Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

JS.DOWNLOADER TROJAN SEKINDO [Solved]

js torjan malware sekindo

  • This topic is locked This topic is locked

#1
Idan611

Idan611

    Member

  • Member
  • PipPip
  • 23 posts

Hi,

 

My online AVG shiled gives me (each time I open chrome/IE/etc) an AVG detection that it found a JS.DOWNLOADER trojan

and it showes that it's location is a URL link refering to www.sekindo.com/live.

 

Each time of course AVG says it blocked it and secured it but each time I open a new chrome or IE the detection pops-up again and again.

 

I have tried several malware tools for it, and also erased all the history + restored to default the web browsers but it doesnt seem to help.

When I run AVG for a whole computer scan (when the browsers are closed) it doesn't find any virus and saies the computer is clean. Only when I open the browser i get the AVG detection.

 

Any ideas anyone how to remove this torjan/malware?

 

Thanks,

Idan


  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Post the diagnostic logs asked in the sticky thread.
  • 0

#3
Idan611

Idan611

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Hi,

 

Thanks for the replay.

Can you please explain what diagnostic logs you mean (and from where I should get it?) and what is the sticky thread?

 

Thanks again,

Idan


  • 0

#4
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Follow this thread.
  • 0

#5
Idan611

Idan611

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Hi,

 

In the meanwhile, I read somewhere that windows system recovery might solve the problem.

On the first time it didn't work, but as for the second time it seems the pop-up has gone.

 

Should I still follow the thread and copy the logs, just to be on the safe side?

 

thanks again,

Idan


  • 0

#6
Idan611

Idan611

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

anyway did it so :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-11-2015
Ran by Idan (administrator) on IDAN-PC (22-11-2015 17:53:56)
Running from C:\Users\Idan\Desktop
Loaded Profiles: Idan (Available Profiles: Idan & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLEDService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLED.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Idan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(ArcSoft, Inc.) C:\Users\Idan\HITACHI\arcsoft\uBBMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Users\Idan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Idan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Idan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Idan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Idan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Idan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Idan\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-23] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [2598280 2010-02-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231264 2009-09-02] (Lenovo.)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4400064 2009-12-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-26] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2569616 2015-10-05] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\Run: [Dropbox Update] => C:\Users\Idan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-19] (Dropbox, Inc.)
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\MountPoints2: {98e8c78f-3241-11e1-ab52-f07bcbde0ae5} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\MountPoints2: {dfbebc7a-b55d-11e0-b86f-a3c90d25e841} - E:\autorun.exe
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-05-28]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk [2011-04-27]
ShortcutTarget: TotalMedia Backup Monitor.lnk -> C:\Users\Idan\HITACHI\arcsoft\uBBMonitor.exe (ArcSoft, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 80.179.52.100 80.179.55.100
Tcpip\..\Interfaces\{B72D62AF-EA28-4399-9C8A-FD32BEC3CEF7}: [DhcpNameServer] 80.179.52.100 80.179.55.100
Tcpip\..\Interfaces\{EACC8061-2EFA-49E1-9466-8464DAABB7BE}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.walla.co.il/
URLSearchHook: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={A29C3F15-3333-4742-8D5C-4FF06085CD6C}&mid=982657a7d75d47d699ed21328d3ae316-325d026aa9ebb2d49db438ba10021cddd1d72988&lang=us&ds=AVG&pr=fr&d=2011-12-11 22:06:50&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={A29C3F15-3333-4742-8D5C-4FF06085CD6C}&mid=982657a7d75d47d699ed21328d3ae316-325d026aa9ebb2d49db438ba10021cddd1d72988&lang=us&ds=AVG&pr=fr&d=2011-12-11 22:06:50&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: IEPwdBankBHO Class -> {56CBB761-DA41-4E31-B270-B13B4B0A61D0} -> C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll [2010-01-25] (Egis Technology Inc. )
BHO-x32: AGFormHelperObj Class -> {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} -> C:\Program Files (x86)\agat\AGForm\AGFormsHelper.dll [2013-07-24] (Agat software solutions)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-31] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.9.0.230\AVG Secure Search_toolbar.dll [2015-10-05] (AVG Secure Search)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-31] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.9.0.230\AVG Secure Search_toolbar.dll [2015-10-05] (AVG Secure Search)
Toolbar: HKLM-x32 - Agat.AGForms.Toolbar.AGFormsToolbar - {8fe28f46-37ad-47b2-8258-34c128636ace} - C:\windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.9.0\ViProtocol.dll [2015-10-05] (AVG Secure Search)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Idan\AppData\Roaming\Mozilla\Firefox\Profiles\1bg2zy70.default
FF Homepage: hxxp://www.walla.co.il/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.9.0\\npsitesafety.dll [No File]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> d:\media\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> d:\media\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> d:\media\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> d:\media\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-85820212-1267379632-1251349074-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Idan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-85820212-1267379632-1251349074-1000: @talk.google.com/O1DPlugin -> C:\Users\Idan\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-85820212-1267379632-1251349074-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Idan\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-85820212-1267379632-1251349074-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Idan\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF user.js: detected! => C:\Users\Idan\AppData\Roaming\Mozilla\Firefox\Profiles\1bg2zy70.default\user.js [2015-04-28]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-12-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-12-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-12-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-12-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-12-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\cgpcfg.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\CgpCore.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\confmgr.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\ctxlogging.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\ctxmui.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\icafile.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\icalogon.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\msvcm80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\msvcp80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\msvcr80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\npicaN.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\sslsdk_b.dll [2008-06-05] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\TcpPServ.dll [2008-08-16] (Citrix Systems, Inc.)
FF Extension: No Name - C:\ProgramData\AVG Secure Search\FireFoxExt\18.9.0.230 [2015-11-22] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-09-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.9.0.230
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Native Client) - C:\Users\Idan\AppData\Local\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Idan\AppData\Local\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Idan\AppData\Local\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Idan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Idan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Idan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Idan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (VLC Multimedia Plug-in) - d:\media\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Profile: C:\Users\Idan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Idan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1563664 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [873248 2010-02-18] (Broadcom Corporation.)
R2 EgisTec Data Security Service; C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe [313200 2010-01-25] (Egis Technology Inc. )
R2 EgisTec Service Help; c:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [319344 2010-01-28] (Egis Technology Inc. )
R2 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-02-05] (Realtek Semiconductor Corp.) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2973400 2015-08-04] (AVG Technologies)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies)
R2 UxTuneUp; C:\windows\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies)
R2 vToolbarUpdater18.9.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\ToolbarUpdater.exe [1862032 2015-10-05] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [77760 2015-07-09] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [118016 2009-08-27] (TCT International Mobile Ltd)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [214912 2010-01-27] (Vimicro Corporation)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-22 17:53 - 2015-11-22 17:56 - 00031939 _____ C:\Users\Idan\Desktop\FRST.txt
2015-11-22 17:53 - 2015-11-22 17:53 - 00000000 ____D C:\FRST
2015-11-22 17:51 - 2015-11-22 17:52 - 02345984 _____ (Farbar) C:\Users\Idan\Desktop\FRST64.exe
2015-11-21 21:00 - 2015-11-22 08:22 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-21 20:40 - 2015-11-22 08:22 - 00000000 ____D C:\Users\Idan\Downloads\SmitfraudFix
2015-11-21 19:58 - 2015-11-22 08:22 - 00000000 ____D C:\Program Files\HitmanPro
2015-11-21 19:58 - 2015-11-21 20:23 - 00000000 ____D C:\ProgramData\HitmanPro
2015-11-21 18:39 - 2015-11-21 18:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-21 17:15 - 2015-11-21 18:31 - 00000000 ____D C:\AdwCleaner
2015-11-21 17:14 - 2015-11-21 17:14 - 00000051 _____ C:\Users\Idan\Desktop\webvi.txt
2015-11-11 05:46 - 2015-11-22 08:22 - 00000000 ____D C:\Users\Idan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-07 09:26 - 2015-11-22 08:22 - 00000000 ____D C:\Intel
2015-11-02 19:04 - 2015-11-02 19:04 - 00000000 _____ C:\windows\setuperr.log
2015-10-25 23:27 - 2015-10-25 23:38 - 00052916 _____ C:\Users\Idan\Desktop\מצגת מזוקקת-טיוטא3.pptx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-22 17:50 - 2010-05-28 12:40 - 03325952 _____ C:\windows\system32\TPAPSLOG.LOG
2015-11-22 17:49 - 2012-08-01 22:11 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-22 17:47 - 2010-10-26 23:01 - 00000000 ____D C:\ProgramData\MFAData
2015-11-22 17:42 - 2015-09-19 09:37 - 00000914 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000UA.job
2015-11-22 17:33 - 2010-05-28 12:40 - 03234432 _____ C:\windows\system32\TPHDLOG0.LOG
2015-11-22 17:29 - 2009-07-14 06:45 - 00013632 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-22 17:29 - 2009-07-14 06:45 - 00013632 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-22 17:23 - 2013-01-24 18:11 - 00000354 _____ C:\windows\Tasks\ROC_JAN2013_TB_rmv.job
2015-11-22 17:13 - 2010-09-16 21:42 - 00000934 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000UA.job
2015-11-22 10:55 - 2010-05-28 11:41 - 02053682 _____ C:\windows\WindowsUpdate.log
2015-11-22 10:42 - 2015-09-19 09:37 - 00000862 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000Core.job
2015-11-22 08:32 - 2015-10-10 23:17 - 00001512 _____ C:\windows\setupact.log
2015-11-22 08:32 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-22 08:24 - 2015-04-07 02:01 - 00000000 ___SD C:\windows\system32\GWX
2015-11-22 08:24 - 2010-11-29 19:41 - 00000000 ____D C:\Users\Guest
2015-11-22 08:24 - 2010-08-21 07:45 - 00000000 ____D C:\Users\Idan
2015-11-22 08:24 - 2009-07-29 09:23 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-22 08:24 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-11-22 08:24 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-11-22 08:23 - 2011-11-13 21:11 - 00000000 ____D C:\windows\system32\Macromed
2015-11-22 08:23 - 2010-08-21 13:57 - 00000000 ____D C:\windows\SysWOW64\Macromed
2015-11-22 08:22 - 2015-04-23 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-11-22 08:22 - 2014-12-13 00:18 - 00000000 ____D C:\Users\Idan\Desktop\Tor Browser
2015-11-22 08:22 - 2014-08-29 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-22 08:22 - 2014-04-28 00:24 - 00000000 ____D C:\ProgramData\AVG Secure Search
2015-11-22 08:22 - 2013-10-21 19:07 - 00000000 ____D C:\ProgramData\Oracle
2015-11-22 08:22 - 2012-05-11 20:18 - 00000000 ____D C:\Users\Idan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BS.Player
2015-11-22 08:22 - 2011-12-11 22:07 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2015-11-22 08:22 - 2011-07-15 16:06 - 00000000 ____D C:\Users\Idan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-22 08:22 - 2011-04-27 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Backup
2015-11-22 08:22 - 2011-01-25 22:15 - 00000000 ____D C:\Users\Idan\AppData\Roaming\Dropbox
2015-11-22 08:22 - 2010-10-26 23:16 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-11-22 08:22 - 2010-09-18 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule
2015-11-22 08:22 - 2010-08-21 07:45 - 00000000 ____D C:\Users\Idan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-11-22 08:22 - 2009-07-29 09:23 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-22 08:22 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-11-22 08:20 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration
2015-11-22 08:11 - 2013-08-20 19:11 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-21 11:55 - 2015-08-31 17:31 - 00000000 ____D C:\Users\Idan\.oracle_jre_usage
2015-11-21 03:44 - 2013-07-17 02:01 - 00000000 ____D C:\windows\system32\MRT
2015-11-12 23:13 - 2010-09-16 21:42 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000Core.job
2015-11-12 18:34 - 2010-08-28 00:03 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{8F7EFE37-AFAB-448D-8C57-4D7D7A2DD129}
2015-11-10 23:49 - 2012-08-01 22:11 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 23:49 - 2012-03-29 23:58 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 23:49 - 2011-05-20 08:45 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-10 19:10 - 2015-04-23 12:24 - 00000965 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-11-05 18:57 - 2009-07-14 07:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-03 19:02 - 2010-05-28 12:52 - 00729826 _____ C:\windows\PFRO.log
2015-10-27 19:29 - 2010-09-03 16:07 - 00000000 ____D C:\Users\Idan\אישי
 
==================== Files in the root of some directories =======
 
2013-12-09 12:45 - 2014-06-23 05:09 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2010-09-04 15:37 - 2015-09-27 15:47 - 0008192 _____ () C:\Users\Idan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-07 10:24 - 2012-12-07 10:24 - 0004096 ____H () C:\Users\Idan\AppData\Local\keyfile3.drm
2010-12-01 22:40 - 2010-12-01 22:40 - 0000017 _____ () C:\Users\Idan\AppData\Local\resmon.resmoncfg
2013-11-02 21:35 - 2013-11-02 21:37 - 0002216 _____ () C:\Users\Idan\AppData\Local\WiDiSetupLog.20131102.213526.txt
2013-11-02 21:37 - 2013-11-02 21:37 - 0002218 _____ () C:\Users\Idan\AppData\Local\WiDiSetupLog.20131102.213728.txt
2010-08-27 22:15 - 2010-08-27 22:15 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-20 22:51
 
==================== End of FRST.txt ============================

  • 0

#7
Idan611

Idan611

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

and the second one:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-11-2015
Ran by Idan (2015-11-22 17:57:32)
Running from C:\Users\Idan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-08-21 05:45:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-85820212-1267379632-1251349074-500 - Administrator - Disabled)
Guest (S-1-5-21-85820212-1267379632-1251349074-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-85820212-1267379632-1251349074-1002 - Limited - Enabled)
Idan (S-1-5-21-85820212-1267379632-1251349074-1000 - Administrator - Enabled) => C:\Users\Idan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
Active Protection System (HKLM-x32\...\{F493761C-E465-4B9E-9FC1-A312F161DE0A}) (Version: 1.70.09 - Lenovo)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Apple Application Support‏ (64 סיביות) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia Backup (HKLM-x32\...\{3D69628B-4DE8-43C7-9A22-F90F5B870C08}) (Version: 1.5.21.7 - ArcSoft)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6176 - AVG Technologies)
AVG 2015 (Version: 15.0.4460 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6176 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.638 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.9.0.230 - AVG Technologies)
BioExcess (HKLM-x32\...\InstallShield_{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}) (Version: 6.0.48.159 - Egis Technology Inc.)
BioExcess (x32 Version: 6.0.48.159 - Egis Technology Inc.) Hidden
BitTorrent (HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\BitTorrent) (Version: 7.8.2.30489 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.18.41 - Broadcom Corporation)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.61.1065 - AB Team, d.o.o.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2603 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
E-GOV.IL Sign&Verify Software - AGForm toolbar (HKLM-x32\...\{98880889-285F-4260-989B-8B22020D756F}) (Version: 14.2.1.0 - GOV.IL)
eMule (HKLM-x32\...\eMule) (Version:  - )
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.0.9 - Lenovo)
ETDWare PS/2-x64 7.0.4.15_WHQL (HKLM\...\Elantech) (Version: 7.0.4.15 - ELAN Microelectronics Corp.)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
Fences (Version: 1.0 - Stardock Corporation) Hidden
Google Chrome (HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Juniper Citrix Services Client (HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\Juniper_Citrix_Services) (Version: 8.0.8.33771 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\Juniper_Setup_Client) (Version: 8.0.8.52215 - Juniper Networks)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\Juniper_Term_Services) (Version: 8.0.8.33771 - Juniper Networks)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1400 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.10.01.29.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lenovo Security Suite (HKLM-x32\...\InstallShield_{8B404231-6BB1-44F6-8488-6A7C307B576F}) (Version: 1.0.4.6 - Lenovo)
Lenovo Security Suite (x32 Version: 1.0.4.6 - Lenovo) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 he) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 he)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
Port Locker (HKLM-x32\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.15 - Egis Technology Inc.)
Port Locker (Version: 1.0.5.15 - Egis Technology Inc.) Hidden
Port Locker (x32 Version: 1.0.5.15 - Egis Technology Inc.) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6051 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
RtLED (HKLM\...\{5ACF5427-B4E4-4F85-A512-151E0BECF7E3}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Self-service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SmartShare (HKLM-x32\...\{BAB337AE-DD9E-45C3-BED6-0EE4732AEC60}) (Version: 2.1.1309.1101 - LG Electronics Inc.)
SPSS Statistics 17.0 (HKLM-x32\...\{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}) (Version: 17.0.0 - SPSS Inc.)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (01/19/2010 6.2.0.1417) (HKLM\...\7341A1B43E7FE58942EB1E820A17C18305DFBCE6) (Version: 01/19/2010 6.2.0.1417 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.00 (64-סיביות) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
עדכון עבור מסנן דואר הזבל של Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-040D-0000-0000000FF1CE}_ENTERPRISER_{18E2D7BF-CC18-4CE8-B875-D2934B6086E2}) (Version:  - Microsoft)
עדכון עבור מסנן דואר הזבל של Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-040D-0000-0000000FF1CE}_ENTERPRISER_{54B50AC9-2088-4F43-B39A-0F10F53D425E}) (Version:  - Microsoft)
עדכון עבור מסנן דואר הזבל של Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-040D-0000-0000000FF1CE}_ENTERPRISER_{CAB664CE-BBA4-4A81-A358-6CC6F7852FC9}) (Version:  - Microsoft)
תמיכה ביישומים של Apple‏ (32 סיביות) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Idan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Idan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-85820212-1267379632-1251349074-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
20-11-2015 22:58:44 Scheduled Checkpoint
21-11-2015 00:35:32 Restore Operation
21-11-2015 03:02:05 Windows Update
21-11-2015 15:29:12 Advanced System~Protector
22-11-2015 08:05:00 Restore Operation
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {023DDFA2-8DCC-410B-8327-93348906B7E8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {1A53045A-B0DD-48BD-8784-7F7A69F533EE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000Core => C:\Users\Idan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-09-19] (Dropbox, Inc.)
Task: {2FDCCFD1-A82B-41E7-BF47-F90CAE48A459} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-08-04] (AVG Technologies)
Task: {55316116-96C1-45F0-9D45-3D43C06CD8FB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000UA => C:\Users\Idan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-09-19] (Dropbox, Inc.)
Task: {6EFFCEB5-7F0F-46D4-AE09-31E3F71C07A4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000Core => C:\Users\Idan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7BEE9764-CD9A-4E28-8DF1-1C9CBB631311} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000UA => C:\Users\Idan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7E8D0C06-4DA7-4C41-BA4C-0880F0827F09} - System32\Tasks\Google Update => C:\Users\Idan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {AA07E32A-A454-408A-8FBB-4C995454AF30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BDF29435-3C18-4A1B-A9D7-AC8C2079AA03} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)
Task: {C4EA53C1-8F2C-4BCC-A974-3CEE304ADAE1} - System32\Tasks\SmartShare => C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe [2013-06-27] (LG Electronics Inc.)
Task: {CD1444B7-1A00-4BEA-B06B-E985255B5C26} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-31] ()
Task: {D1550A1E-EF72-4D65-9D00-97337206A609} - System32\Tasks\{8A161A7C-5CA9-4B4A-B824-D34132D17196} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-03-25] (Skype Technologies S.A.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000Core.job => C:\Users\Idan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000UA.job => C:\Users\Idan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000Core.job => C:\Users\Idan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000UA.job => C:\Users\Idan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-01-25 22:50 - 2010-01-25 22:50 - 01407344 _____ () C:\Program Files (x86)\EgisTec BioExcess\x64\LIBEAY32.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-04 14:26 - 2015-08-04 14:26 - 00718040 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2015-08-04 14:26 - 2015-08-04 14:26 - 00861912 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2010-02-18 01:26 - 2010-02-18 01:26 - 00173344 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2011-04-24 20:16 - 2011-03-02 11:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2010-05-28 13:05 - 2009-07-15 17:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2010-05-28 13:05 - 2009-07-15 17:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2014-10-16 03:13 - 2014-10-16 03:13 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-08-13 18:21 - 2010-11-05 22:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-10-24 16:16 - 2015-10-20 16:08 - 01532744 _____ () C:\Users\Idan\AppData\Local\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-24 16:16 - 2015-10-20 16:08 - 00081224 _____ () C:\Users\Idan\AppData\Local\Google\Chrome\Application\46.0.2490.80\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Idan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 80.179.52.100 - 80.179.55.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FD9F32E6-3603-42BD-9F2D-EB6C04AA1C3E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{EFFD2A0D-AF92-46DC-AA69-F661C7102557}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{003E35A8-EB19-4FA1-A2FF-A78739F53481}] => (Allow) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
FirewallRules: [{A06111B9-588A-433B-B99C-58CFA15FBCEB}] => (Allow) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
FirewallRules: [{59823DFA-0D28-4423-AEAC-703660A73FE6}] => (Allow) C:\windows\System32\IgrsSvcs.exe
FirewallRules: [{DC6594D3-9323-49E8-888A-7B1018CD30EF}] => (Allow) C:\windows\System32\IgrsSvcs.exe
FirewallRules: [{9405CE55-1568-4E4E-83A7-AF182890A849}] => (Allow) C:\Program Files\Lenovo\ReadyComm\Projectionist.exe
FirewallRules: [{1DDA822B-F317-4AD3-9C8D-3316FD6C72F4}] => (Allow) C:\Program Files\Lenovo\ReadyComm\Projectionist.exe
FirewallRules: [{1DFEEF88-EBE1-454D-9C9A-9AC2CF790E4F}] => (Allow) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
FirewallRules: [{14FECE8E-E07B-4BF3-A9AF-D017FF22B85D}] => (Allow) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
FirewallRules: [{7DC9D6FE-4CDA-418C-8E64-557E1AD40CBA}] => (Allow) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
FirewallRules: [{2B24A9C4-22A2-4F8D-9809-158A47D8F9E9}] => (Allow) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
FirewallRules: [{125D8513-F0DB-48F3-97AA-332BDD6FFB23}] => (Allow) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
FirewallRules: [{3FC0C7AB-9F2B-4246-AC6E-EE5D2183DCAA}] => (Allow) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
FirewallRules: [{683E59B1-34A3-4FD4-BCB6-40DAA5A54ED5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D07D713D-4EE1-4263-8DB1-0E750E087A3C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A13D16CF-2E38-42E7-BD88-75D2C385B98A}] => (Allow) LPort=2869
FirewallRules: [{A779E1D5-B6DD-408A-BB6C-520EAD163644}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{81DFAA66-5E7A-4B59-9F28-B8F8BE1F46CF}C:\users\idan\media\emule\emule.exe] => (Allow) C:\users\idan\media\emule\emule.exe
FirewallRules: [UDP Query User{10802865-98B3-487E-A68F-60CD06450EB3}C:\users\idan\media\emule\emule.exe] => (Allow) C:\users\idan\media\emule\emule.exe
FirewallRules: [TCP Query User{61147E9D-1B85-4E90-85E0-502033E0FE88}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{851507D2-8B41-4EDD-830E-56852AD74B40}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{C0AE4941-E74E-4C8B-A835-35652A9711FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0C473EA9-ECEC-4AAC-91E5-B8E55956E314}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3E739D00-0AB4-4A95-922A-644B32E51648}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5EC2819F-0AE6-41E8-9AEE-FF47B6149CFA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7B792180-DEAB-4416-AC5B-D100F208C3DE}] => (Allow) C:\Users\Idan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7B9B4DD3-15FA-4227-977F-C1D4362CA675}] => (Allow) C:\Users\Idan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{04474B11-AA48-48B4-AFDA-BFE70DBAD996}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D7CAA48B-2EDB-4D3F-BA6B-35AE29290BA0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3315F1C5-EDAC-41D5-828A-231E67B165D0}] => (Allow) C:\Users\Idan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C8DECDDB-9C97-4924-93A2-60409C493DDC}] => (Allow) C:\Users\Idan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{412558D5-5E73-4383-8D87-8D06AF300E08}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
FirewallRules: [{A390CB66-C679-4C67-A7C2-7EAE47E77F16}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
FirewallRules: [{B047C107-DBD6-4651-B6DE-1826B653CD16}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
FirewallRules: [{5E0D4987-C8BC-410D-B5EB-669189BFD117}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
FirewallRules: [{BAADCF14-7D72-47DA-B46C-87434A4199CA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{45FFF10D-BE34-43AC-86D7-D1B51B4EACE9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{AC61E950-07EC-42F7-A900-10B212E35170}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{A4A0E882-79BD-4F00-88B2-51BDD06841A0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{2735FAA7-09FE-4638-8783-C7A6BDA65D57}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/22/2015 08:43:39 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (11/21/2015 09:26:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Idan\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).
 
Error: (11/21/2015 09:25:15 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2012) WebCacheLocal: An attempt to open the file "C:\Users\Idan\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/21/2015 09:25:05 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2012) WebCacheLocal: An attempt to open the file "C:\Users\Idan\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/21/2015 09:24:55 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2012) WebCacheLocal: An attempt to open the file "C:\Users\Idan\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/21/2015 09:24:45 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2012) WebCacheLocal: An attempt to open the file "C:\Users\Idan\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/21/2015 09:24:35 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2012) WebCacheLocal: An attempt to open the file "C:\Users\Idan\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/21/2015 09:24:25 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2012) WebCacheLocal: An attempt to open the file "C:\Users\Idan\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/21/2015 09:24:15 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2012) WebCacheLocal: An attempt to open the file "C:\Users\Idan\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/21/2015 09:24:05 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2012) WebCacheLocal: An attempt to open the file "C:\Users\Idan\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (11/22/2015 05:23:49 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (11/22/2015 08:33:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error: 
%%2
 
Error: (11/22/2015 08:32:52 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.
 
Error: (11/21/2015 09:31:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG PC TuneUp Service service failed to start due to the following error: 
%%1053
 
Error: (11/21/2015 09:31:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVG PC TuneUp Service service to connect.
 
Error: (11/21/2015 09:30:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SeaPort service failed to start due to the following error: 
%%1053
 
Error: (11/21/2015 09:30:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SeaPort service to connect.
 
Error: (11/21/2015 09:29:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RtLedService Installer service failed to start due to the following error: 
%%1053
 
Error: (11/21/2015 09:29:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the RtLedService Installer service to connect.
 
Error: (11/21/2015 09:28:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error: 
%%2
 
 
CodeIntegrity:
===================================
  Date: 2015-10-28 18:59:12.450
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-28 18:59:12.045
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-28 18:59:11.624
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-28 18:59:11.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-19 19:38:08.723
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-19 19:38:08.300
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-19 19:38:07.872
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-17 10:06:59.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-17 10:06:59.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-17 10:06:59.359
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 67%
Total physical RAM: 5876.51 MB
Available physical RAM: 1885.79 MB
Total Virtual: 11751.23 MB
Available Virtual: 8443.96 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:254.14 GB) (Free:105.07 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.69 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 7BD19705)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 
==================== End of Addition.txt ============================

  • 0

#8
Idan611

Idan611

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Does it look good? because I think my computer is relatively slow.

 

thanks again

Idan


  • 0

#9
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
  • Step #1 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      CreateRestorePoint:
      CloseProcesses:
      EmptyTemp:
      RemoveProxy:
      FirewallRules: [{7B792180-DEAB-4416-AC5B-D100F208C3DE}] => (Allow) C:\Users\Idan\AppData\Roaming\BitTorrent\BitTorrent.exe
      FirewallRules: [{7B9B4DD3-15FA-4227-977F-C1D4362CA675}] => (Allow) C:\Users\Idan\AppData\Roaming\BitTorrent\BitTorrent.exe
      Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
      SearchScopes: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
      HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
      HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\MountPoints2: {98e8c78f-3241-11e1-ab52-f07bcbde0ae5} - "E:\WD SmartWare.exe" autoplay=true
      HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\MountPoints2: {dfbebc7a-b55d-11e0-b86f-a3c90d25e841} - E:\autorun.exe
      CMD: bitsadmin /reset /allusers
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #2 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click on mbam-setup-version-number.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
      • Navigate to the Settings tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #3 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Uncheck the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • FRST Fix Log
    • Malwarebytes' Anti-Malware Scan Log
    • ESET Scan Log
Regards,
Valinorum
  • 0

#10
Idan611

Idan611

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Hi,

 

The first log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:22-11-2015
Ran by Idan (2015-11-23 19:19:12) Run:1
Running from C:\Users\Idan\Desktop
Loaded Profiles: Idan (Available Profiles: Idan & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
RemoveProxy:
FirewallRules: [{7B792180-DEAB-4416-AC5B-D100F208C3DE}] => (Allow) C:\Users\Idan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7B9B4DD3-15FA-4227-977F-C1D4362CA675}] => (Allow) C:\Users\Idan\AppData\Roaming\BitTorrent\BitTorrent.exe
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
SearchScopes: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\MountPoints2: {98e8c78f-3241-11e1-ab52-f07bcbde0ae5} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\MountPoints2: {dfbebc7a-b55d-11e0-b86f-a3c90d25e841} - E:\autorun.exe
CMD: bitsadmin /reset /allusers
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========= RemoveProxy: =========
 
"HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B792180-DEAB-4416-AC5B-D100F208C3DE} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B9B4DD3-15FA-4227-977F-C1D4362CA675} => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully
HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found. 
"HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
"HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98e8c78f-3241-11e1-ab52-f07bcbde0ae5}" => key removed successfully
HKCR\CLSID\{98e8c78f-3241-11e1-ab52-f07bcbde0ae5} => key not found. 
"HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfbebc7a-b55d-11e0-b86f-a3c90d25e841}" => key removed successfully
HKCR\CLSID\{dfbebc7a-b55d-11e0-b86f-a3c90d25e841} => key not found. 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 8.1 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:23:53 ====

  • 0

Advertisements


#11
Idan611

Idan611

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Malwarebytes' Anti-Malware Scan Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 23/11/2015
Scan Time: 21:36
Logfile: antimalware.txt
Administrator: Yes
 
Version: 0.0.0.0000
Malware Database: v2015.11.23.07
Rootkit Database: v2015.11.23.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Idan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 407288
Time Elapsed: 39 min, 53 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#12
Idan611

Idan611

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

and the last one:

 

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5f5d19087e328f4f9b4ac73564ad2781
# end=init
# utc_time=2015-11-23 08:57:04
# local_time=2015-11-23 10:57:04 (+0200, Jerusalem Standard Time)
# country="Israel"
# osver=6.1.7601 NT Service Pack 1
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5f5d19087e328f4f9b4ac73564ad2781
# end=init
# utc_time=2015-11-23 09:00:37
# local_time=2015-11-23 11:00:37 (+0200, Jerusalem Standard Time)
# country="Israel"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26860
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5f5d19087e328f4f9b4ac73564ad2781
# end=updated
# utc_time=2015-11-23 09:09:33
# local_time=2015-11-23 11:09:33 (+0200, Jerusalem Standard Time)
# country="Israel"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=5f5d19087e328f4f9b4ac73564ad2781
# engine=26860
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-11-24 12:20:59
# local_time=2015-11-24 02:20:59 (+0200, Jerusalem Standard Time)
# country="Israel"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG Internet Security 2015'
# compatibility_mode=1053 16777213 100 98 150207 135462043 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 74707289 199954309 0 0
# scanned=270438
# found=11
# cleaned=0
# scan_time=11486
sh=CA1C278579580195A0094880C98EF177807824F4 ft=1 fh=e347f6fd5c8ddb6a vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\AspManager.exe.vir"
sh=D9A63C85ABEEE7F74EB5612CEA9BAC61AB042F08 ft=1 fh=6e5ba9930d984e4b vn="a variant of Win32/Systweak.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\ASPUninstall.exe.vir"
sh=AA97D0680C6D88F7255CA72611393EBD806ADEEB ft=1 fh=cf28f42e75c9990a vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\BrowserCleaner.exe.vir"
sh=942880327BE38DDB5BE15B3DFF290668D5DF7398 ft=1 fh=687d254b21a3b962 vn="a variant of Win32/Systweak.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\Communication.dll.vir"
sh=8C3893BEAD93A15E3F7F71A1623515393B9D5E5D ft=1 fh=09bc09d84de32e8a vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\filetypehelper.exe.vir"
sh=5B04F76DC0A6313B4CE2E3D6CDA9FB7504B32CE5 ft=1 fh=d89616663e9a677b vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ASP\scandll.dll.vir"
sh=B342F65CC0D41AB01FAECCB6804905DD4BB56B20 ft=1 fh=8abfbe9fbc04fb8e vn="Win64/AdvancedSystemProtector.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysNative\sasnative64.exe.vir"
sh=70D317C57C06F02DC93FF37061CBF10A6D0CF28F ft=1 fh=e48e1c6cc5616c36 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="C:\Users\Idan\Media\BitTorrent.exe.5728.tmp"
sh=604AE2F3B340A881491C381800BE21A889160FBF ft=1 fh=9debd758228f4d8d vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="C:\Users\Idan\Media\BitTorrent.exe.7501.tmp"
sh=F3423F3E4E50E632396CC8B1C409DAC87FF95B73 ft=1 fh=66c25a75ae160939 vn="a variant of Win32/Adware.Kazaa.A application" ac=I fn="C:\Users\Idan\Music\גיבוי סבתא\DownLoads\kazaa_setup.exe"
sh=EA0EE3C9B4FB6B2B00B0074C1F5303291FF081B9 ft=1 fh=e40dd9938df1a373 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\MSIA8C1.tmp"

  • 0

#13
Idan611

Idan611

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Hi Valinorum ,

 

Are the logs that I've posted OK? Any sign of the Trojan/Sekindo threat?

Any more actions that need to be taken?

 

Regards,

Idan


  • 0

#14
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
The logs look good. How are things from your side?
  • 0

#15
Idan611

Idan611

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Everything looks OK from my side.

I ran AVG PC TuneUp and it did some more fixes in the registry (said it had network access and recommended to disable this option, which I did), startup etc

 

I just wanted to make sure all my information is secured and that my computer is safe.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP