Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

JS.DOWNLOADER TROJAN SEKINDO [Solved]

Started by Idan611 , Nov 22 2015 05:22 AM

js torjan malware sekindo

This topic is locked

#1
Idan611

Posted 22 November 2015 - 05:22 AM

Member

Member
23 posts

Hi,

My online AVG shiled gives me (each time I open chrome/IE/etc) an AVG detection that it found a JS.DOWNLOADER trojan

and it showes that it's location is a URL link refering to www.sekindo.com/live.

Each time of course AVG says it blocked it and secured it but each time I open a new chrome or IE the detection pops-up again and again.

I have tried several malware tools for it, and also erased all the history + restored to default the web browsers but it doesnt seem to help.

When I run AVG for a whole computer scan (when the browsers are closed) it doesn't find any virus and saies the computer is clean. Only when I open the browser i get the AVG detection.

Any ideas anyone how to remove this torjan/malware?

Thanks,

Idan

#2
Valinorum

Posted 22 November 2015 - 06:57 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Post the diagnostic logs asked in the sticky thread.

#3
Idan611

Posted 22 November 2015 - 07:41 AM

Member

Topic Starter
Member
23 posts

Hi,

Thanks for the replay.

Can you please explain what diagnostic logs you mean (and from where I should get it?) and what is the sticky thread?

Thanks again,

Idan

#4
Valinorum

Posted 22 November 2015 - 07:45 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Follow this thread.

#5
Idan611

Posted 22 November 2015 - 09:46 AM

Member

Topic Starter
Member
23 posts

Hi,

In the meanwhile, I read somewhere that windows system recovery might solve the problem.

On the first time it didn't work, but as for the second time it seems the pop-up has gone.

Should I still follow the thread and copy the logs, just to be on the safe side?

thanks again,

Idan

#6
Idan611

Posted 22 November 2015 - 10:01 AM

Member

Topic Starter
Member
23 posts

anyway did it so :

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-11-2015

Ran by Idan (administrator) on IDAN-PC (22-11-2015 17:53:56)

Running from C:\Users\Idan\Desktop

Loaded Profiles: Idan (Available Profiles: Idan & Guest)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe

(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe

(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe

(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLEDService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLED.exe

(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe

(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\ToolbarUpdater.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Lenovo.) C:\Windows\System32\TpShocks.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Dropbox, Inc.) C:\Users\Idan\AppData\Local\Dropbox\Update\DropboxUpdate.exe

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

(ArcSoft, Inc.) C:\Users\Idan\HITACHI\arcsoft\uBBMonitor.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Google Inc.) C:\Users\Idan\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-23] (Realtek Semiconductor)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [2598280 2010-02-12] (ELAN Microelectronics Corp.)

HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231264 2009-09-02] (Lenovo.)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4400064 2009-12-26] (Lenovo(beijing) Limited)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-26] (Lenovo (Beijing) Limited)

HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2569616 2015-10-05] ()

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\Run: [Dropbox Update] => C:\Users\Idan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-19] (Dropbox, Inc.)

HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\MountPoints2: {98e8c78f-3241-11e1-ab52-f07bcbde0ae5} - "E:\WD SmartWare.exe" autoplay=true

HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\MountPoints2: {dfbebc7a-b55d-11e0-b86f-a3c90d25e841} - E:\autorun.exe

HKU\S-1-5-21-85820212-1267379632-1251349074-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)

HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)

IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-05-28]

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk [2011-04-27]

ShortcutTarget: TotalMedia Backup Monitor.lnk -> C:\Users\Idan\HITACHI\arcsoft\uBBMonitor.exe (ArcSoft, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 80.179.52.100 80.179.55.100

Tcpip\..\Interfaces\{B72D62AF-EA28-4399-9C8A-FD32BEC3CEF7}: [DhcpNameServer] 80.179.52.100 80.179.55.100

Tcpip\..\Interfaces\{EACC8061-2EFA-49E1-9466-8464DAABB7BE}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-85820212-1267379632-1251349074-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.walla.co.il/

URLSearchHook: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File

SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={A29C3F15-3333-4742-8D5C-4FF06085CD6C}&mid=982657a7d75d47d699ed21328d3ae316-325d026aa9ebb2d49db438ba10021cddd1d72988&lang=us&ds=AVG&pr=fr&d=2011-12-11 22:06:50&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}

SearchScopes: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={A29C3F15-3333-4742-8D5C-4FF06085CD6C}&mid=982657a7d75d47d699ed21328d3ae316-325d026aa9ebb2d49db438ba10021cddd1d72988&lang=us&ds=AVG&pr=fr&d=2011-12-11 22:06:50&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO-x32: IEPwdBankBHO Class -> {56CBB761-DA41-4E31-B270-B13B4B0A61D0} -> C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll [2010-01-25] (Egis Technology Inc. )

BHO-x32: AGFormHelperObj Class -> {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} -> C:\Program Files (x86)\agat\AGForm\AGFormsHelper.dll [2013-07-24] (Agat software solutions)

BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-31] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.9.0.230\AVG Secure Search_toolbar.dll [2015-10-05] (AVG Secure Search)

BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-31] (Oracle Corporation)

Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.9.0.230\AVG Secure Search_toolbar.dll [2015-10-05] (AVG Secure Search)

Toolbar: HKLM-x32 - Agat.AGForms.Toolbar.AGFormsToolbar - {8fe28f46-37ad-47b2-8258-34c128636ace} - C:\windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)

Toolbar: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

Toolbar: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab

DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)

Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.9.0\ViProtocol.dll [2015-10-05] (AVG Secure Search)

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

FireFox:

========

FF ProfilePath: C:\Users\Idan\AppData\Roaming\Mozilla\Firefox\Profiles\1bg2zy70.default

FF Homepage: hxxp://www.walla.co.il/

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [No File]

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.9.0\\npsitesafety.dll [No File]

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> d:\media\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> d:\media\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> d:\media\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> d:\media\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-85820212-1267379632-1251349074-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Idan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-85820212-1267379632-1251349074-1000: @talk.google.com/O1DPlugin -> C:\Users\Idan\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-85820212-1267379632-1251349074-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Idan\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

FF Plugin HKU\S-1-5-21-85820212-1267379632-1251349074-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Idan\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

FF user.js: detected! => C:\Users\Idan\AppData\Roaming\Mozilla\Firefox\Profiles\1bg2zy70.default\user.js [2015-04-28]

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-12-11] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-12-11] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-12-11] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-12-11] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-12-11] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\cgpcfg.dll [2008-08-16] (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\CgpCore.dll [2008-08-16] (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\confmgr.dll [2008-08-16] ()

FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\ctxlogging.dll [2008-08-16] ()

FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\ctxmui.dll [2008-08-16] (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\icafile.dll [2008-08-16] (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\icalogon.dll [2008-08-16] (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\msvcm80.dll [2008-05-21] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\msvcp80.dll [2008-05-21] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\msvcr80.dll [2008-05-21] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\npicaN.dll [2008-08-16] ()

FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\sslsdk_b.dll [2008-06-05] (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\TcpPServ.dll [2008-08-16] (Citrix Systems, Inc.)

FF Extension: No Name - C:\ProgramData\AVG Secure Search\FireFoxExt\18.9.0.230 [2015-11-22] [not signed]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-09-12] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.9.0.230

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com"

CHR Plugin: (Native Client) - C:\Users\Idan\AppData\Local\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Idan\AppData\Local\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File

CHR Plugin: (Shockwave Flash) - C:\Users\Idan\AppData\Local\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => No File

CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll => No File

CHR Plugin: (AVG Internet Security) - C:\Users\Idan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File

CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File

CHR Plugin: (Google Talk Plugin) - C:\Users\Idan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Idan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File

CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll (AVG Technologies)

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Users\Idan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File

CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll => No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File

CHR Plugin: (VLC Multimedia Plug-in) - d:\media\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Profile: C:\Users\Idan\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Chrome Web Store Payments) - C:\Users\Idan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1563664 2015-10-30] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [873248 2010-02-18] (Broadcom Corporation.)

R2 EgisTec Data Security Service; C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe [313200 2010-01-25] (Egis Technology Inc. )

R2 EgisTec Service Help; c:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [319344 2010-01-28] (Egis Technology Inc. )

R2 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)

S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)

S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)

S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)

S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)

R2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-02-05] (Realtek Semiconductor Corp.) [File not signed]

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2973400 2015-08-04] (AVG Technologies)

R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies)

R2 UxTuneUp; C:\windows\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies)

R2 vToolbarUpdater18.9.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\ToolbarUpdater.exe [1862032 2015-10-05] (AVG Secure Search)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [77760 2015-07-09] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)

S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [118016 2009-08-27] (TCT International Mobile Ltd)

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]

R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [214912 2010-01-27] (Vimicro Corporation)

R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-22 17:53 - 2015-11-22 17:56 - 00031939 _____ C:\Users\Idan\Desktop\FRST.txt

2015-11-22 17:53 - 2015-11-22 17:53 - 00000000 ____D C:\FRST

2015-11-22 17:51 - 2015-11-22 17:52 - 02345984 _____ (Farbar) C:\Users\Idan\Desktop\FRST64.exe

2015-11-21 21:00 - 2015-11-22 08:22 - 00000000 ____D C:\ProgramData\RogueKiller

2015-11-21 20:40 - 2015-11-22 08:22 - 00000000 ____D C:\Users\Idan\Downloads\SmitfraudFix

2015-11-21 19:58 - 2015-11-22 08:22 - 00000000 ____D C:\Program Files\HitmanPro

2015-11-21 19:58 - 2015-11-21 20:23 - 00000000 ____D C:\ProgramData\HitmanPro

2015-11-21 18:39 - 2015-11-21 18:39 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-11-21 17:15 - 2015-11-21 18:31 - 00000000 ____D C:\AdwCleaner

2015-11-21 17:14 - 2015-11-21 17:14 - 00000051 _____ C:\Users\Idan\Desktop\webvi.txt

2015-11-11 05:46 - 2015-11-22 08:22 - 00000000 ____D C:\Users\Idan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-11-07 09:26 - 2015-11-22 08:22 - 00000000 ____D C:\Intel

2015-11-02 19:04 - 2015-11-02 19:04 - 00000000 _____ C:\windows\setuperr.log

2015-10-25 23:27 - 2015-10-25 23:38 - 00052916 _____ C:\Users\Idan\Desktop\מצגת מזוקקת-טיוטא3.pptx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-22 17:50 - 2010-05-28 12:40 - 03325952 _____ C:\windows\system32\TPAPSLOG.LOG

2015-11-22 17:49 - 2012-08-01 22:11 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2015-11-22 17:47 - 2010-10-26 23:01 - 00000000 ____D C:\ProgramData\MFAData

2015-11-22 17:42 - 2015-09-19 09:37 - 00000914 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000UA.job

2015-11-22 17:33 - 2010-05-28 12:40 - 03234432 _____ C:\windows\system32\TPHDLOG0.LOG

2015-11-22 17:29 - 2009-07-14 06:45 - 00013632 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-11-22 17:29 - 2009-07-14 06:45 - 00013632 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-11-22 17:23 - 2013-01-24 18:11 - 00000354 _____ C:\windows\Tasks\ROC_JAN2013_TB_rmv.job

2015-11-22 17:13 - 2010-09-16 21:42 - 00000934 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000UA.job

2015-11-22 10:55 - 2010-05-28 11:41 - 02053682 _____ C:\windows\WindowsUpdate.log

2015-11-22 10:42 - 2015-09-19 09:37 - 00000862 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000Core.job

2015-11-22 08:32 - 2015-10-10 23:17 - 00001512 _____ C:\windows\setupact.log

2015-11-22 08:32 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2015-11-22 08:24 - 2015-04-07 02:01 - 00000000 ___SD C:\windows\system32\GWX

2015-11-22 08:24 - 2010-11-29 19:41 - 00000000 ____D C:\Users\Guest

2015-11-22 08:24 - 2010-08-21 07:45 - 00000000 ____D C:\Users\Idan

2015-11-22 08:24 - 2009-07-29 09:23 - 00000000 ____D C:\Program Files\Windows Journal

2015-11-22 08:24 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache

2015-11-22 08:24 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions

2015-11-22 08:23 - 2011-11-13 21:11 - 00000000 ____D C:\windows\system32\Macromed

2015-11-22 08:23 - 2010-08-21 13:57 - 00000000 ____D C:\windows\SysWOW64\Macromed

2015-11-22 08:22 - 2015-04-23 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2015-11-22 08:22 - 2014-12-13 00:18 - 00000000 ____D C:\Users\Idan\Desktop\Tor Browser

2015-11-22 08:22 - 2014-08-29 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-11-22 08:22 - 2014-04-28 00:24 - 00000000 ____D C:\ProgramData\AVG Secure Search

2015-11-22 08:22 - 2013-10-21 19:07 - 00000000 ____D C:\ProgramData\Oracle

2015-11-22 08:22 - 2012-05-11 20:18 - 00000000 ____D C:\Users\Idan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BS.Player

2015-11-22 08:22 - 2011-12-11 22:07 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search

2015-11-22 08:22 - 2011-07-15 16:06 - 00000000 ____D C:\Users\Idan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-11-22 08:22 - 2011-04-27 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Backup

2015-11-22 08:22 - 2011-01-25 22:15 - 00000000 ____D C:\Users\Idan\AppData\Roaming\Dropbox

2015-11-22 08:22 - 2010-10-26 23:16 - 00000000 ____D C:\ProgramData\AVG Security Toolbar

2015-11-22 08:22 - 2010-09-18 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule

2015-11-22 08:22 - 2010-08-21 07:45 - 00000000 ____D C:\Users\Idan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo

2015-11-22 08:22 - 2009-07-29 09:23 - 00000000 ___RD C:\Users\Public\Recorded TV

2015-11-22 08:22 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2015-11-22 08:20 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration

2015-11-22 08:11 - 2013-08-20 19:11 - 00000000 ____D C:\Program Files (x86)\Java

2015-11-21 11:55 - 2015-08-31 17:31 - 00000000 ____D C:\Users\Idan\.oracle_jre_usage

2015-11-21 03:44 - 2013-07-17 02:01 - 00000000 ____D C:\windows\system32\MRT

2015-11-12 23:13 - 2010-09-16 21:42 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000Core.job

2015-11-12 18:34 - 2010-08-28 00:03 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{8F7EFE37-AFAB-448D-8C57-4D7D7A2DD129}

2015-11-10 23:49 - 2012-08-01 22:11 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

2015-11-10 23:49 - 2012-03-29 23:58 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2015-11-10 23:49 - 2011-05-20 08:45 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-11-10 19:10 - 2015-04-23 12:24 - 00000965 _____ C:\Users\Public\Desktop\AVG 2015.lnk

2015-11-05 18:57 - 2009-07-14 07:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI

2015-11-03 19:02 - 2010-05-28 12:52 - 00729826 _____ C:\windows\PFRO.log

2015-10-27 19:29 - 2010-09-03 16:07 - 00000000 ____D C:\Users\Idan\אישי

==================== Files in the root of some directories =======

2013-12-09 12:45 - 2014-06-23 05:09 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml

2010-09-04 15:37 - 2015-09-27 15:47 - 0008192 _____ () C:\Users\Idan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-12-07 10:24 - 2012-12-07 10:24 - 0004096 ____H () C:\Users\Idan\AppData\Local\keyfile3.drm

2010-12-01 22:40 - 2010-12-01 22:40 - 0000017 _____ () C:\Users\Idan\AppData\Local\resmon.resmoncfg

2013-11-02 21:35 - 2013-11-02 21:37 - 0002216 _____ () C:\Users\Idan\AppData\Local\WiDiSetupLog.20131102.213526.txt

2013-11-02 21:37 - 2013-11-02 21:37 - 0002218 _____ () C:\Users\Idan\AppData\Local\WiDiSetupLog.20131102.213728.txt

2010-08-27 22:15 - 2010-08-27 22:15 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed

C:\windows\system32\wininit.exe => File is digitally signed

C:\windows\SysWOW64\wininit.exe => File is digitally signed

C:\windows\explorer.exe => File is digitally signed

C:\windows\SysWOW64\explorer.exe => File is digitally signed

C:\windows\system32\svchost.exe => File is digitally signed

C:\windows\SysWOW64\svchost.exe => File is digitally signed

C:\windows\system32\services.exe => File is digitally signed

C:\windows\system32\User32.dll => File is digitally signed

C:\windows\SysWOW64\User32.dll => File is digitally signed

C:\windows\system32\userinit.exe => File is digitally signed

C:\windows\SysWOW64\userinit.exe => File is digitally signed

C:\windows\system32\rpcss.dll => File is digitally signed

C:\windows\system32\dnsapi.dll => File is digitally signed

C:\windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-20 22:51

==================== End of FRST.txt ============================

#7
Idan611

Posted 22 November 2015 - 10:01 AM

Member

Topic Starter
Member
23 posts

and the second one:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-11-2015

Ran by Idan (2015-11-22 17:57:32)

Running from C:\Users\Idan\Desktop

Windows 7 Home Premium Service Pack 1 (X64) (2010-08-21 05:45:00)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-85820212-1267379632-1251349074-500 - Administrator - Disabled)

Guest (S-1-5-21-85820212-1267379632-1251349074-501 - Limited - Enabled) => C:\Users\Guest

HomeGroupUser$ (S-1-5-21-85820212-1267379632-1251349074-1002 - Limited - Enabled)

Idan (S-1-5-21-85820212-1267379632-1251349074-1000 - Administrator - Enabled) => C:\Users\Idan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)

Active Protection System (HKLM-x32\...\{F493761C-E465-4B9E-9FC1-A312F161DE0A}) (Version: 1.70.09 - Lenovo)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)

Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)

Apple Application Support‏ (64 סיביות) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ArcSoft TotalMedia Backup (HKLM-x32\...\{3D69628B-4DE8-43C7-9A22-F90F5B870C08}) (Version: 1.5.21.7 - ArcSoft)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)

AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6176 - AVG Technologies)

AVG 2015 (Version: 15.0.4460 - AVG Technologies) Hidden

AVG 2015 (Version: 15.0.6176 - AVG Technologies) Hidden

AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden

AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.638 - AVG Technologies)

AVG PC TuneUp 2015 (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden

AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.9.0.230 - AVG Technologies)

BioExcess (HKLM-x32\...\InstallShield_{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}) (Version: 6.0.48.159 - Egis Technology Inc.)

BioExcess (x32 Version: 6.0.48.159 - Egis Technology Inc.) Hidden

BitTorrent (HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\BitTorrent) (Version: 7.8.2.30489 - BitTorrent Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.18.41 - Broadcom Corporation)

BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.61.1065 - AB Team, d.o.o.)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)

Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2603 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dropbox (HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)

E-GOV.IL Sign&Verify Software - AGForm toolbar (HKLM-x32\...\{98880889-285F-4260-989B-8B22020D756F}) (Version: 14.2.1.0 - GOV.IL)

eMule (HKLM-x32\...\eMule) (Version: - )

Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.0.9 - Lenovo)

ETDWare PS/2-x64 7.0.4.15_WHQL (HKLM\...\Elantech) (Version: 7.0.4.15 - ELAN Microelectronics Corp.)

Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)

Fences (Version: 1.0 - Stardock Corporation) Hidden

Google Chrome (HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2008 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)

iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)

Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)

Juniper Citrix Services Client (HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\Juniper_Citrix_Services) (Version: 8.0.8.33771 - Juniper Networks)

Juniper Networks Setup Client (HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\Juniper_Setup_Client) (Version: 8.0.8.52215 - Juniper Networks)

Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)

Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)

Juniper Terminal Services Client (HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\Juniper_Term_Services) (Version: 8.0.8.33771 - Juniper Networks)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1400 - Broadcom Corporation)

Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.10.01.29.1 - Vimicro)

Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)

Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden

Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)

Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)

Lenovo Security Suite (HKLM-x32\...\InstallShield_{8B404231-6BB1-44F6-8488-6A7C307B576F}) (Version: 1.0.4.6 - Lenovo)

Lenovo Security Suite (x32 Version: 1.0.4.6 - Lenovo) Hidden

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Mozilla Firefox 40.0.3 (x86 he) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 he)) (Version: 40.0.3 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)

Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden

Port Locker (HKLM-x32\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.15 - Egis Technology Inc.)

Port Locker (Version: 1.0.5.15 - Egis Technology Inc.) Hidden

Port Locker (x32 Version: 1.0.5.15 - Egis Technology Inc.) Hidden

Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)

QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6051 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)

RtLED (HKLM\...\{5ACF5427-B4E4-4F85-A512-151E0BECF7E3}) (Version: 1.0.2 - Realtek Semiconductor Corp.)

Self-service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden

Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)

Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)

SmartShare (HKLM-x32\...\{BAB337AE-DD9E-45C3-BED6-0EE4732AEC60}) (Version: 2.1.1309.1101 - LG Electronics Inc.)

SPSS Statistics 17.0 (HKLM-x32\...\{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}) (Version: 17.0.0 - SPSS Inc.)

System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)

Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417) (HKLM\...\7341A1B43E7FE58942EB1E820A17C18305DFBCE6) (Version: 01/19/2010 6.2.0.1417 - Broadcom)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

WinRAR 4.00 (64-סיביות) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

עדכון עבור מסנן דואר הזבל של Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-040D-0000-0000000FF1CE}_ENTERPRISER_{18E2D7BF-CC18-4CE8-B875-D2934B6086E2}) (Version: - Microsoft)

עדכון עבור מסנן דואר הזבל של Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-040D-0000-0000000FF1CE}_ENTERPRISER_{54B50AC9-2088-4F43-B39A-0F10F53D425E}) (Version: - Microsoft)

עדכון עבור מסנן דואר הזבל של Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-040D-0000-0000000FF1CE}_ENTERPRISER_{CAB664CE-BBA4-4A81-A358-6CC6F7852FC9}) (Version: - Microsoft)

תמיכה ביישומים של Apple‏ (32 סיביות) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Idan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Idan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Restore Points =========================

20-11-2015 22:58:44 Scheduled Checkpoint

21-11-2015 00:35:32 Restore Operation

21-11-2015 03:02:05 Windows Update

21-11-2015 15:29:12 Advanced System~Protector

22-11-2015 08:05:00 Restore Operation

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {023DDFA2-8DCC-410B-8327-93348906B7E8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)

Task: {1A53045A-B0DD-48BD-8784-7F7A69F533EE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000Core => C:\Users\Idan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-09-19] (Dropbox, Inc.)

Task: {2FDCCFD1-A82B-41E7-BF47-F90CAE48A459} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-08-04] (AVG Technologies)

Task: {55316116-96C1-45F0-9D45-3D43C06CD8FB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000UA => C:\Users\Idan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-09-19] (Dropbox, Inc.)

Task: {6EFFCEB5-7F0F-46D4-AE09-31E3F71C07A4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000Core => C:\Users\Idan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {7BEE9764-CD9A-4E28-8DF1-1C9CBB631311} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000UA => C:\Users\Idan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {7E8D0C06-4DA7-4C41-BA4C-0880F0827F09} - System32\Tasks\Google Update => C:\Users\Idan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {AA07E32A-A454-408A-8FBB-4C995454AF30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {BDF29435-3C18-4A1B-A9D7-AC8C2079AA03} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)

Task: {C4EA53C1-8F2C-4BCC-A974-3CEE304ADAE1} - System32\Tasks\SmartShare => C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe [2013-06-27] (LG Electronics Inc.)

Task: {CD1444B7-1A00-4BEA-B06B-E985255B5C26} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-31] ()

Task: {D1550A1E-EF72-4D65-9D00-97337206A609} - System32\Tasks\{8A161A7C-5CA9-4B4A-B824-D34132D17196} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-03-25] (Skype Technologies S.A.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000Core.job => C:\Users\Idan\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000UA.job => C:\Users\Idan\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000Core.job => C:\Users\Idan\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000UA.job => C:\Users\Idan\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe

==================== Loaded Modules (Whitelisted) ==============

2010-01-25 22:50 - 2010-01-25 22:50 - 01407344 _____ () C:\Program Files (x86)\EgisTec BioExcess\x64\LIBEAY32.dll

2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2015-08-04 14:26 - 2015-08-04 14:26 - 00718040 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll

2015-08-04 14:26 - 2015-08-04 14:26 - 00861912 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll

2010-02-18 01:26 - 2010-02-18 01:26 - 00173344 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll

2011-04-24 20:16 - 2011-03-02 11:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll

2010-05-28 13:05 - 2009-07-15 17:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll

2010-05-28 13:05 - 2009-07-15 17:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll

2014-10-16 03:13 - 2014-10-16 03:13 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll

2011-08-13 18:21 - 2010-11-05 22:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2015-10-24 16:16 - 2015-10-20 16:08 - 01532744 _____ () C:\Users\Idan\AppData\Local\Google\Chrome\Application\46.0.2490.80\libglesv2.dll

2015-10-24 16:16 - 2015-10-20 16:08 - 00081224 _____ () C:\Users\Idan\AppData\Local\Google\Chrome\Application\46.0.2490.80\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-85820212-1267379632-1251349074-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Idan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 80.179.52.100 - 80.179.55.100

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FD9F32E6-3603-42BD-9F2D-EB6C04AA1C3E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{EFFD2A0D-AF92-46DC-AA69-F661C7102557}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe

FirewallRules: [{003E35A8-EB19-4FA1-A2FF-A78739F53481}] => (Allow) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe

FirewallRules: [{A06111B9-588A-433B-B99C-58CFA15FBCEB}] => (Allow) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe

FirewallRules: [{59823DFA-0D28-4423-AEAC-703660A73FE6}] => (Allow) C:\windows\System32\IgrsSvcs.exe

FirewallRules: [{DC6594D3-9323-49E8-888A-7B1018CD30EF}] => (Allow) C:\windows\System32\IgrsSvcs.exe

FirewallRules: [{9405CE55-1568-4E4E-83A7-AF182890A849}] => (Allow) C:\Program Files\Lenovo\ReadyComm\Projectionist.exe

FirewallRules: [{1DDA822B-F317-4AD3-9C8D-3316FD6C72F4}] => (Allow) C:\Program Files\Lenovo\ReadyComm\Projectionist.exe

FirewallRules: [{1DFEEF88-EBE1-454D-9C9A-9AC2CF790E4F}] => (Allow) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe

FirewallRules: [{14FECE8E-E07B-4BF3-A9AF-D017FF22B85D}] => (Allow) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe

FirewallRules: [{7DC9D6FE-4CDA-418C-8E64-557E1AD40CBA}] => (Allow) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe

FirewallRules: [{2B24A9C4-22A2-4F8D-9809-158A47D8F9E9}] => (Allow) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe

FirewallRules: [{125D8513-F0DB-48F3-97AA-332BDD6FFB23}] => (Allow) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe

FirewallRules: [{3FC0C7AB-9F2B-4246-AC6E-EE5D2183DCAA}] => (Allow) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe

FirewallRules: [{683E59B1-34A3-4FD4-BCB6-40DAA5A54ED5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{D07D713D-4EE1-4263-8DB1-0E750E087A3C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{A13D16CF-2E38-42E7-BD88-75D2C385B98A}] => (Allow) LPort=2869

FirewallRules: [{A779E1D5-B6DD-408A-BB6C-520EAD163644}] => (Allow) LPort=1900

FirewallRules: [TCP Query User{81DFAA66-5E7A-4B59-9F28-B8F8BE1F46CF}C:\users\idan\media\emule\emule.exe] => (Allow) C:\users\idan\media\emule\emule.exe

FirewallRules: [UDP Query User{10802865-98B3-487E-A68F-60CD06450EB3}C:\users\idan\media\emule\emule.exe] => (Allow) C:\users\idan\media\emule\emule.exe

FirewallRules: [TCP Query User{61147E9D-1B85-4E90-85E0-502033E0FE88}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe

FirewallRules: [UDP Query User{851507D2-8B41-4EDD-830E-56852AD74B40}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe

FirewallRules: [{C0AE4941-E74E-4C8B-A835-35652A9711FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{0C473EA9-ECEC-4AAC-91E5-B8E55956E314}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{3E739D00-0AB4-4A95-922A-644B32E51648}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{5EC2819F-0AE6-41E8-9AEE-FF47B6149CFA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{7B792180-DEAB-4416-AC5B-D100F208C3DE}] => (Allow) C:\Users\Idan\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{7B9B4DD3-15FA-4227-977F-C1D4362CA675}] => (Allow) C:\Users\Idan\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{04474B11-AA48-48B4-AFDA-BFE70DBAD996}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{D7CAA48B-2EDB-4D3F-BA6B-35AE29290BA0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{3315F1C5-EDAC-41D5-828A-231E67B165D0}] => (Allow) C:\Users\Idan\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{C8DECDDB-9C97-4924-93A2-60409C493DDC}] => (Allow) C:\Users\Idan\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{412558D5-5E73-4383-8D87-8D06AF300E08}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe

FirewallRules: [{A390CB66-C679-4C67-A7C2-7EAE47E77F16}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe

FirewallRules: [{B047C107-DBD6-4651-B6DE-1826B653CD16}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe

FirewallRules: [{5E0D4987-C8BC-410D-B5EB-669189BFD117}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe

FirewallRules: [{BAADCF14-7D72-47DA-B46C-87434A4199CA}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{45FFF10D-BE34-43AC-86D7-D1B51B4EACE9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

FirewallRules: [{AC61E950-07EC-42F7-A900-10B212E35170}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

FirewallRules: [{A4A0E882-79BD-4F00-88B2-51BDD06841A0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{2735FAA7-09FE-4638-8783-C7A6BDA65D57}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe

==================== Faulty Device Manager Devices =============

Name: Lexmark X422

Description: Lexmark X422

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: Lexmark

Service: usbscan

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device

Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device

Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Manufacturer: Broadcom

Service: BTHUSB

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:

==================

Error: (11/22/2015 08:43:39 AM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (11/21/2015 09:26:30 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:\Users\Idan\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

Error: (11/21/2015 09:25:15 PM) (Source: ESENT) (EventID: 490) (User: )

Description: DllHost (2012) WebCacheLocal: An attempt to open the file "C:\Users\Idan\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/21/2015 09:25:05 PM) (Source: ESENT) (EventID: 490) (User: )

Error: (11/21/2015 09:24:55 PM) (Source: ESENT) (EventID: 490) (User: )

Error: (11/21/2015 09:24:45 PM) (Source: ESENT) (EventID: 490) (User: )

Error: (11/21/2015 09:24:35 PM) (Source: ESENT) (EventID: 490) (User: )

Error: (11/21/2015 09:24:25 PM) (Source: ESENT) (EventID: 490) (User: )

Error: (11/21/2015 09:24:15 PM) (Source: ESENT) (EventID: 490) (User: )

Error: (11/21/2015 09:24:05 PM) (Source: ESENT) (EventID: 490) (User: )

System errors:

=============

Error: (11/22/2015 05:23:49 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (11/22/2015 08:33:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The ReadyComm.DirectRouter service failed to start due to the following error:

%%2

Error: (11/22/2015 08:32:52 AM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (11/21/2015 09:31:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The AVG PC TuneUp Service service failed to start due to the following error:

%%1053

Error: (11/21/2015 09:31:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the AVG PC TuneUp Service service to connect.

Error: (11/21/2015 09:30:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The SeaPort service failed to start due to the following error:

%%1053

Error: (11/21/2015 09:30:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the SeaPort service to connect.

Error: (11/21/2015 09:29:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The RtLedService Installer service failed to start due to the following error:

%%1053

Error: (11/21/2015 09:29:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the RtLedService Installer service to connect.

Error: (11/21/2015 09:28:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The ReadyComm.DirectRouter service failed to start due to the following error:

%%2

CodeIntegrity:

===================================

Date: 2015-10-28 18:59:12.450

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-10-28 18:59:12.045

Date: 2015-10-28 18:59:11.624

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-10-28 18:59:11.218

Date: 2015-10-19 19:38:08.723

Date: 2015-10-19 19:38:08.300

Date: 2015-10-19 19:38:07.872

Date: 2015-10-17 10:06:59.890

Date: 2015-10-17 10:06:59.636

Date: 2015-10-17 10:06:59.359

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz

Percentage of memory in use: 67%

Total physical RAM: 5876.51 MB

Available physical RAM: 1885.79 MB

Total Virtual: 11751.23 MB

Available Virtual: 8443.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:105.07 GB) NTFS

Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 7BD19705)

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)

Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End of Addition.txt ============================

#8
Idan611

Posted 22 November 2015 - 02:04 PM

Member

Topic Starter
Member
23 posts

Does it look good? because I think my computer is relatively slow.

thanks again

Idan

#9
Valinorum

Posted 22 November 2015 - 09:28 PM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Step #1 Fix with FRST
Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.

Open Notepad.exe. Do not use any other text editor software;

Copy and Paste the contents inside the code-box to your Notepad --

Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
RemoveProxy:
FirewallRules: [{7B792180-DEAB-4416-AC5B-D100F208C3DE}] => (Allow) C:\Users\Idan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7B9B4DD3-15FA-4227-977F-C1D4362CA675}] => (Allow) C:\Users\Idan\AppData\Roaming\BitTorrent\BitTorrent.exe
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
SearchScopes: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\MountPoints2: {98e8c78f-3241-11e1-ab52-f07bcbde0ae5} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\MountPoints2: {dfbebc7a-b55d-11e0-b86f-a3c90d25e841} - E:\autorun.exe
CMD: bitsadmin /reset /allusers
End

Click on File > Save as...
- Inside the File Name box type fixlist.txt;
- From the Save as type drop down list, choose All Files
Save the file to your Desktop;
Re-run FRST.exe and click Fix;
- Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
After the completion, a log will be produced;
Copy and Paste the contents of the log in your next reply.

Step #2 Scan with Malwarebytes' Anti-Malware
- Download Malwarebytes' Anti-Malware from the suitable link below --
- Double-click on mbam-setup-version-number.exe to install the application.
- Before clicking Finish perform the following actions --
  - Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
  - Check the box beside Launch Malwarebytes Anti-Malware
- Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
  - Navigate to the Settings tab Detection and Protection and check all the boxes under Detection Options
- From the Dashboard click on Scan Now;
- If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
- On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
- Copy and Paste the contents of the log in your next reply.

Step #3 ESET Online Scanner
Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
- Download esetsmartinstaller_enu.exe by clicking here.
- Right-click on the program and choose Run as administrator.
- Accept their terms and condition and proceed.
- Install Add-On/Active X if prompted.
- From the Computer Scan Setting check the following box --
  - Enable detection for potentially unwanted programs
- Click on Advanced Setting --
  - Uncheck the box beside Remove Found Threats;
  - Check the box beside Scan archives
  - Check the box beside Scan for potentially unsafe applications
  - Check the box beside Enable Anti-Stealth Technology
- Click on Start and wait for the virus signature database to update.
- The online scan will begin automatically and can take several hours.
  - Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
- After the Scan finishes --
  - If no threats were found:
    - Put a checkmark in Uninstall application on close.
    - Close the program and report that nothing was found
  - If threats were found:
    - Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
    - Copy and Paste contents of the log file in your next reply.
Note: Enable your security programs afterwards.

Required Log(s):
- FRST Fix Log
- Malwarebytes' Anti-Malware Scan Log
- ESET Scan Log

Regards,
Valinorum

#10
Idan611

Posted 23 November 2015 - 11:46 AM

Member

Topic Starter
Member
23 posts

Hi,

The first log:

Fix result of Farbar Recovery Scan Tool (x64) Version:22-11-2015

Ran by Idan (2015-11-23 19:19:12) Run:1

Running from C:\Users\Idan\Desktop

Loaded Profiles: Idan (Available Profiles: Idan & Guest)

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start

CreateRestorePoint:

CloseProcesses:

EmptyTemp:

RemoveProxy:

FirewallRules: [{7B792180-DEAB-4416-AC5B-D100F208C3DE}] => (Allow) C:\Users\Idan\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{7B9B4DD3-15FA-4227-977F-C1D4362CA675}] => (Allow) C:\Users\Idan\AppData\Roaming\BitTorrent\BitTorrent.exe

Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

SearchScopes: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\MountPoints2: {98e8c78f-3241-11e1-ab52-f07bcbde0ae5} - "E:\WD SmartWare.exe" autoplay=true

HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\MountPoints2: {dfbebc7a-b55d-11e0-b86f-a3c90d25e841} - E:\autorun.exe

CMD: bitsadmin /reset /allusers

End

*****************

Restore point was successfully created.

Processes closed successfully.

========= RemoveProxy: =========

"HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B792180-DEAB-4416-AC5B-D100F208C3DE} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B9B4DD3-15FA-4227-977F-C1D4362CA675} => value removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully

HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.

"HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.

HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.

"HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98e8c78f-3241-11e1-ab52-f07bcbde0ae5}" => key removed successfully

HKCR\CLSID\{98e8c78f-3241-11e1-ab52-f07bcbde0ae5} => key not found.

"HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfbebc7a-b55d-11e0-b86f-a3c90d25e841}" => key removed successfully

HKCR\CLSID\{dfbebc7a-b55d-11e0-b86f-a3c90d25e841} => key not found.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 8.1 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 19:23:53 ====

#11
Idan611

Posted 23 November 2015 - 02:48 PM

Member

Topic Starter
Member
23 posts

Malwarebytes' Anti-Malware Scan Log:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 23/11/2015

Scan Time: 21:36

Logfile: antimalware.txt

Administrator: Yes

Version: 0.0.0.0000

Malware Database: v2015.11.23.07

Rootkit Database: v2015.11.23.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Idan

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 407288

Time Elapsed: 39 min, 53 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

#12
Idan611

Posted 24 November 2015 - 12:08 AM

Member

Topic Starter
Member
23 posts

and the last one:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=5f5d19087e328f4f9b4ac73564ad2781

# end=init

# utc_time=2015-11-23 08:57:04

# local_time=2015-11-23 10:57:04 (+0200, Jerusalem Standard Time)

# country="Israel"

# osver=6.1.7601 NT Service Pack 1

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=5f5d19087e328f4f9b4ac73564ad2781

# end=init

# utc_time=2015-11-23 09:00:37

# local_time=2015-11-23 11:00:37 (+0200, Jerusalem Standard Time)

# country="Israel"

# osver=6.1.7601 NT Service Pack 1

Update Init

Update Download

Update Finalize

Updated modules version: 26860

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=5f5d19087e328f4f9b4ac73564ad2781

# end=updated

# utc_time=2015-11-23 09:09:33

# local_time=2015-11-23 11:09:33 (+0200, Jerusalem Standard Time)

# country="Israel"

# osver=6.1.7601 NT Service Pack 1

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7777

# api_version=3.1.1

# EOSSerial=5f5d19087e328f4f9b4ac73564ad2781

# engine=26860

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2015-11-24 12:20:59

# local_time=2015-11-24 02:20:59 (+0200, Jerusalem Standard Time)

# country="Israel"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='AVG Internet Security 2015'

# compatibility_mode=1053 16777213 100 98 150207 135462043 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 74707289 199954309 0 0

# scanned=270438

# found=11

# cleaned=0

# scan_time=11486

sh=CA1C278579580195A0094880C98EF177807824F4 ft=1 fh=e347f6fd5c8ddb6a vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\AspManager.exe.vir"

sh=D9A63C85ABEEE7F74EB5612CEA9BAC61AB042F08 ft=1 fh=6e5ba9930d984e4b vn="a variant of Win32/Systweak.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\ASPUninstall.exe.vir"

sh=AA97D0680C6D88F7255CA72611393EBD806ADEEB ft=1 fh=cf28f42e75c9990a vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\BrowserCleaner.exe.vir"

sh=942880327BE38DDB5BE15B3DFF290668D5DF7398 ft=1 fh=687d254b21a3b962 vn="a variant of Win32/Systweak.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\Communication.dll.vir"

sh=8C3893BEAD93A15E3F7F71A1623515393B9D5E5D ft=1 fh=09bc09d84de32e8a vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\filetypehelper.exe.vir"

sh=5B04F76DC0A6313B4CE2E3D6CDA9FB7504B32CE5 ft=1 fh=d89616663e9a677b vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\scandll.dll.vir"

sh=B342F65CC0D41AB01FAECCB6804905DD4BB56B20 ft=1 fh=8abfbe9fbc04fb8e vn="Win64/AdvancedSystemProtector.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysNative\sasnative64.exe.vir"

sh=70D317C57C06F02DC93FF37061CBF10A6D0CF28F ft=1 fh=e48e1c6cc5616c36 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="C:\Users\Idan\Media\BitTorrent.exe.5728.tmp"

sh=604AE2F3B340A881491C381800BE21A889160FBF ft=1 fh=9debd758228f4d8d vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="C:\Users\Idan\Media\BitTorrent.exe.7501.tmp"

sh=F3423F3E4E50E632396CC8B1C409DAC87FF95B73 ft=1 fh=66c25a75ae160939 vn="a variant of Win32/Adware.Kazaa.A application" ac=I fn="C:\Users\Idan\Music\גיבוי סבתא\DownLoads\kazaa_setup.exe"

sh=EA0EE3C9B4FB6B2B00B0074C1F5303291FF081B9 ft=1 fh=e40dd9938df1a373 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\MSIA8C1.tmp"

#13
Idan611

Posted 25 November 2015 - 11:08 AM

Member

Topic Starter
Member
23 posts

Hi Valinorum ,

Are the logs that I've posted OK? Any sign of the Trojan/Sekindo threat?

Any more actions that need to be taken?

Regards,

Idan

#14
Valinorum

Posted 29 November 2015 - 02:18 PM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

The logs look good. How are things from your side?

#15
Idan611

Posted 29 November 2015 - 03:00 PM

Member

Topic Starter
Member
23 posts

Everything looks OK from my side.

I ran AVG PC TuneUp and it did some more fixes in the registry (said it had network access and recommended to disable this option, which I did), startup etc

I just wanted to make sure all my information is secured and that my computer is safe.