Tweet
Ok, let us know how things went, and I can take a look at your files and clean your machine without Zoek if you want. Sorry for the hassle, there is no way we could have known this would happen, I have been using that tool for years without issue…
-
-
I fixed the above Wordperfect corruption from ZOEK but ZOEK messed up other things, as well. I can’t get Acronis to do a restore because its catalogue isn’t good (opened that problem in a different thread). Will have to wait until I can somehow get Acronis catalogue fixed before going further. I don’t want to risk another ZOEK-like disaster until I have a usable backup to restore.Comment
-
Acronis fixed restore issue. I restored PC from backup before that guy got on to my machine (I had first copied over new files and emails created since the backup, then copied them back after the restore). So now I have the machine back as it was, with just my new files/emails created since that backup was taken. So my machine should be safe now with no possible “back-doors” nor key-loggers from that guy.Comment
-
OK, there were some items that needed to go in your original FRST logs, might be a good idea to post fresh ones to make sure.Comment
-
OK I’ll certainly do that - but can you first set my mind at ease that FRST does not change and/or delete things which is what Zoek did? I don’t want to have to go through doing a restore again to fix things as I did after running Zoek.
Thanks.Comment
-
If there is anything that needs removing I will do it manually.Originally posted by User101Comment
-
@User101 Close thread, or continue?Comment
-
Thread closed; due to lack of response by OP.~ Please send me a private message if you would like this thread re-opened for closure.Comment
-
Thread Re-open Upon User request. @User101 Please post fresh FRST and Addition.txt logs for review.Comment
-
Thanks, malnutrition. Here are the logs.
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-12-2016
Ran by Admin (administrator) on PC05 (05-12-2016 12:15:14)
Running from C:\Users\Simcha\Desktop
Loaded Profiles: Admin & Acronis Agent User 2 (Available Profiles: Admin & LogMeInRemoteUser & Acronis Agent User & Acronis Agent User 2)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Acronis\ARSM\arsm.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391056 2016-04-06] (Acronis)
HKLM...\Run: [TrayMonitor.exe] => C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe [1503408 2016-04-06] (Acronis)
HKLM...\Run: [ISW] =>
HKLM...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)
HKLM-x32...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-10-09] (Check Point Software Technologies LTD)
HKLM-x32...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [408456 2016-02-11] (Acronis International GmbH)
HKLM-x32...\Run: [BackupAndRecoveryMonitor.exe] => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryM onitor.exe [1492208 2016-04-06] (Acronis)
HKLM-x32...\Run: =>
HKLM-x32...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-11-12] (Brother Industries, Ltd.)
HKLM-x32...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4517376 2014-11-11] (Brother Industries, Ltd.)
HKLM-x32...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1939968 2014-10-22] (Brother Industries, Ltd.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-10-23] (SUPERAntiSpyware)
HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\MountPoints2: {02f26cf9-6c34-11e0-88f6-b8ac6fe1789a} - I:\LaunchU3.exe -a
HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\MountPoints2: {02f26d1a-6c34-11e0-88f6-b8ac6fe1789a} - I:\LaunchU3.exe -a
HKU\S-1-5-18...\Run: [ZoneAlarm Windows 10 Upgrader] => “C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\ unpacked==win10=update_win10.zip\upgrade.exe” /delay
ShellIconOverlayIdentifiers: [00avast] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-22] (AVAST Software)
Startup: C:\Users\Acronis Agent User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-02-09]
ShortcutTarget: Dell Dock First Run.lnk → C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Acronis Agent User 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-02-09]
ShortcutTarget: Dell Dock First Run.lnk → C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Simcha\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\OS (C) - Shortcut.lnk [2016-01-02]
ShortcutTarget: OS (C) - Shortcut.lnk → C:\ ()
Startup: C:\Users\Simcha\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\Simcha’s Group - Shortcut.lnk [2011-04-21]
ShortcutTarget: Simcha’s Group - Shortcut.lnk → C:\SMD\Simcha’s Group ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2016-01-11]
ShortcutTarget: APC UPS Status.lnk → C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-02-09]
ShortcutTarget: Dell Dock First Run.lnk → C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-02-09]
ShortcutTarget: Dell Dock First Run.lnk → C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microso ft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-02-09]
ShortcutTarget: Dell Dock First Run.lnk → C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Simcha\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\OS (C) - Shortcut.lnk [2016-01-02]
ShortcutTarget: OS (C) - Shortcut.lnk → C:\ ()
Startup: C:\Users\Simcha\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\Simcha’s Group - Shortcut.lnk [2011-04-21]
ShortcutTarget: Simcha’s Group - Shortcut.lnk → C:\SMD\Simcha’s Group ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip..\Interfaces{1396F9F1-AF76-43CD-A872-2B40013661F7}: [NameServer] 192.168.1.1
Tcpip..\Interfaces{223C8A2A-1F78-4BD3-A228-9FCB809537EF}: [NameServer] 192.168.1.1
[HEADING=1]Internet Explorer:[/HEADING]
HKU\S-1-5-21-1877506799-1620552117-407713368-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
URLSearchHook: HKU\S-1-5-21-1877506799-1620552117-407713368-1000 - (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
SearchScopes: HKLM → DefaultScope {E5FE90C6-1D4E-4232-BCE5-43B012AB0EE1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM → {E5FE90C6-1D4E-4232-BCE5-43B012AB0EE1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 → DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM-x32 → {3DD48EB7-6652-4BE4-B001-3EADBE559B68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1877506799-1620552117-407713368-1000 → {3DD48EB7-6652-4BE4-B001-3EADBE559B68} URL =
SearchScopes: HKU\S-1-5-21-1877506799-1620552117-407713368-1000 → {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-1877506799-1620552117-407713368-1000 → {E5FE90C6-1D4E-4232-BCE5-43B012AB0EE1} URL =
BHO: ZoneAlarm Security Engine Registrar → {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} → C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\Tru stCheckerIEPlugin.dll [2012-08-30] (Check Point Software Technologies)
BHO: avast! Online Security → {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} → C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-25] (AVAST Software)
BHO: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09] (Sun Microsystems, Inc.)
BHO: No Name → {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} → No File
BHO-x32: Adobe PDF Link Helper → {18DF081C-E8AD-4283-A596-FA578C2EBDC3} → C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: ZoneAlarm Security Engine Registrar → {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} → C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\b in\TrustCheckerIEPlugin.dll [2012-08-30] (Check Point Software Technologies)
BHO-x32: avast! Online Security → {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} → C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-25] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper → {9FDDE16B-836F-4806-AB1F-1455CBEFF289} → C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer → {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} → C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO-x32: No Name → {B922D405-6D13-4A2B-AE89-08A030DA4402} → No File
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-02] (Sun Microsystems, Inc.)
BHO-x32: No Name → {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} → No File
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\Tru stCheckerIEPlugin.dll [2012-08-30] (Check Point Software Technologies)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\b in\TrustCheckerIEPlugin.dll [2012-08-30] (Check Point Software Technologies)
Toolbar: HKU\S-1-5-21-1877506799-1620552117-407713368-1000 → ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\Tru stCheckerIEPlugin.dll [2012-08-30] (Check Point Software Technologies)
DPF: HKLM {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/x64/ractrl.cab?lmi=1100
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1753
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2011-08-10] (Belarc, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2010-05-13] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-12-21] (Microsoft Corporation)
[HEADING=1]FireFox:[/HEADING]
FF ProfilePath: C:\Users\Simcha\AppData\Roaming\Mozilla\Firefox\Pr ofiles\m6riq23i.default [2016-12-05]
FF user.js: detected! => C:\Users\Simcha\AppData\Roaming\Mozilla\Firefox\Pr ofiles\m6riq23i.default\user.js [2012-11-11]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\m6riq23i.default → Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\m6riq23i.default → Google
FF Extension: (Saved Password Editor) - C:\Users\Simcha\AppData\Roaming\Mozilla\Firefox\Pr ofiles\m6riq23i.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2016-11-29]
FF Extension: (Avast Online Security) - C:\Users\Simcha\AppData\Roaming\Mozilla\Firefox\Pr ofiles\m6riq23i.default\Extensions\wrc@avast.com.xpi [2015-12-08]
FF Extension: (Password Exporter) - C:\Users\Simcha\AppData\Roaming\Mozilla\Firefox\Pr ofiles\m6riq23i.default\Extensions{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2016-04-06]
FF Extension: (DVDVideoSoft YouTube MP3 and Video Download) - C:\Users\Simcha\AppData\Roaming\Mozilla\Firefox\Pr ofiles\m6riq23i.default\Extensions{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-21] [not signed]
FF Extension: (BetterPrivacy) - C:\Users\Simcha\AppData\Roaming\Mozilla\Firefox\Pr ofiles\m6riq23i.default\Extensions{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-10-10]
FF SearchPlugin: C:\Users\Simcha\AppData\Roaming\Mozilla\Firefox\Pr ofiles\m6riq23i.default\searchplugins\filezilla-wiki-en.xml [2015-11-22]
FF Extension: (DVDVideoSoft YouTube MP3 and Video Download) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-15] [not signed]
FF HKLM...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: (No Name) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2016-11-24] [not signed]
FF HKLM...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-22]
FF HKLM...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-22]
FF HKLM-x32...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: (ZoneAlarm Security Engine) - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012-11-11] [not signed]
FF HKLM-x32...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (DVDVideoSoft YouTube MP3 and Video Download) - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-21] [not signed]
FF HKLM-x32...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_ 207.dll [2016-11-21] ()
FF Plugin: @java.com/JavaPlugin → C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-09] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE → disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer → C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_ 207.dll [2016-11-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 → C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-02-22] ()
FF Plugin-x32: @checkpoint.com/FFApi → C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\b in\npFFApi.dll [2012-08-30] ()
FF Plugin-x32: @java.com/JavaPlugin → C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE → disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 → C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 → C:\SMD\Vid Tools\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 → C:\SMD\Vid Tools\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 → C:\SMD\Vid Tools\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 → C:\SMD\Vid Tools\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 → C:\SMD\Vid Tools\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1877506799-1620552117-407713368-1000: @citrixonline.com/appdetectorplugin → C:\Users\Simcha\AppData\Local\Citrix\Plugins\104\n pappdetector.dll [2015-12-17] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2016-05-22] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Simcha\AppData\Roaming\mozilla\plugins\np atgpc.dll [2016-05-22] (Cisco WebEx LLC)
[HEADING=1]Chrome:[/HEADING]
CHR Profile: C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default [2016-12-05]
CHR Extension: (Google Slides) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2015-12-17]
CHR Extension: (Google Docs) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2015-12-17]
CHR Extension: (Google Drive) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2015-12-17]
CHR Extension: (Google Search) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-12-17]
CHR Extension: (Google Sheets) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2015-12-17]
CHR Extension: (Google Docs Offline) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-03-21]
CHR Extension: (Avast Online Security) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki [2016-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-06-20]
CHR Extension: (Gmail) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2015-12-17]
CHR Extension: (Chrome Media Router) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2016-11-15]
CHR HKLM-x32...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2140656 2015-10-08] (Acronis)
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 ARSM; C:\Program Files (x86)\Acronis\ARSM\arsm.exe [6087592 2016-04-06] (Acronis)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-22] (AVAST Software)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [289792 2014-10-23] (Brother Industries, Ltd.) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2015-12-24] (Digital Wave Ltd.)
S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827560 2012-08-30] (Check Point Software Technologies)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-10-22] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [509448 2016-10-22] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MMS; C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [11495288 2016-04-06] (Acronis)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe [21160 2015-09-30] (Dell Inc.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7496464 2016-09-20] (TeamViewer GmbH)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447440 2012-10-09] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2010-11-01] (X10) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AN983X64; C:\Windows\System32\DRIVERS\AN983X64.sys [48128 2005-05-19] (Infineon Technologies AG)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-22] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-08-30] (Check Point Software Technologies)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-25] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-05] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
R3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2010-12-08] (LogMeIn, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1264472 2016-08-09] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [191840 2016-08-09] (Acronis International GmbH)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 w4shwdrv; ??\C:\Users\Simcha\AppData\Local\Temp\w4s9E8F.tmp
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-05 12:15 - 2016-12-05 12:15 - 00029490 _____ C:\Users\Simcha\Desktop\FRST.txt
2016-12-05 12:13 - 2016-12-05 12:15 - 00000000 ____D C:\FRST
2016-12-05 12:13 - 2016-12-05 12:13 - 02419200 _____ (Farbar) C:\Users\Simcha\Desktop\FRST64.exe
2016-12-05 10:47 - 2016-12-05 10:47 - 00001211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-12-05 10:47 - 2016-12-05 10:47 - 00001199 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2016-12-05 10:47 - 2016-12-05 10:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-12-05 09:54 - 2016-12-05 09:54 - 00000000 ____D C:\ProgramData\Motive
2016-11-24 16:24 - 2016-11-24 16:32 - 00000000 ____D C:\Users\Simcha\AppData\Local\Thunderbird
2016-11-24 16:24 - 2016-11-24 16:24 - 00000000 ____D C:\Users\Simcha\AppData\Roaming\Thunderbird
2016-11-15 18:08 - 2016-11-15 23:27 - 00000000 ____D C:\Users\Simcha\AppData\Roaming\CoreFTP
2016-11-15 18:05 - 2016-11-15 19:03 - 00000000 ____D C:\Program Files (x86)\CoreFTP
2016-11-15 18:05 - 2016-11-15 18:05 - 00000993 _____ C:\Users\Simcha\Desktop\Core FTP LE.lnk
2016-11-15 18:05 - 2016-11-15 18:05 - 00000000 ____D C:\Users\Simcha\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Core FTP
2016-11-13 11:55 - 2016-11-13 11:55 - 06668096 _____ (Tim Kosse) C:\Users\Simcha\Downloads\FileZilla_3.22.2.2_win64-setup.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-05 11:53 - 2009-07-14 00:13 - 00733820 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-05 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-12-05 11:50 - 2015-12-16 17:23 - 00000000 ____D C:\Users\Simcha\AppData\Local\CrashDumps
2016-12-05 11:36 - 2015-12-17 18:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-05 11:27 - 2016-05-04 07:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-05 10:47 - 2012-11-18 13:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-05 09:58 - 2011-02-20 09:07 - 00000000 ____D C:\Download
2016-12-05 08:30 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-05 08:30 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-05 08:29 - 2012-11-11 16:15 - 00000000 ____D C:\Windows\Internet Logs
2016-12-05 08:23 - 2014-10-05 11:39 - 00000000 ____D C:\Users\Acronis Agent User 2
2016-12-05 08:23 - 2014-01-28 19:15 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-12-05 08:23 - 2011-03-13 11:06 - 00000000 ____D C:\ProgramData\LogMeIn
2016-12-05 08:22 - 2015-12-17 18:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-05 08:22 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-04 23:24 - 2011-10-18 14:23 - 00031952 _____ C:\Windows\SysWOW64\PCPELog.txt
2016-12-04 23:01 - 2011-04-23 20:50 - 00000000 ____D C:\Users\Simcha\AppData\Roaming\vlc
2016-12-04 13:58 - 2011-02-18 14:56 - 00000000 ____D C:\Users\Simcha
2016-12-03 21:20 - 2011-08-18 19:49 - 00000000 ____D C:\Users\Simcha\AppData\Roaming\dvdcss
2016-12-02 13:53 - 2011-04-21 17:28 - 00000000 ____D C:\ProgramData\X10 Settings
2016-12-02 13:53 - 2011-04-21 17:26 - 00000000 ____D C:\Program Files (x86)\ActiveHome Pro
2016-12-01 20:57 - 2016-02-29 16:41 - 00016120 _____ C:\Windows\BRRBCOM.INI
2016-11-24 16:39 - 2011-04-21 09:59 - 00000000 ___RD C:\SMD
2016-11-24 08:29 - 2011-03-13 10:54 - 00000937 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-24 08:25 - 2015-12-27 14:02 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-11-21 14:53 - 2013-03-10 14:59 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-21 14:53 - 2011-06-01 22:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-21 14:53 - 2011-02-18 16:06 - 00000000 ____D C:\Users\Simcha\AppData\Local\Adobe
2016-11-21 14:52 - 2013-03-10 14:59 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-21 14:52 - 2011-02-09 02:16 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-20 09:35 - 2013-09-24 09:52 - 00000000 ____D C:\Users\Simcha\AppData\Roaming\FileZilla
2016-11-14 16:38 - 2015-12-17 18:13 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 16:38 - 2015-12-17 18:13 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-12 17:57 - 2009-07-14 00:08 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-10 08:20 - 2016-03-04 14:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
==================== Files in the root of some directories =======
2011-03-08 00:54 - 2011-03-08 00:54 - 0012358 _____ () C:\Users\Simcha\AppData\Roaming\PFP120JCM.{PB
2011-03-08 00:54 - 2011-03-08 00:54 - 0061678 _____ () C:\Users\Simcha\AppData\Roaming\PFP120JPR.{PB
2014-01-20 09:22 - 2016-02-16 17:42 - 0006656 _____ () C:\Users\Simcha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-10 15:06 - 2013-03-10 15:06 - 0007616 _____ () C:\Users\Simcha\AppData\Local\Resmon.ResmonCfg
2016-05-20 09:07 - 2016-05-20 09:07 - 0000008 __RSH () C:\Users\Simcha\AppData\Local\ℤ™☠
2011-02-20 14:02 - 2011-02-21 12:45 - 0000088 __RSH () C:\ProgramData\287FE2E5B1.sys
2011-02-20 14:02 - 2011-02-21 12:45 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys
[HEADING=1]Files to move or delete:[/HEADING]
C:\Users\Simcha\en_res.dll
C:\Users\Simcha\es_res.dll
C:\Users\Simcha\fr_res.dll
C:\Users\Simcha\grm_res.dll
C:\Users\Simcha\it_res.dll
C:\Users\Simcha\jp_res.dll
C:\Users\Simcha\mfc80u.dll
C:\Users\Simcha\msvcr80.dll
C:\Users\Simcha\PCPE Setup.exe
C:\Users\Simcha\pt_res.dll
C:\Users\Simcha\ResourceReader.dll
C:\Users\Simcha\ru_res.dll
C:\Users\Simcha\zh_res.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-04 14:28
==================== End of FRST.txt ============================
[HEADING=1]Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-12-2016
Ran by Admin (05-12-2016 12:16:02)
Running from C:\Users\Simcha\Desktop
Windows 7 Home Premium (X64) (2011-02-18 19:56:02)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================
Acronis Agent User (S-1-5-21-1877506799-1620552117-407713368-1006 - Limited - Enabled) => C:\Users\Acronis Agent User
Acronis Agent User 2 (S-1-5-21-1877506799-1620552117-407713368-1167 - Administrator - Enabled) => C:\Users\Acronis Agent User 2
Admin (S-1-5-21-1877506799-1620552117-407713368-1000 - Administrator - Enabled) => C:\Users\Simcha
Administrator (S-1-5-21-1877506799-1620552117-407713368-500 - Administrator - Disabled)
Guest (S-1-5-21-1877506799-1620552117-407713368-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1877506799-1620552117-407713368-1003 - Limited - Enabled)
LogMeInRemoteUser (S-1-5-21-1877506799-1620552117-407713368-1004 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acronis Backup 11.7 Agent Core (HKLM-x32...{356FE63D-CA4B-4BC5-A5A5-59F72A4F1FAA}) (Version: 11.7.44190 - Acronis)
Acronis Backup 11.7 Agent for Windows (HKLM-x32...{E8C647FB-369D-4216-879C-0CDF28407179}) (Version: 11.7.44190 - Acronis)
Acronis Backup 11.7 Bootable Media Builder (HKLM-x32...{549CF6BC-463B-43F0-87F2-F33B7B56DA8E}) (Version: 11.7.44190 - Acronis)
Acronis Backup 11.7 Command-Line Tool (HKLM-x32...{EFA9148A-BA06-4956-9BF5-CC9A6602FBFB}) (Version: 11.7.44190 - Acronis)
Acronis Backup 11.7 Management Console (HKLM-x32...{676B4047-27B3-4A70-B6DA-06FBFB22822F}) (Version: 11.7.44190 - Acronis)
Acronis Backup 11.7 Tray Monitor (HKLM-x32...{4EF5A0DF-7A55-4341-A07D-0FB6144181E5}) (Version: 11.7.44190 - Acronis)
ActiveHome Pro (HKLM-x32...\ActiveHomePro) (Version: - )
Adobe AIR (HKLM-x32...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8C E.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B 320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32...{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.4 (HKLM-x32...{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
Aiseesoft DVD Ripper 6.2.18 (HKLM-x32...{D6BAD6AB-D3D9-46ad-B2C4-5A969006CE48}_is1) (Version: - )
Any Video Converter 5.7.6 (HKLM-x32...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32...{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}) (Version: 1.5.0 - Apple Inc.)
Apple Mobile Device Support (HKLM...{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32...{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Audacity 1.3.14 (Unicode) (HKLM-x32...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
Audacity 2.0.3 (HKLM-x32...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Auslogics Disk Defrag (HKLM-x32...{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.3 - Auslogics Software Pty Ltd)
Avast Pro Antivirus (HKLM-x32...\avast) (Version: 12.3.2280 - AVAST Software)
Belarc Advisor 8.2 (HKLM-x32...\Belarc Advisor) (Version: 8.2.6.0 - Belarc Inc.)
Bonjour (HKLM...{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
BrLauncher (x32 Version: 1.1.6.0 - Brother Industries Ltd.) Hidden
BrLogRx (x32 Version: 1.0.1.1 - Brother Industries Ltd.) Hidden
Brother PCFax Driver (x32 Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Printer Driver (x32 Version: 1.3.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (x32 Version: 1.0.12.10 - Brother Industries Ltd.) Hidden
BrotherHelpInstaller (x32 Version: 1.0.0.0 - Brother) Hidden
BrSupportTools (x32 Version: 1.0.9.0 - Brother Industries Ltd.) Hidden
CCleaner (HKLM...\CCleaner) (Version: 5.15 - Piriform)
Cisco WebEx Meetings (HKLM-x32...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32...{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Consumer In-Home Service Agreement (HKLM-x32...{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
ControlCenter4 (x32 Version: 4.2.435.1 - Brother Insutries Ltd.) Hidden
ControlCenter4 CSDK (x32 Version: 4.2.3.1 - Brother Insutries Ltd.) Hidden
Core FTP LE (HKLM-x32...\CoreFTP) (Version: - )
Corel WordPerfect Office - iFilter 64 Bit (HKLM...{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.01.000 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32...\Debut) (Version: 1.88 - NCH Software)
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32...{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell)
Dell DataSafe Local Backup (HKLM-x32...{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Dell)
Dell DataSafe Online (HKLM-x32...{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Dock (HKLM-x32...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM...{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32...{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell SupportAssist (HKLM...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32...{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell System Detect (HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\58d94f3ce2c27db0) (Version: 6.12.0.1 - Dell)
DeviceDetect (x32 Version: 1.0.3.4 - Brother Industries Ltd.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DiskCheckup v3.3 (HKLM-x32...\DiskCheckup_is1) (Version: 3.3.1000 - PassMark Software)
eBay (HKLM-x32...{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
FastStone Image Viewer 5.5 (HKLM-x32...\FastStone Image Viewer) (Version: 5.5 - FastStone Soft)
FileZilla Client 3.14.1 (HKLM-x32...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Free AVI MPEG WMV MP4 FLV Video Joiner 5.1.2 (HKLM-x32...\Free AVI MPEG WMV MP4 FLV Video Joiner_is1) (Version: - MediaRightSoft, Inc.)
Free Studio (HKLM-x32...\Free Studio_is1) (Version: 6.6.0.1224 - DVDVideoSoft Ltd.)
Free YouTube Downloader 3.3.115 (HKLM-x32...{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32...\GoToAssist) (Version: - )
GPL Ghostscript (HKLM-x32...\GPL Ghostscript 9.18) (Version: 9.18 - Artifex Software Inc.)
HowToGuide (x32 Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
Intel(R) Control Center (HKLM-x32...{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM...\HDMI) (Version: - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32...{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
IrfanView (remove only) (HKLM-x32...\IrfanView) (Version: 4.41 - Irfan Skiljan)
iTunes (HKLM...{B24A47E5-F196-461E-A7A4-AADB72CB19DD}) (Version: 10.2.0.34 - Apple Inc.)
Java™ 6 Update 22 (64-bit) (HKLM...{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 24 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.240 - Oracle)
join.me (HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\JoinMe) (Version: 1.20.0.125 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KEDIT for Windows 1.6.1 (HKLM-x32...\KEDIT for Windows) (Version: 1.6.1 - Mansfield Software Group, Inc.)
LogMeIn (HKLM-x32...{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32...{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaInfo 0.7.53 (HKLM...\MediaInfo) (Version: 0.7.53 - MediaArea.net)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32...{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32...{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32...{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32...{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32...{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM...{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32...{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32...\MozillaMaintenanceService) (Version: 45.5.1 - Mozilla)
Mozilla Thunderbird 45.5.1 (x86 en-US) (HKLM-x32...\Mozilla Thunderbird 45.5.1 (x86 en-US)) (Version: 45.5.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32...{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32...{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetworkRepairTool (x32 Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden
PC-FAXReceive (x32 Version: 1.3.8.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (x32 Version: 1.0.4.5 - Brother Industries Ltd.) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32...{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
pdfforge Toolbar v4.3 (HKLM-x32...{A0B139A7-E8D5-49E8-A7BF-12421E652208}) (Version: 4.3 - Spigot, Inc.) <==== ATTENTION
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
PowerChute Personal Edition 3.0.2 (HKLM-x32...{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
QuickTime (HKLM-x32...{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)
RemoteSetup (x32 Version: 3.8.0.0 - Brother Industries Ltd.) Hidden
Roxio Burn (HKLM-x32...{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.8.57.4 - Roxio)
Roxio Creator Starter (HKLM-x32...{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
ScannerUtilityInstaller (x32 Version: 1.0.0.0 - Brother) Hidden
Skype Toolbars (HKLM-x32...{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM-x32...{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 - Skype Technologies S.A.)
SolveigMM AVI Trimmer (HKLM-x32...\SolveigMM AVI Trimmer 2.0.1210.11) (Version: 2.0.1210.11 - Solveig Multimedia)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sothink DVD Ripper (HKLM-x32...{185E5BA3-64B1-4BE2-8326-923D3483CA83}_is1) (Version: 2.1 - SourceTec Software Co., LTD)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32...{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SpywareBlaster 5.4 (HKLM-x32...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
StatusMonitor (x32 Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden
StreamTransport version: 1.0.2.2171 (HKLM-x32...{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
SUPERAntiSpyware (HKLM...{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
TeamViewer 11 Host (HKLM-x32...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
UsbRepairTool (x32 Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden
VCatcher (HKLM-x32...\VCatcher_is1) (Version: 1.21 - )
VideoPad Video Editor (HKLM-x32...\VideoPad) (Version: 3.04 - NCH Software)
VLC media player (HKLM-x32...\VLC media player) (Version: 2.2.4 - VideoLAN)
WildTangent Games (HKLM-x32...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Live Essentials (HKLM-x32...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32...{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR archiver (HKLM-x32...\WinRAR archiver) (Version: - )
WinX DVD Ripper Platinum 7.5.15 (HKLM-x32...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
WinZip 15.0 (HKLM-x32...{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}) (Version: 15.0.9334 - WinZip Computing, S.L. )
WordPerfect Lightning - IPM (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - Messages (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - MSOM (x32 Version: 1.1 - Corel Corporation) Hidden
WordPerfect Lightning (x32 Version: 2.0 - Corel Corporation) Hidden
WordPerfect Office 12 (HKLM-x32...{AF19F291-F22F-4798-9662-525305AE9E48}) (Version: 12.01 - Corel Corporation)
WordPerfect Office X5 - Common (x32 Version: 15.1 - Corel Corporation) Hidden
Wordperfect Office X5 - EN (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - Filters (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - Graphics (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - IPM (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - LegalTools (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - Migration Manager (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - Oxford (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - PerfectExperts EN (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - PR (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - QP (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - Setup Files (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - Sharepoint (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - Skins (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - System EN (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Templates (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - WP (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - WT (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 (HKLM-x32..._{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}) (Version: 15.0.0.431 - Corel Corporation)
WordPerfect Office X5 (x32 Version: 15.1 - Corel Corporation) Hidden
YTD Video Downloader 5.1.0 (HKLM-x32...{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.1.0 - GreenTree Applications SRL) <==== ATTENTION
ZoneAlarm Firewall (x32 Version: 10.2.081.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32...\ZoneAlarm Free Firewall) (Version: 10.2.081.000 - Check Point)
ZoneAlarm LTD Toolbar (HKLM...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 10.2.081.000 - Check Point Software Technologies Ltd.) Hidden
ZTreeWin (remove only) (HKLM-x32...\ZTreeWin) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00C09885-206D-4E83-94E2-D5E2B96D7875} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {0B9D2915-FDDB-4676-A34B-9C310D1DE59A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {40AEF896-1E3F-4534-A78D-8402B8BF53BB} - System32\Tasks{F65E2FB5-898F-491F-A24C-3B6AE1F82E7F} => pcalua.exe -a “C:\Users\Simcha\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\SOG86P49\streamtransport_setup[1].exe” -d C:\Users\Simcha\Desktop
Task: {578902F3-3135-484B-9306-88E3E7A3F027} - System32\Tasks{556B3944-D10B-4648-A7B5-881FC8BD803F} => C:\Program Files (x86)\WordPerfect Office 12\Programs\wpwin12.exe [2004-12-01] (Corel Corporation)
Task: {6248B224-88ED-444D-98B0-28BE3F737A95} - System32\Tasks{1639BDF1-4701-4489-8E1F-55D778EB2E92} => pcalua.exe -a C:\dell\Drivers\R243163\WIN7\64\EXE\RtlStartInstal l.exe -d C:\dell\Drivers\R243163\WIN7\64\EXE
Task: {798FBE93-0986-4501-96AD-5267697CB9C4} - System32\Tasks\SafeZone scheduled Autoupdate 1447347348 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {8D61F00B-8267-48EB-AA86-74844A2D75F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-17] (Google Inc.)
Task: {9065C8E5-5051-441E-9CEC-2D79F5EA611C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.ex e [2015-09-30] (Dell Inc.)
Task: {9FD440FA-0DFD-4373-98EE-8CE7BD4DD2F9} - System32\Tasks{58CC7BE3-4DC5-45CE-BF0A-719BBA4CF305} => C:\Program Files (x86)\WordPerfect Office 12\Programs\wpwin12.exe [2004-12-01] (Corel Corporation)
Task: {C34D97F7-7DC1-43C5-9B59-4C76B9C95246} - System32\Tasks{541670BA-4500-4BAB-B28F-FEA12D97A8A6} => pcalua.exe -a D:\setup.exe -d D:
Task: {D272AA1E-331E-4705-B541-1AA4DC410873} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-17] (Google Inc.)
Task: {D8B05AD7-D3BC-4E90-93F3-C5CF57D197FC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-22] (AVAST Software)
Task: {EF9A13F3-BDF5-4027-A7C8-90658E9C6BB7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {FBA0AA35-CBFE-4A85-B38D-A34CA479FC01} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Simcha\Favorites\NCH Software Download Site.lnk → hxxp://www.nchsoftware.com/index.html
ShortcutWithArgument: C:\Users\Public\Desktop\eBay.lnk → C:\Program Files (x86)\eBay\Browser Launcher.exe (eBay Inc.) → hxxp://rover.ebay.com/rover/1/711-86042-13409-1/4?mpre=hxxp://ebay.com
==================== Loaded Modules (Whitelisted) ==============
2011-02-20 13:27 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2016-02-29 16:41 - 2005-04-22 13:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2011-02-20 12:51 - 2010-03-15 11:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2016-08-22 06:58 - 2016-08-22 06:58 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-22 06:58 - 2016-08-22 06:58 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-12-05 11:23 - 2016-12-05 11:23 - 03066880 _____ () C:\Program Files\AVAST Software\Avast\defs\16120500\algo.dll
2016-04-06 19:03 - 2016-04-06 19:03 - 00321864 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\events_trac e.dll
2013-11-11 22:56 - 2015-12-25 20:19 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2014-12-21 13:38 - 2015-12-25 20:19 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2014-12-21 13:38 - 2015-12-25 20:19 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2013-11-11 22:56 - 2015-12-24 17:34 - 00253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2013-11-11 22:56 - 2015-12-25 20:19 - 00295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2014-12-21 13:38 - 2015-12-25 20:19 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2016-04-06 19:03 - 2016-04-06 19:03 - 00285488 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\fnls.dll
2016-06-29 11:03 - 2016-06-29 11:03 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-02-27 16:38 - 2009-02-27 16:38 - 00139264 _____ () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\atashost => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\GoToAssist => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vsmon => “”=“Service”
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\dell.com → dell.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\008i.com → 008i.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\008k.com → 008k.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\00hq.com → 00hq.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\0190-dialers.com → 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\01i.info → 01i.info
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\02pmnzy5eo29bfk4.com → 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\0411dd.com → 0411dd.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\0511zfhl.com → 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\05p.com → 05p.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\0632qyw.com → 0632qyw.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\07ic5do2myz3vzpk.com → 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\08nigbmwk43i01y6.com → 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\093qpeuqpmz6ebfa.com → 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\0calories.net → 0calories.net
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\0cj.net → 0cj.net
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\0scan.com → 0scan.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\1-britney-spears-nude.com → 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\1-domains-registrations.com → 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\1-se.com → 1-se.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000...\1001movie.com → 1001movie.com
There are 6091 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1877506799-1620552117-407713368-1000\Control Panel\Desktop\Wallpaper → C:\Users\Simcha\AppData\Roaming\Microsoft\Windows\ Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Application Updater => 2
MSCONFIG\Services: avast! Antivirus => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DockLoginService => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: McMPFSvc => 2
MSCONFIG\Services: mcmscsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McNASvc => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: mfefire => 2
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: RoxMediaDB12OEM => 3
MSCONFIG\Services: RoxWatch12 => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\startupfolder: C:^Users^Simcha^AppData^Roaming^Microsoft^Windows^ Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Simcha^AppData^Roaming^Microsoft^Windows^ Start Menu^Programs^Startup^Kaluach3.lnk => C:\Windows\pss\Kaluach3.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Simcha^AppData^Roaming^Microsoft^Windows^ Start Menu^Programs^Startup^Simcha’s Group - Shortcut.lnk => C:\Windows\pss\Simcha’s Group - Shortcut.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Simcha^AppData^Roaming^Microsoft^Windows^ Start Menu^Programs^Startup^VCatcher.lnk => C:\Windows\pss\VCatcher.lnk.Startup
MSCONFIG\startupreg: "C: =>
MSCONFIG\startupreg: Acronis Scheduler2 Service => “C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe”
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
MSCONFIG\startupreg: Adobe Reader Speed Launcher => “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => “C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe”
MSCONFIG\startupreg: AdobeCS5ServiceManager => “C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e” -launchedbylogin
MSCONFIG\startupreg: Akamai NetSession Interface => “C:\Users\Simcha\AppData\Local\Akamai\netsession_w in.exe”
MSCONFIG\startupreg: avast => “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
MSCONFIG\startupreg: BackupAndRecoveryMonitor.exe => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryM onitor.exe
MSCONFIG\startupreg: ccleaner => “C:\Program Files\CCleaner\CCleaner64.exe” /AUTO
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Desktop Disc Tool => “C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe”
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => “C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe” -start
MSCONFIG\startupreg: ISW =>
MSCONFIG\startupreg: iTunesHelper => “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
MSCONFIG\startupreg: Launcher => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
MSCONFIG\startupreg: Malwarebytes’ Anti-Malware => “C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray
MSCONFIG\startupreg: mcui_exe => “C:\Program Files\McAfee.com\Agent\mcagent.exe” /runkey
MSCONFIG\startupreg: MSC => “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickFinder Scheduler => “c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE”
MSCONFIG\startupreg: QuickTime Task => “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
MSCONFIG\startupreg: RoxWatchTray => “C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe”
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SearchSettings => “C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe”
MSCONFIG\startupreg: SunJavaUpdateSched => “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TrayMonitor.exe => C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{EC23999F-1323-43D8-908C-91A07AD59A10}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D9C421C0-CCA8-4BAD-81A4-BACA57887BDC}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A9CC3ABB-1927-4A0B-A2FE-E52898539BB3}] => LPort=2869
FirewallRules: [{9F588F3E-3039-4135-80E8-159EEF0E1DDD}] => LPort=1900
FirewallRules: [{2BBBD70E-0A3D-4DA5-A68B-22DB7694E9B4}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7D9AFCC7-101B-450D-AD17-159BF4C57FEF}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B3AE19C1-789A-45F6-8069-EF16CE76CB55}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{18045148-0E23-4ECD-BAA3-89CE55CFCBD4}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1B5B5E43-66F0-4B75-B745-CE767DE4A12A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6365B3AB-7389-41A4-8B71-3F9AF1E65794}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{52EA815A-5D0C-44A6-ADCC-C1CE6CAB0231}] => C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{97156EF3-A9EE-4BCE-84C7-A85F9CF7D68F}] => C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
FirewallRules: [{149559B3-B122-4976-9834-983A2D85D31C}] => C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
FirewallRules: [{32CAE329-2507-41B0-8D11-C913282604D4}] => LPort=49169
FirewallRules: [{56E16EA5-C834-472B-9DEA-7C5879ADEDD8}] => LPort=5000
FirewallRules: [{44D4102C-6E2F-4A21-8F40-54B4832C60BD}] => C:\Users\Simcha\AppData\Local\Akamai\netsession_wi n.exe
FirewallRules: [{7A8CA9AF-4E80-4EBA-A7DB-951449D83C79}] => C:\Users\Simcha\AppData\Local\Akamai\netsession_wi n.exe
FirewallRules: [TCP Query User{3567719C-81D7-449B-973B-642AEE333BBD}C:\users\simcha\appdata\local\akamai\ netsession_win.exe] => C:\users\simcha\appdata\local\akamai\netsession_wi n.exe
FirewallRules: [UDP Query User{3B04E05B-19A8-49FA-8AC8-BDACC6F0F366}C:\users\simcha\appdata\local\akamai\ netsession_win.exe] => C:\users\simcha\appdata\local\akamai\netsession_wi n.exe
FirewallRules: [{12ABDA10-6A4B-4704-BAF1-DB8248673AB8}] => C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{470C1DA2-7E5B-483D-8E80-B48328028E7E}] => C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{78734B38-1E6E-49E4-B7EA-D9BBF593C5B5}] => C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{7A221812-B13E-4425-8AA8-C2437EFBDDC3}] => C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{79FC374F-27E2-495A-93DA-F013D2A0E914}] => C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{F348E447-2F51-4502-ABB5-0C659D4A7BEA}] => C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{67758472-F74E-4EE7-966E-23FB9F50A5CE}] => C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{2F4272AF-1E7A-432D-96CB-2A6238699F73}] => C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{650A09B9-0BAB-4A8E-A395-2CC803CB9DCF}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AA41A748-1272-44F7-B8E6-88AC1030B8FD}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{39B402EC-B5A4-4F2A-A244-6A8E3B72E029}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0C53953-17BA-4C2C-AE27-5486CE0A8759}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF85B9EC-1E7E-4A5E-8AA6-02FE9CF945B7}] => C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{7DFFEF95-194B-4AEB-AE33-F177AA8B8BEF}] => C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{720803E4-D247-45D3-8803-3F545F791244}] => C:\SMD\Vid Tools2\DVDVideoSoft-New\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{4722EF72-FA65-4650-9303-4D3E45CF51C9}] => C:\SMD\Vid Tools2\DVDVideoSoft-New\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{D7FFF978-C5FC-4890-BC2D-20A56D831099}] => c:\program files (x86)\pc-faxreceive\brengineprocess.exe
FirewallRules: [{8106444F-130E-4E00-9E1E-CB2B69744E52}] => c:\program files (x86)\pc-faxreceive\brengineprocess.exe
FirewallRules: [{743991D4-09F4-48E6-B642-11531B9C7366}] => C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{C388311A-7ADB-4DD9-A92F-6035B15C9B67}] => C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{55135CDE-62D9-4E29-947B-23B23E46A0C2}] => C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{60066C35-619A-4343-BD11-9CDAD939105C}] => C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{3A440A89-1C5B-45B7-AD64-D244844B9289}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8572BB59-81DF-4AA0-8359-956B6C06CFB6}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{01143FDB-4E08-45D7-9D10-E38E485E317B}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A14690DC-B12B-4E91-A7F2-13BB589BAEF5}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A53004BE-66E1-4C3F-9520-62E24B340325}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
Name: Generic- SD/MMC USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click “Action”, and then click “Enable Device”. This starts the Enable Device wizard. Follow the instructions.
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click “Action”, and then click “Enable Device”. This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (12/05/2016 09:59:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IswSvc.exe, version: 1.5.396.0, time stamp: 0x503f3b47
Faulting module name: CRYPT32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf90
Exception code: 0xc0000005
Fault offset: 0x000000000001f096
Faulting process id: 0x3d8
Faulting application start time: 0x01d24f079f04db5c
Faulting application path: C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
Faulting module path: C:\Windows\system32\CRYPT32.dll
Report Id: 6aa3c2ed-bafb-11e6-9c9b-001ee5d60d00
Error: (12/05/2016 09:56:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.1.6018, time stamp: 0x576c9637
Faulting module name: mozglue.dll, version: 47.0.1.6018, time stamp: 0x576c85ba
Exception code: 0x80000003
Fault offset: 0x0000f02b
Faulting process id: 0xf8c
Faulting application start time: 0x01d24f02295a041d
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: fc2bce77-bafa-11e6-9c9b-001ee5d60d00
Error: (12/05/2016 09:55:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IswSvc.exe, version: 1.5.396.0, time stamp: 0x503f3b47
Faulting module name: CRYPT32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf90
Exception code: 0xc0000005
Fault offset: 0x000000000001f096
Faulting process id: 0x6b0
Faulting application start time: 0x01d24efaa48474f0
Faulting application path: C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
Faulting module path: C:\Windows\system32\CRYPT32.dll
Report Id: ceeeceb3-bafa-11e6-9c9b-001ee5d60d00
Error: (12/05/2016 08:22:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: < http://www.download.windowsupdate.co...uthrootstl.cab > with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/04/2016 07:02:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: < http://www.download.windowsupdate.co...uthrootstl.cab > with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/04/2016 02:35:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
Error: (12/04/2016 01:59:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: < http://www.download.windowsupdate.co...uthrootstl.cab > with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/04/2016 01:58:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: < http://www.download.windowsupdate.co...uthrootstl.cab > with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/03/2016 07:47:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: < http://www.download.windowsupdate.co...uthrootstl.cab > with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/03/2016 06:45:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: < http://www.download.windowsupdate.co...uthrootstl.cab > with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
[HEADING=1]System errors:[/HEADING]
Error: (12/05/2016 11:59:37 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR5.
Error: (12/05/2016 11:59:36 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR5.
Error: (12/05/2016 11:59:36 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR5.
Error: (12/05/2016 11:59:35 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR5.
Error: (12/05/2016 11:59:35 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR5.
Error: (12/05/2016 09:59:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ZoneAlarm LTD Toolbar IswSvc service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (12/05/2016 09:55:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ZoneAlarm LTD Toolbar IswSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (12/05/2016 08:32:32 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.233.1301.0
Update Source: Microsoft Update Server
Update Stage: Search
Source Path: Default URL
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.13303.0
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (12/05/2016 08:24:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535
Error: (12/05/2016 08:24:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2016-12-05 09:16:46.559
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-04 21:34:11.615
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-04 20:48:12.496
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-04 20:39:55.321
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-04 19:57:08.241
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-04 19:14:26.401
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-04 17:30:00.883
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-04 17:01:40.908
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-04 16:44:37.844
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-04 16:30:58.452
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 36%
Total physical RAM: 8156.98 MB
Available physical RAM: 5211.64 MB
Total Virtual: 16312.12 MB
Available Virtual: 13094.97 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:603.98 GB) NTFS
Drive z: (Elements) (Fixed) (Total:4657.49 GB) (Free:2919.69 GB) NTFS
==================== MBR & Partition Table ==================
================================================== ======
Disk: 0 (Size: 931.5 GB) (Disk ID: EC4DFB56)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.7 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 4.
==================== End of Addition.txt ============================Comment
-
Step 1: HijackThis.
1- Please click HERE to download HijackThis.
2- Run the program.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.
Step 2: Autoruns Log.
Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe
After the scan is finished then click on File>>>>>>>>>>>Save
The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option.
in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.
Step 3: FRST FIX
Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Step 4: Loaris Scan.
Full Scan with Loaris Trojan Remover.
Note: This is a trial software… – Even if you are given the option to remove threats, do not do so. Let me choose if they need to go or not.
[ul]
[li]Download Loaris Trojan Remover[/li][li]Install the program. [/li]
[li]Go to settings – Scan Options.[/li][li]Make sure Heuristics is set to High.[/li][li]Make sure Deep Scan Slow it ticked.[/li][li]Then Click Update – Update virus signature database.[/li][li]Go to scan, then select Full Scan.[/li][li]When the scan is complete – go to log files.[/li][li]Double click on the red writing where it says detected items.[/li]
[li]A notepad will open.[/li][li]Click on edit — Select All.[/li][li]Right click and select Copy.[/li][li]Paste the contents of that log here in your next reply.[/li][li]Close the program & Uninstall it.[/li][/ul]
Step 5: Herd Protect Scan.
https://sites.google.com/site/canned...go-200x200.png Scan with HerdProtect
Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection
[ul]
[li]Right-click on https://sites.google.com/site/canned...go-200x200.png icon and select https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg Run as Administrator to install the scanner.[/li][/ul]
[ul]
[li]It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.[/li][/ul]
[ul]
[li]Agree to the terms, select Launch herdProtect and click Finish.[/li][/ul]
[ul]
[li]Click Scan. It may take a while, depending on your system and connection specs. Please be patient.[/li][/ul]
[ul]
[li]When it finishes click on Save Results.[/li][/ul]
[ul]
[li]A Notepad with a report should open.[/li][/ul]
Please include the contens of that report in your next reply.
This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.
Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool).Comment
-
Also, I suggest that you remove MSE from your machine. Even though you have it disabled, it is still not a good idea to have two antivirus applications installed on one machine.
AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
I suggest removing it with Geek Uninstaller – If it gives you issues removing, then use Force Mode.Comment
-
I’ve no doubt that you know what you are doing but understand that I’m a bit gun shy about FRSTFIX automatically deleting things, after what happened with ZOEK. I had to do a complete restore after ZOEK messed things up with its deletions..Comment
-
FRST will only delete what I have set it to delete, nothing automatic about it. I made the fixlist that FRST will run off of. These files were selected by me individually.Originally posted by User101Comment
-
Thank you for your re-assurance. I have to point out that I have not been able to establish restore points on my machine. I have twice tried within the past two weeks and each attempt has failed.
Well this is strange. I received an email with your reply post about setting a restore point but that post is not in the thread.Comment
Comment