Thanks, malnutrition. Here are the logs.
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-12-2016
Ran by Admin (administrator) on PC05 (05-12-2016 12:15:14)
Running from C:\Users\Simcha\Desktop
Loaded Profiles: Admin & Acronis Agent User 2 (Available Profiles: Admin & LogMeInRemoteUser & Acronis Agent User & Acronis Agent User 2)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Acronis\ARSM\arsm.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391056 2016-04-06] (Acronis)
HKLM\...\Run: [TrayMonitor.exe] => C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe [1503408 2016-04-06] (Acronis)
HKLM\...\Run: [ISW] => [X]
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-10-09] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [408456 2016-02-11] (Acronis International GmbH)
HKLM-x32\...\Run: [BackupAndRecoveryMonitor.exe] => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1492208 2016-04-06] (Acronis)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-11-12] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4517376 2014-11-11] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1939968 2014-10-22] (Brother Industries, Ltd.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-10-23] (SUPERAntiSpyware)
HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\MountPoints2: {02f26cf9-6c34-11e0-88f6-b8ac6fe1789a} - I:\LaunchU3.exe -a
HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\MountPoints2: {02f26d1a-6c34-11e0-88f6-b8ac6fe1789a} - I:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-22] (AVAST Software)
Startup: C:\Users\Acronis Agent User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-02-09]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Acronis Agent User 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-02-09]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Simcha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OS (C) - Shortcut.lnk [2016-01-02]
ShortcutTarget: OS (C) - Shortcut.lnk -> C:\ ()
Startup: C:\Users\Simcha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Simcha's Group - Shortcut.lnk [2011-04-21]
ShortcutTarget: Simcha's Group - Shortcut.lnk -> C:\SMD\Simcha's Group ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2016-01-11]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-02-09]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-02-09]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-02-09]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Simcha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OS (C) - Shortcut.lnk [2016-01-02]
ShortcutTarget: OS (C) - Shortcut.lnk -> C:\ ()
Startup: C:\Users\Simcha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Simcha's Group - Shortcut.lnk [2011-04-21]
ShortcutTarget: Simcha's Group - Shortcut.lnk -> C:\SMD\Simcha's Group ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{1396F9F1-AF76-43CD-A872-2B40013661F7}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{223C8A2A-1F78-4BD3-A228-9FCB809537EF}: [NameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1877506799-1620552117-407713368-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
URLSearchHook: HKU\S-1-5-21-1877506799-1620552117-407713368-1000 - (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
SearchScopes: HKLM -> DefaultScope {E5FE90C6-1D4E-4232-BCE5-43B012AB0EE1} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {E5FE90C6-1D4E-4232-BCE5-43B012AB0EE1} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM-x32 -> {3DD48EB7-6652-4BE4-B001-3EADBE559B68} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1877506799-1620552117-407713368-1000 -> {3DD48EB7-6652-4BE4-B001-3EADBE559B68} URL =
SearchScopes: HKU\S-1-5-21-1877506799-1620552117-407713368-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-1877506799-1620552117-407713368-1000 -> {E5FE90C6-1D4E-4232-BCE5-43B012AB0EE1} URL =
BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-08-30] (Check Point Software Technologies)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-25] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09] (Sun Microsystems, Inc.)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-08-30] (Check Point Software Technologies)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-25] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO-x32: No Name -> {B922D405-6D13-4A2B-AE89-08A030DA4402} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-02] (Sun Microsystems, Inc.)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-08-30] (Check Point Software Technologies)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-08-30] (Check Point Software Technologies)
Toolbar: HKU\S-1-5-21-1877506799-1620552117-407713368-1000 -> ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2012-08-30] (Check Point Software Technologies)
DPF: HKLM {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/x64/ractrl.cab?lmi=1100
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1753
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2011-08-10] (Belarc, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2010-05-13] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-12-21] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Simcha\AppData\Roaming\Mozilla\Firefox\Profiles\m6riq23i.default [2016-12-05]
FF user.js: detected! => C:\Users\Simcha\AppData\Roaming\Mozilla\Firefox\Profiles\m6riq23i.default\user.js [2012-11-11]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\m6riq23i.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\m6riq23i.default -> Google
FF Extension: (Saved Password Editor) - C:\Users\Simcha\AppData\Roaming\Mozilla\Firefox\Profiles\m6riq23i.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2016-11-29]
FF Extension: (Avast Online Security) - C:\Users\Simcha\AppData\Roaming\Mozilla\Firefox\Profiles\m6riq23i.default\Extensions\wrc@avast.com.xpi [2015-12-08]
FF Extension: (Password Exporter) - C:\Users\Simcha\AppData\Roaming\Mozilla\Firefox\Profiles\m6riq23i.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2016-04-06]
FF Extension: (DVDVideoSoft YouTube MP3 and Video Download) - C:\Users\Simcha\AppData\Roaming\Mozilla\Firefox\Profiles\m6riq23i.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-21] [not signed]
FF Extension: (BetterPrivacy) - C:\Users\Simcha\AppData\Roaming\Mozilla\Firefox\Profiles\m6riq23i.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-10-10]
FF SearchPlugin: C:\Users\Simcha\AppData\Roaming\Mozilla\Firefox\Profiles\m6riq23i.default\searchplugins\filezilla-wiki-en.xml [2015-11-22]
FF Extension: (DVDVideoSoft YouTube MP3 and Video Download) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: (No Name) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2016-11-24] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-22]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-22]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: (ZoneAlarm Security Engine) - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012-11-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (DVDVideoSoft YouTube MP3 and Video Download) - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-21] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-09] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-02-22] ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [2012-08-30] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\SMD\Vid Tools\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\SMD\Vid Tools\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\SMD\Vid Tools\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\SMD\Vid Tools\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\SMD\Vid Tools\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1877506799-1620552117-407713368-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Simcha\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-12-17] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2016-05-22] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Simcha\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-05-22] (Cisco WebEx LLC)
Chrome:
=======
CHR Profile: C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default [2016-12-05]
CHR Extension: (Google Slides) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-17]
CHR Extension: (Google Docs) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-17]
CHR Extension: (Google Drive) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-17]
CHR Extension: (Google Search) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-17]
CHR Extension: (Google Sheets) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-17]
CHR Extension: (Google Docs Offline) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Avast Online Security) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-20]
CHR Extension: (Gmail) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-17]
CHR Extension: (Chrome Media Router) - C:\Users\Simcha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-15]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2140656 2015-10-08] (Acronis)
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 ARSM; C:\Program Files (x86)\Acronis\ARSM\arsm.exe [6087592 2016-04-06] (Acronis)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-22] (AVAST Software)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [289792 2014-10-23] (Brother Industries, Ltd.) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2015-12-24] (Digital Wave Ltd.)
S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827560 2012-08-30] (Check Point Software Technologies)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-10-22] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [509448 2016-10-22] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MMS; C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [11495288 2016-04-06] (Acronis)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7496464 2016-09-20] (TeamViewer GmbH)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447440 2012-10-09] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2010-11-01] (X10) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AN983X64; C:\Windows\System32\DRIVERS\AN983X64.sys [48128 2005-05-19] (Infineon Technologies AG)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-22] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-08-30] (Check Point Software Technologies)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-25] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-05] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
R3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2010-12-08] (LogMeIn, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1264472 2016-08-09] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [191840 2016-08-09] (Acronis International GmbH)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 w4shwdrv; \??\C:\Users\Simcha\AppData\Local\Temp\w4s9E8F.tmp [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-05 12:15 - 2016-12-05 12:15 - 00029490 _____ C:\Users\Simcha\Desktop\FRST.txt
2016-12-05 12:13 - 2016-12-05 12:15 - 00000000 ____D C:\FRST
2016-12-05 12:13 - 2016-12-05 12:13 - 02419200 _____ (Farbar) C:\Users\Simcha\Desktop\FRST64.exe
2016-12-05 10:47 - 2016-12-05 10:47 - 00001211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-12-05 10:47 - 2016-12-05 10:47 - 00001199 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2016-12-05 10:47 - 2016-12-05 10:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-12-05 09:54 - 2016-12-05 09:54 - 00000000 ____D C:\ProgramData\Motive
2016-11-24 16:24 - 2016-11-24 16:32 - 00000000 ____D C:\Users\Simcha\AppData\Local\Thunderbird
2016-11-24 16:24 - 2016-11-24 16:24 - 00000000 ____D C:\Users\Simcha\AppData\Roaming\Thunderbird
2016-11-15 18:08 - 2016-11-15 23:27 - 00000000 ____D C:\Users\Simcha\AppData\Roaming\CoreFTP
2016-11-15 18:05 - 2016-11-15 19:03 - 00000000 ____D C:\Program Files (x86)\CoreFTP
2016-11-15 18:05 - 2016-11-15 18:05 - 00000993 _____ C:\Users\Simcha\Desktop\Core FTP LE.lnk
2016-11-15 18:05 - 2016-11-15 18:05 - 00000000 ____D C:\Users\Simcha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP
2016-11-13 11:55 - 2016-11-13 11:55 - 06668096 _____ (Tim Kosse) C:\Users\Simcha\Downloads\FileZilla_3.22.2.2_win64-setup.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-05 11:53 - 2009-07-14 00:13 - 00733820 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-05 11:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-12-05 11:50 - 2015-12-16 17:23 - 00000000 ____D C:\Users\Simcha\AppData\Local\CrashDumps
2016-12-05 11:36 - 2015-12-17 18:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-05 11:27 - 2016-05-04 07:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-05 10:47 - 2012-11-18 13:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-05 09:58 - 2011-02-20 09:07 - 00000000 ____D C:\Download
2016-12-05 08:30 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-05 08:30 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-05 08:29 - 2012-11-11 16:15 - 00000000 ____D C:\Windows\Internet Logs
2016-12-05 08:23 - 2014-10-05 11:39 - 00000000 ____D C:\Users\Acronis Agent User 2
2016-12-05 08:23 - 2014-01-28 19:15 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-12-05 08:23 - 2011-03-13 11:06 - 00000000 ____D C:\ProgramData\LogMeIn
2016-12-05 08:22 - 2015-12-17 18:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-05 08:22 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-04 23:24 - 2011-10-18 14:23 - 00031952 _____ C:\Windows\SysWOW64\PCPELog.txt
2016-12-04 23:01 - 2011-04-23 20:50 - 00000000 ____D C:\Users\Simcha\AppData\Roaming\vlc
2016-12-04 13:58 - 2011-02-18 14:56 - 00000000 ____D C:\Users\Simcha
2016-12-03 21:20 - 2011-08-18 19:49 - 00000000 ____D C:\Users\Simcha\AppData\Roaming\dvdcss
2016-12-02 13:53 - 2011-04-21 17:28 - 00000000 ____D C:\ProgramData\X10 Settings
2016-12-02 13:53 - 2011-04-21 17:26 - 00000000 ____D C:\Program Files (x86)\ActiveHome Pro
2016-12-01 20:57 - 2016-02-29 16:41 - 00016120 _____ C:\Windows\BRRBCOM.INI
2016-11-24 16:39 - 2011-04-21 09:59 - 00000000 ___RD C:\SMD
2016-11-24 08:29 - 2011-03-13 10:54 - 00000937 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-24 08:25 - 2015-12-27 14:02 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-11-21 14:53 - 2013-03-10 14:59 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-21 14:53 - 2011-06-01 22:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-21 14:53 - 2011-02-18 16:06 - 00000000 ____D C:\Users\Simcha\AppData\Local\Adobe
2016-11-21 14:52 - 2013-03-10 14:59 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-21 14:52 - 2011-02-09 02:16 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-20 09:35 - 2013-09-24 09:52 - 00000000 ____D C:\Users\Simcha\AppData\Roaming\FileZilla
2016-11-14 16:38 - 2015-12-17 18:13 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 16:38 - 2015-12-17 18:13 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-12 17:57 - 2009-07-14 00:08 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-10 08:20 - 2016-03-04 14:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
==================== Files in the root of some directories =======
2011-03-08 00:54 - 2011-03-08 00:54 - 0012358 _____ () C:\Users\Simcha\AppData\Roaming\PFP120JCM.{PB
2011-03-08 00:54 - 2011-03-08 00:54 - 0061678 _____ () C:\Users\Simcha\AppData\Roaming\PFP120JPR.{PB
2014-01-20 09:22 - 2016-02-16 17:42 - 0006656 _____ () C:\Users\Simcha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-10 15:06 - 2013-03-10 15:06 - 0007616 _____ () C:\Users\Simcha\AppData\Local\Resmon.ResmonCfg
2016-05-20 09:07 - 2016-05-20 09:07 - 0000008 __RSH () C:\Users\Simcha\AppData\Local\ℤ™☠
2011-02-20 14:02 - 2011-02-21 12:45 - 0000088 __RSH () C:\ProgramData\287FE2E5B1.sys
2011-02-20 14:02 - 2011-02-21 12:45 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys
Files to move or delete:
====================
C:\Users\Simcha\en_res.dll
C:\Users\Simcha\es_res.dll
C:\Users\Simcha\fr_res.dll
C:\Users\Simcha\grm_res.dll
C:\Users\Simcha\it_res.dll
C:\Users\Simcha\jp_res.dll
C:\Users\Simcha\mfc80u.dll
C:\Users\Simcha\msvcr80.dll
C:\Users\Simcha\PCPE Setup.exe
C:\Users\Simcha\pt_res.dll
C:\Users\Simcha\ResourceReader.dll
C:\Users\Simcha\ru_res.dll
C:\Users\Simcha\zh_res.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-04 14:28
==================== End of FRST.txt ============================
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-12-2016
Ran by Admin (05-12-2016 12:16:02)
Running from C:\Users\Simcha\Desktop
Windows 7 Home Premium (X64) (2011-02-18 19:56:02)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Acronis Agent User (S-1-5-21-1877506799-1620552117-407713368-1006 - Limited - Enabled) => C:\Users\Acronis Agent User
Acronis Agent User 2 (S-1-5-21-1877506799-1620552117-407713368-1167 - Administrator - Enabled) => C:\Users\Acronis Agent User 2
Admin (S-1-5-21-1877506799-1620552117-407713368-1000 - Administrator - Enabled) => C:\Users\Simcha
Administrator (S-1-5-21-1877506799-1620552117-407713368-500 - Administrator - Disabled)
Guest (S-1-5-21-1877506799-1620552117-407713368-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1877506799-1620552117-407713368-1003 - Limited - Enabled)
LogMeInRemoteUser (S-1-5-21-1877506799-1620552117-407713368-1004 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acronis Backup 11.7 Agent Core (HKLM-x32\...\{356FE63D-CA4B-4BC5-A5A5-59F72A4F1FAA}) (Version: 11.7.44190 - Acronis)
Acronis Backup 11.7 Agent for Windows (HKLM-x32\...\{E8C647FB-369D-4216-879C-0CDF28407179}) (Version: 11.7.44190 - Acronis)
Acronis Backup 11.7 Bootable Media Builder (HKLM-x32\...\{549CF6BC-463B-43F0-87F2-F33B7B56DA8E}) (Version: 11.7.44190 - Acronis)
Acronis Backup 11.7 Command-Line Tool (HKLM-x32\...\{EFA9148A-BA06-4956-9BF5-CC9A6602FBFB}) (Version: 11.7.44190 - Acronis)
Acronis Backup 11.7 Management Console (HKLM-x32\...\{676B4047-27B3-4A70-B6DA-06FBFB22822F}) (Version: 11.7.44190 - Acronis)
Acronis Backup 11.7 Tray Monitor (HKLM-x32\...\{4EF5A0DF-7A55-4341-A07D-0FB6144181E5}) (Version: 11.7.44190 - Acronis)
ActiveHome Pro (HKLM-x32\...\ActiveHomePro) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
Aiseesoft DVD Ripper 6.2.18 (HKLM-x32\...\{D6BAD6AB-D3D9-46ad-B2C4-5A969006CE48}_is1) (Version: - )
Any Video Converter 5.7.6 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}) (Version: 1.5.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.3 - Auslogics Software Pty Ltd)
Avast Pro Antivirus (HKLM-x32\...\avast) (Version: 12.3.2280 - AVAST Software)
Belarc Advisor 8.2 (HKLM-x32\...\Belarc Advisor) (Version: 8.2.6.0 - Belarc Inc.)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
BrLauncher (x32 Version: 1.1.6.0 - Brother Industries Ltd.) Hidden
BrLogRx (x32 Version: 1.0.1.1 - Brother Industries Ltd.) Hidden
Brother PCFax Driver (x32 Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Printer Driver (x32 Version: 1.3.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (x32 Version: 1.0.12.10 - Brother Industries Ltd.) Hidden
BrotherHelpInstaller (x32 Version: 1.0.0.0 - Brother) Hidden
BrSupportTools (x32 Version: 1.0.9.0 - Brother Industries Ltd.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
ControlCenter4 (x32 Version: 4.2.435.1 - Brother Insutries Ltd.) Hidden
ControlCenter4 CSDK (x32 Version: 4.2.3.1 - Brother Insutries Ltd.) Hidden
Core FTP LE (HKLM-x32\...\CoreFTP) (Version: - )
Corel WordPerfect Office - iFilter 64 Bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.01.000 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.88 - NCH Software)
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell System Detect (HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.1 - Dell)
DeviceDetect (x32 Version: 1.0.3.4 - Brother Industries Ltd.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DiskCheckup v3.3 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.3.1000 - PassMark Software)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
FastStone Image Viewer 5.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.5 - FastStone Soft)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Free AVI MPEG WMV MP4 FLV Video Joiner 5.1.2 (HKLM-x32\...\Free AVI MPEG WMV MP4 FLV Video Joiner_is1) (Version: - MediaRightSoft, Inc.)
Free Studio (HKLM-x32\...\Free Studio_is1) (Version: 6.6.0.1224 - DVDVideoSoft Ltd.)
Free YouTube Downloader 3.3.115 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.18) (Version: 9.18 - Artifex Software Inc.)
HowToGuide (x32 Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.41 - Irfan Skiljan)
iTunes (HKLM\...\{B24A47E5-F196-461E-A7A4-AADB72CB19DD}) (Version: 10.2.0.34 - Apple Inc.)
Java(TM) 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.240 - Oracle)
join.me (HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\JoinMe) (Version: 1.20.0.125 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KEDIT for Windows 1.6.1 (HKLM-x32\...\KEDIT for Windows) (Version: 1.6.1 - Mansfield Software Group, Inc.)
LogMeIn (HKLM-x32\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaInfo 0.7.53 (HKLM\...\MediaInfo) (Version: 0.7.53 - MediaArea.net)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.5.1 - Mozilla)
Mozilla Thunderbird 45.5.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.5.1 (x86 en-US)) (Version: 45.5.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetworkRepairTool (x32 Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden
PC-FAXReceive (x32 Version: 1.3.8.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (x32 Version: 1.0.4.5 - Brother Industries Ltd.) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
pdfforge Toolbar v4.3 (HKLM-x32\...\{A0B139A7-E8D5-49E8-A7BF-12421E652208}) (Version: 4.3 - Spigot, Inc.) <==== ATTENTION
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)
RemoteSetup (x32 Version: 3.8.0.0 - Brother Industries Ltd.) Hidden
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.8.57.4 - Roxio)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
ScannerUtilityInstaller (x32 Version: 1.0.0.0 - Brother) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 - Skype Technologies S.A.)
SolveigMM AVI Trimmer (HKLM-x32\...\SolveigMM AVI Trimmer 2.0.1210.11) (Version: 2.0.1210.11 - Solveig Multimedia)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sothink DVD Ripper (HKLM-x32\...\{185E5BA3-64B1-4BE2-8326-923D3483CA83}_is1) (Version: 2.1 - SourceTec Software Co., LTD)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SpywareBlaster 5.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
StatusMonitor (x32 Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
TeamViewer 11 Host (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
UsbRepairTool (x32 Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden
VCatcher (HKLM-x32\...\VCatcher_is1) (Version: 1.21 - )
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.04 - NCH Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WinX DVD Ripper Platinum 7.5.15 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}) (Version: 15.0.9334 - WinZip Computing, S.L. )
WordPerfect Lightning - IPM (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - Messages (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - MSOM (x32 Version: 1.1 - Corel Corporation) Hidden
WordPerfect Lightning (x32 Version: 2.0 - Corel Corporation) Hidden
WordPerfect Office 12 (HKLM-x32\...\{AF19F291-F22F-4798-9662-525305AE9E48}) (Version: 12.01 - Corel Corporation)
WordPerfect Office X5 - Common (x32 Version: 15.1 - Corel Corporation) Hidden
Wordperfect Office X5 - EN (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - Filters (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - Graphics (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - IPM (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - LegalTools (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - Migration Manager (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - Oxford (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - PerfectExperts EN (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - PR (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - QP (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - Setup Files (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - Sharepoint (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - Skins (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - System EN (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Templates (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - WP (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 - WT (x32 Version: 15.1 - Corel Corporation) Hidden
WordPerfect Office X5 (HKLM-x32\...\_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}) (Version: 15.0.0.431 - Corel Corporation)
WordPerfect Office X5 (x32 Version: 15.1 - Corel Corporation) Hidden
YTD Video Downloader 5.1.0 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.1.0 - GreenTree Applications SRL) <==== ATTENTION
ZoneAlarm Firewall (x32 Version: 10.2.081.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 10.2.081.000 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 10.2.081.000 - Check Point Software Technologies Ltd.) Hidden
ZTreeWin (remove only) (HKLM-x32\...\ZTreeWin) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00C09885-206D-4E83-94E2-D5E2B96D7875} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {0B9D2915-FDDB-4676-A34B-9C310D1DE59A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {40AEF896-1E3F-4534-A78D-8402B8BF53BB} - System32\Tasks\{F65E2FB5-898F-491F-A24C-3B6AE1F82E7F} => pcalua.exe -a "C:\Users\Simcha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOG86P49\streamtransport_setup[1].exe" -d C:\Users\Simcha\Desktop
Task: {578902F3-3135-484B-9306-88E3E7A3F027} - System32\Tasks\{556B3944-D10B-4648-A7B5-881FC8BD803F} => C:\Program Files (x86)\WordPerfect Office 12\Programs\wpwin12.exe [2004-12-01] (Corel Corporation)
Task: {6248B224-88ED-444D-98B0-28BE3F737A95} - System32\Tasks\{1639BDF1-4701-4489-8E1F-55D778EB2E92} => pcalua.exe -a C:\dell\Drivers\R243163\WIN7\64\EXE\RtlStartInstall.exe -d C:\dell\Drivers\R243163\WIN7\64\EXE
Task: {798FBE93-0986-4501-96AD-5267697CB9C4} - System32\Tasks\SafeZone scheduled Autoupdate 1447347348 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {8D61F00B-8267-48EB-AA86-74844A2D75F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-17] (Google Inc.)
Task: {9065C8E5-5051-441E-9CEC-2D79F5EA611C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {9FD440FA-0DFD-4373-98EE-8CE7BD4DD2F9} - System32\Tasks\{58CC7BE3-4DC5-45CE-BF0A-719BBA4CF305} => C:\Program Files (x86)\WordPerfect Office 12\Programs\wpwin12.exe [2004-12-01] (Corel Corporation)
Task: {C34D97F7-7DC1-43C5-9B59-4C76B9C95246} - System32\Tasks\{541670BA-4500-4BAB-B28F-FEA12D97A8A6} => pcalua.exe -a D:\setup.exe -d D:\
Task: {D272AA1E-331E-4705-B541-1AA4DC410873} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-17] (Google Inc.)
Task: {D8B05AD7-D3BC-4E90-93F3-C5CF57D197FC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-22] (AVAST Software)
Task: {EF9A13F3-BDF5-4027-A7C8-90658E9C6BB7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {FBA0AA35-CBFE-4A85-B38D-A34CA479FC01} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Simcha\Favorites\NCH Software Download Site.lnk -> hxxp://
www.nchsoftware.com/index.html
ShortcutWithArgument: C:\Users\Public\Desktop\eBay.lnk -> C:\Program Files (x86)\eBay\Browser Launcher.exe (eBay Inc.) -> hxxp://rover.ebay.com/rover/1/711-86042-13409-1/4?mpre=hxxp://ebay.com
==================== Loaded Modules (Whitelisted) ==============
2011-02-20 13:27 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2016-02-29 16:41 - 2005-04-22 13:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2011-02-20 12:51 - 2010-03-15 11:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2016-08-22 06:58 - 2016-08-22 06:58 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-22 06:58 - 2016-08-22 06:58 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-12-05 11:23 - 2016-12-05 11:23 - 03066880 _____ () C:\Program Files\AVAST Software\Avast\defs\16120500\algo.dll
2016-04-06 19:03 - 2016-04-06 19:03 - 00321864 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\events_trace.dll
2013-11-11 22:56 - 2015-12-25 20:19 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2014-12-21 13:38 - 2015-12-25 20:19 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2014-12-21 13:38 - 2015-12-25 20:19 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2013-11-11 22:56 - 2015-12-24 17:34 - 00253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2013-11-11 22:56 - 2015-12-25 20:19 - 00295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2014-12-21 13:38 - 2015-12-25 20:19 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2016-04-06 19:03 - 2016-04-06 19:03 - 00285488 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\fnls.dll
2016-06-29 11:03 - 2016-06-29 11:03 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-02-27 16:38 - 2009-02-27 16:38 - 00139264 _____ () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1877506799-1620552117-407713368-1000\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1877506799-1620552117-407713368-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Simcha\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Application Updater => 2
MSCONFIG\Services: avast! Antivirus => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DockLoginService => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: McMPFSvc => 2
MSCONFIG\Services: mcmscsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McNASvc => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: mfefire => 2
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: RoxMediaDB12OEM => 3
MSCONFIG\Services: RoxWatch12 => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\startupfolder: C:^Users^Simcha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Simcha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kaluach3.lnk => C:\Windows\pss\Kaluach3.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Simcha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Simcha's Group - Shortcut.lnk => C:\Windows\pss\Simcha's Group - Shortcut.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Simcha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VCatcher.lnk => C:\Windows\pss\VCatcher.lnk.Startup
MSCONFIG\startupreg: "C: =>
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Simcha\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
MSCONFIG\startupreg: BackupAndRecoveryMonitor.exe => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe
MSCONFIG\startupreg: ccleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: ISW =>
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Launcher => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickFinder Scheduler => "c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TrayMonitor.exe => C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{EC23999F-1323-43D8-908C-91A07AD59A10}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D9C421C0-CCA8-4BAD-81A4-BACA57887BDC}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A9CC3ABB-1927-4A0B-A2FE-E52898539BB3}] => LPort=2869
FirewallRules: [{9F588F3E-3039-4135-80E8-159EEF0E1DDD}] => LPort=1900
FirewallRules: [{2BBBD70E-0A3D-4DA5-A68B-22DB7694E9B4}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7D9AFCC7-101B-450D-AD17-159BF4C57FEF}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B3AE19C1-789A-45F6-8069-EF16CE76CB55}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{18045148-0E23-4ECD-BAA3-89CE55CFCBD4}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1B5B5E43-66F0-4B75-B745-CE767DE4A12A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6365B3AB-7389-41A4-8B71-3F9AF1E65794}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{52EA815A-5D0C-44A6-ADCC-C1CE6CAB0231}] => C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{97156EF3-A9EE-4BCE-84C7-A85F9CF7D68F}] => C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
FirewallRules: [{149559B3-B122-4976-9834-983A2D85D31C}] => C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
FirewallRules: [{32CAE329-2507-41B0-8D11-C913282604D4}] => LPort=49169
FirewallRules: [{56E16EA5-C834-472B-9DEA-7C5879ADEDD8}] => LPort=5000
FirewallRules: [{44D4102C-6E2F-4A21-8F40-54B4832C60BD}] => C:\Users\Simcha\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{7A8CA9AF-4E80-4EBA-A7DB-951449D83C79}] => C:\Users\Simcha\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [TCP Query User{3567719C-81D7-449B-973B-642AEE333BBD}C:\users\simcha\appdata\local\akamai\netsession_win.exe] => C:\users\simcha\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3B04E05B-19A8-49FA-8AC8-BDACC6F0F366}C:\users\simcha\appdata\local\akamai\netsession_win.exe] => C:\users\simcha\appdata\local\akamai\netsession_win.exe
FirewallRules: [{12ABDA10-6A4B-4704-BAF1-DB8248673AB8}] => C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{470C1DA2-7E5B-483D-8E80-B48328028E7E}] => C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{78734B38-1E6E-49E4-B7EA-D9BBF593C5B5}] => C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{7A221812-B13E-4425-8AA8-C2437EFBDDC3}] => C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{79FC374F-27E2-495A-93DA-F013D2A0E914}] => C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{F348E447-2F51-4502-ABB5-0C659D4A7BEA}] => C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{67758472-F74E-4EE7-966E-23FB9F50A5CE}] => C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{2F4272AF-1E7A-432D-96CB-2A6238699F73}] => C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{650A09B9-0BAB-4A8E-A395-2CC803CB9DCF}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AA41A748-1272-44F7-B8E6-88AC1030B8FD}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{39B402EC-B5A4-4F2A-A244-6A8E3B72E029}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0C53953-17BA-4C2C-AE27-5486CE0A8759}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF85B9EC-1E7E-4A5E-8AA6-02FE9CF945B7}] => C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{7DFFEF95-194B-4AEB-AE33-F177AA8B8BEF}] => C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{720803E4-D247-45D3-8803-3F545F791244}] => C:\SMD\Vid Tools2\DVDVideoSoft-New\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{4722EF72-FA65-4650-9303-4D3E45CF51C9}] => C:\SMD\Vid Tools2\DVDVideoSoft-New\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{D7FFF978-C5FC-4890-BC2D-20A56D831099}] => c:\program files (x86)\pc-faxreceive\brengineprocess.exe
FirewallRules: [{8106444F-130E-4E00-9E1E-CB2B69744E52}] => c:\program files (x86)\pc-faxreceive\brengineprocess.exe
FirewallRules: [{743991D4-09F4-48E6-B642-11531B9C7366}] => C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{C388311A-7ADB-4DD9-A92F-6035B15C9B67}] => C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{55135CDE-62D9-4E29-947B-23B23E46A0C2}] => C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{60066C35-619A-4343-BD11-9CDAD939105C}] => C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{3A440A89-1C5B-45B7-AD64-D244844B9289}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8572BB59-81DF-4AA0-8359-956B6C06CFB6}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{01143FDB-4E08-45D7-9D10-E38E485E317B}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A14690DC-B12B-4E91-A7F2-13BB589BAEF5}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A53004BE-66E1-4C3F-9520-62E24B340325}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
Name: Generic- SD/MMC USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/05/2016 09:59:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IswSvc.exe, version: 1.5.396.0, time stamp: 0x503f3b47
Faulting module name: CRYPT32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf90
Exception code: 0xc0000005
Fault offset: 0x000000000001f096
Faulting process id: 0x3d8
Faulting application start time: 0x01d24f079f04db5c
Faulting application path: C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
Faulting module path: C:\Windows\system32\CRYPT32.dll
Report Id: 6aa3c2ed-bafb-11e6-9c9b-001ee5d60d00
Error: (12/05/2016 09:56:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.1.6018, time stamp: 0x576c9637
Faulting module name: mozglue.dll, version: 47.0.1.6018, time stamp: 0x576c85ba
Exception code: 0x80000003
Fault offset: 0x0000f02b
Faulting process id: 0xf8c
Faulting application start time: 0x01d24f02295a041d
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: fc2bce77-bafa-11e6-9c9b-001ee5d60d00
Error: (12/05/2016 09:55:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IswSvc.exe, version: 1.5.396.0, time stamp: 0x503f3b47
Faulting module name: CRYPT32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf90
Exception code: 0xc0000005
Fault offset: 0x000000000001f096
Faulting process id: 0x6b0
Faulting application start time: 0x01d24efaa48474f0
Faulting application path: C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
Faulting module path: C:\Windows\system32\CRYPT32.dll
Report Id: ceeeceb3-bafa-11e6-9c9b-001ee5d60d00
Error: (12/05/2016 08:22:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/04/2016 07:02:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/04/2016 02:35:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
Error: (12/04/2016 01:59:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/04/2016 01:58:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/03/2016 07:47:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/03/2016 06:45:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
System errors:
=============
Error: (12/05/2016 11:59:37 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR5.
Error: (12/05/2016 11:59:36 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR5.
Error: (12/05/2016 11:59:36 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR5.
Error: (12/05/2016 11:59:35 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR5.
Error: (12/05/2016 11:59:35 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR5.
Error: (12/05/2016 09:59:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ZoneAlarm LTD Toolbar IswSvc service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (12/05/2016 09:55:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ZoneAlarm LTD Toolbar IswSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (12/05/2016 08:32:32 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.233.1301.0
Update Source: Microsoft Update Server
Update Stage: Search
Source Path: Default URL
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.13303.0
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (12/05/2016 08:24:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535
Error: (12/05/2016 08:24:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535
CodeIntegrity:
===================================
Date: 2016-12-05 09:16:46.559
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-04 21:34:11.615
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-04 20:48:12.496
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-04 20:39:55.321
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-04 19:57:08.241
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-04 19:14:26.401
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-04 17:30:00.883
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-04 17:01:40.908
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-04 16:44:37.844
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-12-04 16:30:58.452
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 36%
Total physical RAM: 8156.98 MB
Available physical RAM: 5211.64 MB
Total Virtual: 16312.12 MB
Available Virtual: 13094.97 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:603.98 GB) NTFS
Drive z: (Elements) (Fixed) (Total:4657.49 GB) (Free:2919.69 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EC4DFB56)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.7 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 4.
==================== End of Addition.txt ============================