\Users\Daddy\AppData\Roaming\VOPackage" => File/Directory not found.
"C:\Program Files (x86)\snipsmart" => File/Directory not found.
"C:\Program Files (x86)\BetterBrain_1.10.0.2" => File/Directory not found.
"C:\ProgramData\zoomify2" => File/Directory not found.
"C:\Program Files (x86)\globalUpdate" => File/Directory not found.
C:/Program Files (x86)/ORBTR => Error: No automatic fix found for this entry.
"C:\Windows\System32\drivers\bbnfd_1_10_0_2.sys" => File/Directory not found.
"C:\Windows\System32\drivers\{34f74bed-9d31-4690-9930-3756a4e56d17}Gw64.sys [48784 2014-11-27] (StdLib)" => File/Directory not found.
"C:\Windows\System32\drivers\{7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64.sys [48784 2014-12-18] (StdLib)" => File/Directory not found.
"C:\Windows\System32\drivers\{e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64.sys [48784 2014-11-23] (StdLib)" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_375 => Value could not be deleted.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ConvertAd => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Update => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upospd_us_375.exe => Value could not be deleted.
"HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eef8173-e036-11e1-8a92-c89cdcb53833}" => Key not found.
"HKCR\CLSID\{4eef8173-e036-11e1-8a92-c89cdcb53833}" => Key not found.

"C:\windows\system32\GroupPolicy\Machine" directory move:

Could not move "C:\windows\system32\GroupPolicy\Machine\Registry.pol" => Scheduled to move on reboot.
Could not move "C:\windows\system32\GroupPolicy\Machine" directory. => Scheduled to move on reboot.

Could not move "C:\windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
"C:\windows\system32\GroupPolicyUsers\S-1-5-21-4229975068-1931466670-3666739151-1002\User" => File/Directory not found.
Could not move "C:\windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Policies\Google" => Error deleting key. The key could be protected.
HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => Value not found.
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => Value not found.
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Error deleting key. The key could be protected.
"HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => Value could not be deleted.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key not found.
"HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key not found.
"HKU\S-1-5-21-4229975068-1931466670-3666739151-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EDBD663-9EDC-5512-DC0D-3053229038A5}" => Key not found.
"HKCR\CLSID\{2EDBD663-9EDC-5512-DC0D-3053229038A5}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72351B45-9636-4F99-820B-7C552D27897D}}" => Error deleting key. The key could be protected.
"HKCR\CLSID\{72351B45-9636-4F99-820B-7C552D27897D}}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2DF6D43-F814-4C32-B021-209A74BAACA5}" => Key not found.
"HKCR\CLSID\{C2DF6D43-F814-4C32-B021-209A74BAACA5}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EDBD663-9EDC-5512-DC0D-3053229038A5}" => Key not found.
"HKCR\Wow6432Node\CLSID\{2EDBD663-9EDC-5512-DC0D-3053229038A5}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}" => Key not found.
"HKCR\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72351B45-9636-4F99-820B-7C552D27897D}}" => Error deleting key. The key could be protected.
"HKCR\Wow6432Node\CLSID\{72351B45-9636-4F99-820B-7C552D27897D}}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}" => Key not found.
"HKCR\Wow6432Node\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2DF6D43-F814-4C32-B021-209A74BAACA5}" => Key not found.
"HKCR\Wow6432Node\CLSID\{C2DF6D43-F814-4C32-B021-209A74BAACA5}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A531D99C-5A22-449b-83DA-872725C6D0ED} => Value not found.
"HKCR\Wow6432Node\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\Software\Mozilla\Firefox\Extensions\\{7DB8D991-102A-F011-64C5-1BED39E7F0B6} => Value not found.
C:\Program Files (x86)\ver9BlockAndSurf\183.xpi not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaccgfkbmhkegoljkoefhpifoaehnhjp directory not found.
C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajcmjjdlglpcfblcnjilhodiondejlm directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key not found.
"HKU\S-1-5-21-4229975068-1931466670-3666739151-1001\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb" => Key not found.
"C:\Users\Daddy\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lajcmjjdlglpcfblcnjilhodiondejlm" => Error deleting key. The key could be protected.
"C:\Users\Daddy\AppData\Roaming\Bucksbee Loyalty Plugin 100815.b for Chrome\Toolbar_production_100815_12.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key not found.
AlotService => Service not found.
bbsvc_1.10.0.2 => Service not found.
cozhost => Error deleting Service
cozwhost => Error deleting Service
globalUpdate => Service not found.
globalUpdatem => Service not found.
servervo => Service not found.
Update snipsmart => Service not found.
Util snipsmart => Service not found.
Orbiter => Service not found.
bbnfd_1_10_0_2 => Service not found.
{34f74bed-9d31-4690-9930-3756a4e56d17}Gw64 => Service not found.
{7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64 => Service not found.
{e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64 => Service not found.
"C:\windows\system32\Drivers\{7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64.sys" => File/Directory not found.
"C:\windows\system32\Drivers\{34f74bed-9d31-4690-9930-3756a4e56d17}Gw64.sys" => File/Directory not found.
"C:\Users\Mommy\AppData\Local\SearchProtect" => File/Directory not found.
"C:\windows\Tasks\WSE_Vosteran.job" => File/Directory not found.
"C:\windows\Tasks\BlockAndSurf Update.job" => File/Directory not found.
"C:\Users\Daddy\AppData\Local\ospd_us_375" => File/Directory not found.
Could not move "C:\windows\patsearch.bin" => Scheduled to move on reboot.
"C:\Users\Daddy\AppData\Local\ConvertAd" => File/Directory not found.
"C:\windows\System32\Tasks\WSE_Vosteran" => File/Directory not found.
"C:\windows\System32\Tasks\BlockAndSurf Update" => File/Directory not found.
"C:\Users\Daddy\Desktop\Vosteran.lnk" => File/Directory not found.
Could not move "C:\windows\system32\Drivers\Msft_Kernel_webinstrT_01009.Wdf" => Scheduled to move on reboot.
"C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran" => File/Directory not found.
"C:\Users\Daddy\AppData\Local\Vosteran" => File/Directory not found.

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY" directory move:

Could not move "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY\Onesoftperday.lnk" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY" directory. => Scheduled to move on reboot.

"C:\Program Files (x86)\ver9BlockAndSurf" => File/Directory not found.

"C:\Program Files (x86)\ospd_us_375" directory move:

Could not move "C:\Program Files (x86)\ospd_us_375\onesoftperday_widget.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\ospd_us_375\ospd_us_375.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\ospd_us_375\predm.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\ospd_us_375\qwert.txt" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\ospd_us_375\qwert10.txt" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\ospd_us_375\qwert4.txt" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\ospd_us_375\qwert5.txt" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\ospd_us_375\qwert6.txt" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\ospd_us_375\qwert9.txt" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\ospd_us_375\unins000.dat" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\ospd_us_375\unins000.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\ospd_us_375\unins000.msg" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\ospd_us_375" directory. => Scheduled to move on reboot.

"C:\Users\Daddy\AppData\Roaming\WSE_Vosteran" => File/Directory not found.
"C:\Program Files (x86)\WSE_Vosteran" => File/Directory not found.
"C:\Program Files\BetterBrain_1.10.0.2" => File/Directory not found.
"C:\Program Files (x86)\BetterBrain_1.10.0.2" => File/Directory not found.
"C:\Users\Daddy\Downloads\Unconfirmed 828580.crdownload" => File/Directory not found.
"C:\windows\system32\Drivers\{e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64.sys" => File/Directory not found.
Could not move "C:\ProgramData\flashax10.exe" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CF59D43-8EB3-4A71-937C-65EE6DB5F042}" => Key not found.
C:\Windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-11 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2b25e704-375b-4ded-aacf-2ca34ab66425-11" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23EF0288-1795-4513-96F2-4CE613B5C84D}" => Key not found.
C:\Windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-4 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2b25e704-375b-4ded-aacf-2ca34ab66425-4" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{249B4500-0CA6-453E-BE43-4B6536A0CAFF}" => Key not found.
C:\Windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2b25e704-375b-4ded-aacf-2ca34ab66425-5" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2546A71A-71DE-4711-A7CA-861CCBDF234A}" => Key not found.
C:\Windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-6 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2b25e704-375b-4ded-aacf-2ca34ab66425-6" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A32A0C1-AE4C-4ECC-8A9F-A7A0BEAA6A87}" => Key not found.
C:\Windows\System32\Tasks\BlockAndSurf Update not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BlockAndSurf Update" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E659AD9-FC16-479D-8550-B0C319D2E331}" => Key not found.
C:\Windows\System32\Tasks\a6c7015d-3094-4303-a638-873c475371e3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a6c7015d-3094-4303-a638-873c475371e3" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{422984D8-6E74-44EC-9288-F1AD2DAF0486}" => Key not found.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B1C516F-7506-4701-9753-363C91B76045}" => Key not found.
C:\Windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5_user not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2b25e704-375b-4ded-aacf-2ca34ab66425-5_user" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C0FB0D0-BEAE-45DC-9015-919D23B69C66}" => Key not found.
C:\Windows\System32\Tasks\RocketTab not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82CF8671-0559-4467-AB12-6AA04A2B7366}" => Key not found.
C:\Windows\System32\Tasks\APSnotifierPP2 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B0865E0-009A-44FF-BF76-29054FAAE1D4}" => Key not found.
C:\Windows\System32\Tasks\APSnotifierPP1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9816FAC7-E576-4F38-9A87-5A611323D59D}" => Key not found.
Could not move "C:\Windows\System32\Tasks\Tempo Runner coz64host" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tempo Runner coz64host" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C96AD14-335D-4F53-A686-D7D4F3A6F929}" => Key not found.
C:\Windows\System32\Tasks\WSE_Vosteran not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A11B168D-E4AE-4FBD-9397-2041B487AB8A}" => Key not found.
C:\Windows\System32\Tasks\Funmoods not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B562DE6A-51BD-442A-BDBF-4B9B017ECBF2}" => Key not found.
C:\Windows\System32\Tasks\9cb59dba-8284-4bfe-9ec7-b64f013044d6 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9cb59dba-8284-4bfe-9ec7-b64f013044d6" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA35E852-174B-4ACB-8230-2CD713FA5133}" => Key not found.
C:\Windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-2 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2b25e704-375b-4ded-aacf-2ca34ab66425-2" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C641F037-5575-41E7-B0BB-00BCE3163C35}" => Key not found.
C:\Windows\System32\Tasks\APSnotifierPP3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1AA1649-1882-47D1-BCB1-55A182565AE2}" => Key not found.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D27C348A-A4F2-424D-9471-57DC44A6B561}" => Key not found.
C:\Windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2b25e704-375b-4ded-aacf-2ca34ab66425-1" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D56A13A7-0A7D-4F1A-81D0-694AACEEE584}" => Key not found.
C:\Windows\System32\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-7 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2b25e704-375b-4ded-aacf-2ca34ab66425-7" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0FC6E57-0FB6-4108-B63E-050180347C59}" => Key not found.
C:\Windows\System32\Tasks\RocketTab Update Task not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC091ED9-EE8E-4248-8D11-E097EC08C003}" => Key not found.
C:\Windows\System32\Tasks\DTReg not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg" => Key not found.
C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-11.job not found.
C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-2.job not found.
C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-4.job not found.
C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5.job not found.
C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-5_user.job not found.
C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-6.job not found.
C:\windows\Tasks\2b25e704-375b-4ded-aacf-2ca34ab66425-7.job not found.
C:\windows\Tasks\9cb59dba-8284-4bfe-9ec7-b64f013044d6.job not found.
C:\windows\Tasks\a6c7015d-3094-4303-a638-873c475371e3.job not found.
C:\windows\Tasks\APSnotifierPP1.job not found.
C:\windows\Tasks\APSnotifierPP2.job not found.
C:\windows\Tasks\APSnotifierPP3.job not found.
C:\windows\Tasks\BlockAndSurf Update.job not found.
C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job not found.
C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job not found.
C:\windows\Tasks\WSE_Vosteran.job not found.
"C:\Users\Daddy\AppData\Roaming\VOPackage\VOsrv.exe" => File/Directory not found.
"C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe" => File/Directory not found.
"C:\Program Files (x86)\snipsmart\bin\snipsmart.PurBrowse64.exe" => File/Directory not found.
"C:\Program Files (x86)\snipsmart\updatesnipsmart.exe" => File/Directory not found.
"C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter.exe" => File/Directory not found.
"C:\Program Files (x86)\snipsmart\bin\snipsmart.BOASHelper.exe" => File/Directory not found.
"C:\Program Files (x86)\snipsmart\bin\snipsmart.expext.exe" => File/Directory not found.
"C:\Program Files (x86)\snipsmart\bin\snipsmart.BOASPRT.exe" => File/Directory not found.
"C:\Program Files (x86)\snipsmart\bin\snipsmart.BOAS.exe" => File/Directory not found.
"C:\Program Files (x86)\snipsmart\bin\snipsmart.BRT.Helper.exe" => File/Directory not found.
"C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter64.exe" => File/Directory not found.
"C:\Program Files (x86)\snipsmart\bin\snipsmart.expextdll.dll" => File/Directory not found.
C:\Users\Mommy\Downloads\launch.ica => ":icasource" ADS removed successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 6.1 GB temporary data.
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 19th, 2014, 3:34 pm

Also after I did this last step whenever I try to open a program a windows security message pops ups saying that "these files can't be opened" " Your Internet security settings prevented one or more files from being opened" Is this supposed to happen.
Thank you
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby Gary R » December 19th, 2014, 6:43 pm

The log you posted from ADWCleaner is a scan log, not a fix log.

Did you follow the instructions that I gave in my last post ?

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.


If you clicked on the Clean button, a different log to the one you posted would have been created.

If you have already done this, then please post me the log created, if not, then please run ADWCleaner again, and this time hit the "Clean" button, then post me the log created.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected with IDP.Program.D1B0A5C0

Unread postby shalom123 » December 20th, 2014, 7:26 pm

Sorry I posted the wrong log. Also after I did this last step whenever I try to open a program a windows security message pops ups saying that "these files can't be opened" " Your Internet security settings prevented one or more files from being opened" Is this supposed to happen?
Thank you very much

# AdwCleaner v4.105 - Report created 19/12/2014 at 13:32:50
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Daddy - THEMOSTAWESOME
# Running from : C:\Users\Mommy\Desktop\adwcleaner_4.105.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
[#] Service Deleted : Orbiter
[#] Service Deleted : YahooAUService
[#] Service Deleted : bbnfd_1_10_0_2
Service Deleted : c2cautoupdatesvc
Service Deleted : c2cpnrsvc
Service Deleted : {34f74bed-9d31-4690-9930-3756a4e56d17}Gw64
Service Deleted : {7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64
Service Deleted : {e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\w3i
[!] Folder Deleted : C:\ProgramData\Driver Support
Folder Deleted : C:\ProgramData\zoomify2
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Probit Software
Folder Deleted : C:\Program Files (x86)\w3i
Folder Deleted : C:\Program Files (x86)\Driver Support
Folder Deleted : C:\Program Files (x86)\ORBTR
Folder Deleted : C:\Program Files (x86)\Search Extensions
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Daddy\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\Daddy\AppData\Local\Temp\snipsmart
Folder Deleted : C:\Users\Daddy\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Daddy\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Daddy\AppData\Local\StormWatch
Folder Deleted : C:\Users\Daddy\AppData\Local\Weather_Protector_LLC
Folder Deleted : C:\Users\Daddy\AppData\Local\Vosteran
Folder Deleted : C:\Users\Daddy\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Daddy\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Daddy\AppData\LocalLow\zoomify
Folder Deleted : C:\Users\Daddy\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Daddy\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\Daddy\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Daddy\AppData\Roaming\defaulttab
Folder Deleted : C:\Users\Daddy\AppData\Roaming\WSE_Vosteran
Folder Deleted : C:\Users\Daddy\Documents\Probit Software
Folder Deleted : C:\Users\Michal\AppData\LocalLow\alotappbar
Folder Deleted : C:\Users\Michal\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Mommy\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Mommy\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Sara\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Yael\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Yael\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Yael\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbdamgnimlipjnpgiakiojcbbmcmiibn
Folder Deleted : C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbdamgnimlipjnpgiakiojcbbmcmiibn
Folder Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Deleted : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
File Deleted : \alotserviceruntime.log
File Deleted : C:\Users\Daddy\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\windows\System32\drivers\{34f74bed-9d31-4690-9930-3756a4e56d17}Gw64.sys
File Deleted : C:\windows\System32\drivers\{7db8d663-3d4c-4384-b607-22c1e314b57e}Gw64.sys
File Deleted : C:\windows\System32\drivers\{e8687d73-4a93-4590-9271-bf6f94b4cd22}Gw64.sys
File Deleted : C:\Users\Daddy\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage
File Deleted : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage-journal
File Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Deleted : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : APSnotifierPP3
Task Deleted : Driver Support-RTMRules
Task Deleted : Driver Support-RTMScan
Task Deleted : Driver Support-RTMUpdater
Task Deleted : DTReg
Task Deleted : Funmoods
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mbdamgnimlipjnpgiakiojcbbmcmiibn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKCU\Software\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{011166B1-9A69-4174-93D5-F7D3324553FE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655615561}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666616661}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655615561}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666616661}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKCU\Software\StormWatch
Key Deleted : HKCU\Software\Vosteran Browser
Key Deleted : HKCU\Software\Vosteran
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\zoomify
Key Deleted : HKCU\Software\AppDataLow\Software\Savepass 3.0
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Default Tab
Key Deleted : HKLM\SOFTWARE\DefaultTab
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\SimplyGen
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\zoomify
Key Deleted : HKLM\SOFTWARE\ORBTR
Key Deleted : HKLM\SOFTWARE\BetterBrain_1.10.0.2
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\StormWatch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5dfd64a7-81dd-45a9-9874-1fe13b7f4d56}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\timesheraldonline.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.timesheraldonline.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Google Chrome v

[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=NT_ss&s=web&rlz=0&as=3&ac=0%2C66
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=NT_ss&s=web&rlz=0&as=3&ac=0%2C66
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.nydailynews.com/search-resul ... s-7.113?q={searchTerms}&nydn-search-url=site&nydn-search-submit=Search
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir=
[C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StAzz0B0A0DtB0E0AtG0ByByByDtGyE0FyByBtG0FtB0C0FtGtAyDyDyEtBtB0DtDtD0EtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Azy0FyB0EyD0FtGyCzztAtAtGyEtDyDyEtGzztB0FtDtG0AyC0B0AtDzy0EtCyB0E0DyE2Q&cr=960361997&ir=
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&search=&qsrc=0&o=0&l=dir
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : mbdamgnimlipjnpgiakiojcbbmcmiibn
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : geggofhlfbcmanadhknllmlajiafopoh
[C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://kosheronabudget.com/search-resul ... -8859-1&q={searchTerms}&sa=Search
[C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0ByDtAzztAtAyDtAyB0EtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=996414931
[C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_ ... osn=-1&v1={searchTerms}&search_submit=
[C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : mbdamgnimlipjnpgiakiojcbbmcmiibn
[C:\Users\Yael\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [39509 octets] - [19/12/2014 09:35:58]
AdwCleaner[R1].txt - [28657 octets] - [19/12/2014 13:30:13]
AdwCleaner[S0].txt - [27698 octets] - [19/12/2014 13:32:50]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [27759 octets] ##########
shalom123
Regular Member
 
Posts: 43
Joined: December 18th, 2014, 9:26 pm

Re: Infected with IDP.Program.D1B0A5C0

Unread postby Gary R » December 21st, 2014, 2:03 am

No, that's not supposed to happen. Is this with any/all program(s) you try to open, or just the ones you've tried ?

It sounds very much as if some permissions have got muddled up, which may be because not all of your infection has been removed yet.

We now need to scan your computer again, to see if we can find what remains to be removed, and hopefully when we remove that the permissions problem will disappear, if not we'll need to reset them.

So ...

First ...

Please run a new scan for me with FRST.

  • Double click Frst64.exe to launch it.
  • Check the Addition.txt box in the bottom right corner (if you don't do that, this time the Addition.txt log will not be produced)
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Next ...

I need you to run a new search for me using FRST ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box. (don't include Code: Select all)
    Code: Select all
    ALOT;AnyProtect;Babylon;BetterBrain;BlockAndSurf;ConvertAd;DealCabby;EasyDriver;RemoteDesktopAccess;RocketTab;Savepass;SearchProtect;snipsmart;StormWatch;Vosteran;WSE_Vosteran;Zoomify

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 131 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware