Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads by SpeedCheck won't go away


  • This topic is locked This topic is locked
13 replies to this topic

#1 AllanK

AllanK

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 04 November 2014 - 06:08 PM

This one hit about a week or so ago, and all attempts using the conventional tools (Malwarebytes, Avast, RogueKiller) have failed to remove it.  I can't find any of the files or registry items mentioned on the dozens of sites purporting to provide removal instructions, so here I am, hoping you can help.

 

Ran dds.com as requested.

 

============================================

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 11.25.2
Run by Inbar at 16:35:41 on 2014-11-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8067.5497 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN33EBXH1S05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [HP Officejet Pro 8600 (NET) #2] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN298BS1VX05KF:NW" -scfn "HP Officejet Pro 8600 (NET) #2" -AutoStart 1
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Inbar\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMAZON~1.LNK - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{B5E89A7F-9FE5-43A7-AC3F-6C80E51A8D88} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B5E89A7F-9FE5-43A7-AC3F-6C80E51A8D88}\056475C4 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{B5E89A7F-9FE5-43A7-AC3F-6C80E51A8D88}\16474777966696 : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{B5E89A7F-9FE5-43A7-AC3F-6C80E51A8D88}\362736 : DHCPNameServer = 68.87.72.130 68.87.77.130
TCP: Interfaces\{B5E89A7F-9FE5-43A7-AC3F-6C80E51A8D88}\6596B696E6767457563747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B5E89A7F-9FE5-43A7-AC3F-6C80E51A8D88}\94E626162702E6564777F627B6 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{B5E89A7F-9FE5-43A7-AC3F-6C80E51A8D88}\D457C6C656270234573747F6D65627 : DHCPNameServer = 68.87.72.130 68.87.77.130
TCP: Interfaces\{B5E89A7F-9FE5-43A7-AC3F-6C80E51A8D88}\E45445745414251383 : DHCPNameServer = 192.168.1.1
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {81DCEDC9-DC5C-48AF-946A-45C09E8A33F0} - C:\Windows\System32\msiexec.exe /fu {FA2B2C2A-EA41-495A-9308-60726125D562} /qb+
.
============= SERVICES / DRIVERS ===============
.
R0 AppleHFS;AppleHFS;C:\Windows\System32\drivers\AppleHFS.sys [2013-1-16 73016]
R0 AppleMNT;AppleMNT;C:\Windows\System32\drivers\AppleMNT.sys [2013-1-16 16696]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-11-4 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-11-4 267632]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-4-16 20024]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-11-4 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-11-4 436624]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2014-11-4 893216]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\System32\AppleOSSMgr.exe [2013-1-16 226144]
R2 AppleTimeSrv;Apple Time Service;C:\Windows\System32\AppleTimeSrv.exe [2013-1-16 94560]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-11-4 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2014-11-4 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-11-4 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-4 50344]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-11-4 127752]
R2 KeyAgent;KeyAgent;C:\Windows\System32\drivers\KeyAgent.sys [2013-1-16 18232]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-6-7 376168]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2013-4-30 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-6-13 72216]
R2 MacHALDriver;Mac HAL;C:\Windows\System32\drivers\MacHALDriver.sys [2013-1-16 23352]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2013-3-11 1248256]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-16 363800]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-4 270728]
R2 webinstrNew;webinstrNew;C:\Windows\System32\drivers\webinstrNew.sys [2014-10-30 58040]
R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2010-11-21 9728]
R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\System32\drivers\AppleBtBc.sys [2013-4-16 20480]
R3 applemtm;Apple Multitouch Mouse;C:\Windows\System32\drivers\applemtm.sys [2013-4-16 12288]
R3 applemtp;Apple Multitouch;C:\Windows\System32\drivers\applemtp.sys [2013-4-16 38912]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-4 4012248]
R3 B57ports;Broadcom Simple Communications Device;C:\Windows\System32\drivers\B57Ports.sys [2013-4-16 44544]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2013-4-16 70744]
R3 CirrusFilter;CS420xLowerFilter;C:\Windows\System32\drivers\CS420x64.sys [2013-4-16 18432]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-11-4 43664]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-4-17 169752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-4-16 342528]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-16 358456]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-16 791608]
R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\System32\drivers\KeyMagic.sys [2013-4-16 29696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-10-18 2529616]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-11-4 2283296]
S3 AppleODD;Apple ODD;C:\Windows\System32\drivers\AppleODD.sys [2013-4-16 8704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-16 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-16 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-16 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-16 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-11-04 22:27:03 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7C67240-3305-4081-8868-2BCDDBD3C9B7}\offreg.dll
2014-11-04 22:13:00 43664 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2014-11-04 22:08:44 -------- d-----w- C:\Program Files\HitmanPro
2014-11-04 22:08:08 -------- d-----w- C:\ProgramData\HitmanPro
2014-11-04 21:43:08 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-11-04 21:28:30 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-11-04 21:28:17 -------- d-----w- C:\ProgramData\RogueKiller
2014-11-04 21:19:06 -------- d-----w- C:\Users\Inbar\AppData\Roaming\FreeFixer
2014-11-04 21:19:06 -------- d-----w- C:\Users\Inbar\AppData\Local\FreeFixer
2014-11-04 21:18:57 -------- d-----w- C:\Program Files\FreeFixer
2014-11-04 20:58:02 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7C67240-3305-4081-8868-2BCDDBD3C9B7}\mpengine.dll
2014-11-04 20:57:25 27456 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2014-11-04 20:53:03 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-11-04 20:45:30 -------- d-----w- C:\Users\Inbar\AppData\Roaming\ProductData
2014-11-04 20:45:26 -------- d-----w- C:\ProgramData\ProductData
2014-11-04 20:30:47 -------- d-----w- C:\Program Files\AVAST Software
2014-11-04 20:30:26 -------- d-----w- C:\ProgramData\AVAST Software
2014-11-04 20:20:09 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-04 20:20:03 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-04 20:20:03 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-04 20:20:03 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-04 20:20:03 -------- d-----w- C:\ProgramData\Malwarebytes
2014-11-04 20:20:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-30 16:00:05 -------- d-----w- C:\ProgramData\390cc85377a92420
2014-10-30 14:21:05 -------- d-----w- C:\Program Files (x86)\Bench
2014-10-30 14:20:50 58040 ----a-w- C:\Windows\System32\drivers\webinstrNew.sys
2014-10-30 14:20:50 1936 ----a-w- C:\Windows\patsearch.bin
2014-10-30 14:19:18 -------- d-----w- C:\Users\Inbar\AppData\Local\GeniusBox
2014-10-25 13:25:32 -------- d-----w- C:\ProgramData\Driver Support
2014-10-25 13:25:10 20296 ----a-w- C:\Windows\System32\roboot64.exe
2014-10-21 19:32:52 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
.
==================== Find3M  ====================
.
2014-11-04 22:18:58 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-04 22:18:57 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-04 22:18:19 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-04 20:32:19 83280 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2014-11-04 20:32:19 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-04 20:32:14 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-04 20:32:14 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-04 20:32:14 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-04 20:32:14 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-04 20:32:14 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-04 20:32:14 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-11-03 16:41:17 92520 ----a-w- C:\Windows\System32\LMIinit.dll
2014-11-03 16:41:17 35688 ----a-w- C:\Windows\System32\LMIport.dll
2014-11-03 16:41:17 107392 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2014-10-28 11:34:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-08-29 02:07:12 5780480 ----a-w- C:\Windows\System32\mstscax.dll
2014-08-29 02:07:10 322560 ----a-w- C:\Windows\System32\aaclient.dll
2014-08-29 02:06:47 1125888 ----a-w- C:\Windows\System32\mstsc.exe
2014-08-29 01:44:52 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-08-29 01:44:51 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-08-29 01:44:49 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-08-29 01:44:19 1050112 ----a-w- C:\Windows\SysWow64\mstsc.exe
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 16:35:57.49 ===============
 

"Stupidity is forever: ignorance can be fixed."


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,632 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 09 November 2014 - 06:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554767 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:17 PM

Posted 11 November 2014 - 08:39 PM

Greetings AllanK and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 AllanK

AllanK
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 12 November 2014 - 12:14 AM

Hi Gary,

By all means call me Allan. Thanks for picking up this post, and I'll try to be as responsive as I can. I won't be able to run the tests you requested until tomorrow, so please bear with me.

Cheers.

"Stupidity is forever: ignorance can be fixed."


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:17 PM

Posted 12 November 2014 - 11:41 AM

Thanks for letting me know Allan. Take your time, I have lots of work! :)
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 AllanK

AllanK
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 12 November 2014 - 12:51 PM

Hi Gary,

 

I should mention that this is a MacBook running Win 7 under BootCamp.  Interesting side effect is that Safari on the Mac side was also affected, but resetting Safari cleared it.

 

Here are the results of the scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014

Ran by Inbar (administrator) on INBAR-PC on 12-11-2014 11:35:19
Running from C:\Users\Inbar\Desktop
Loaded Profile: Inbar (Available profiles: Inbar & LogMeInRemoteUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoCare.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files (x86)\Common Files\Intuit\DataProtect\IBuEngHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [743776 2013-01-16] (Apple Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2013-01-02] (Intel Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-16] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-10-18] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-11-04] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-704479898-1673602517-2252040063-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-704479898-1673602517-2252040063-1000\...\Run: [HP Officejet Pro 8600 (NET) #2] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-704479898-1673602517-2252040063-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-704479898-1673602517-2252040063-1000\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKU\S-1-5-21-704479898-1673602517-2252040063-1000\...\MountPoints2: {c9e533ef-3f34-11e3-ae36-542696d23dc2} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\CDStart.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Inbar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4B694E3DFFFDCF01
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-04]
 
Chrome: 
=======
CHR Profile: C:\Users\Inbar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Inbar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-04]
CHR Extension: (Google Docs) - C:\Users\Inbar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-04]
CHR Extension: (Google Drive) - C:\Users\Inbar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Inbar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-04]
CHR Extension: (YouTube) - C:\Users\Inbar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-04]
CHR Extension: (Google Search) - C:\Users\Inbar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-04]
CHR Extension: (Google Sheets) - C:\Users\Inbar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-04]
CHR Extension: (Avast Online Security) - C:\Users\Inbar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-04]
CHR Extension: (Google Wallet) - C:\Users\Inbar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-04]
CHR Extension: (Gmail) - C:\Users\Inbar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-04]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [226144 2013-01-16] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-04] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-04] (Avast Software)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-11-04] (SurfRight B.V.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2283296 2014-11-04] (IObit)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-11-03] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-11-03] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2013-03-11] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-03-11] (Intuit Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2011-06-17] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [38912 2011-06-17] (Apple Inc.)
S3 AppleODD; C:\Windows\System32\DRIVERS\AppleODD.sys [8704 2011-06-17] (Apple Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-04] ()
R3 B57ports; C:\Windows\System32\DRIVERS\b57ports.sys [44544 2012-12-10] (Broadcom Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-11-04] (Avast Software)
R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [58040 2014-10-30] (Corsica)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-12 11:35 - 2014-11-12 11:35 - 00016919 _____ () C:\Users\Inbar\Desktop\FRST.txt
2014-11-12 11:34 - 2014-11-12 11:35 - 00000000 ____D () C:\FRST
2014-11-12 11:34 - 2014-11-10 16:33 - 02116096 _____ (Farbar) C:\Users\Inbar\Desktop\FRST64.exe
2014-11-12 11:33 - 2014-11-12 11:34 - 00000197 _____ () C:\Windows\system32\2014-11-12-17-33-55.033-AvastVBoxSVC.exe-4860.log
2014-11-11 11:12 - 2014-11-11 11:12 - 00000197 _____ () C:\Windows\system32\2014-11-11-17-12-19.077-AvastVBoxSVC.exe-5084.log
2014-11-10 12:36 - 2014-11-10 12:36 - 00000197 _____ () C:\Windows\system32\2014-11-10-18-36-50.077-AvastVBoxSVC.exe-4412.log
2014-11-10 08:54 - 2014-11-10 08:54 - 00000197 _____ () C:\Windows\system32\2014-11-10-14-54-41.087-AvastVBoxSVC.exe-4684.log
2014-11-06 15:05 - 2014-11-06 15:05 - 00000197 _____ () C:\Windows\system32\2014-11-06-21-05-52.029-AvastVBoxSVC.exe-4912.log
2014-11-04 21:48 - 2014-11-12 17:33 - 00004396 _____ () C:\Windows\setupact.log
2014-11-04 21:48 - 2014-11-04 21:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-04 21:47 - 2014-11-04 21:47 - 00009810 _____ () C:\Windows\PFRO.log
2014-11-04 21:46 - 2014-11-04 21:46 - 77279232 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-11-04 21:46 - 2014-11-04 21:46 - 77279232 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag
2014-11-04 21:46 - 2014-11-04 21:46 - 43929600 _____ () C:\Windows\system32\config\COMPONENTS.iodefrag.bak
2014-11-04 21:46 - 2014-11-04 21:46 - 00286720 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-11-04 21:46 - 2014-11-04 21:46 - 00286720 _____ () C:\Windows\system32\config\DEFAULT.iodefrag
2014-11-04 21:46 - 2014-11-04 21:46 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-11-04 21:46 - 2014-11-04 21:46 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag
2014-11-04 21:46 - 2014-11-04 21:46 - 00024576 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-11-04 21:46 - 2014-11-04 21:46 - 00024576 _____ () C:\Windows\system32\config\SAM.iodefrag
2014-11-04 21:46 - 2014-11-04 21:46 - 00000000 _____ () C:\asc_rdflag
2014-11-04 16:37 - 2014-11-04 16:37 - 00022192 _____ () C:\Users\Inbar\Documents\DDS.txt
2014-11-04 16:36 - 2014-11-04 16:36 - 00011861 _____ () C:\Users\Inbar\Documents\Attach.txt
2014-11-04 16:34 - 2014-11-04 16:34 - 00688992 ____R (Swearware) C:\Users\Inbar\Downloads\dds.com
2014-11-04 16:16 - 2014-11-04 16:16 - 00638888 _____ (Oracle Corporation) C:\Users\Inbar\Downloads\chromeinstall-8u25.exe
2014-11-04 16:15 - 2014-11-04 16:15 - 00000197 _____ () C:\Windows\system32\2014-11-04-22-15-37.043-AvastVBoxSVC.exe-4560.log
2014-11-04 16:11 - 2014-11-04 16:11 - 00002966 _____ () C:\Windows\system32\.crusader
2014-11-04 16:09 - 2014-11-04 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-11-04 16:08 - 2014-11-04 16:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-04 16:08 - 2014-11-04 16:09 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-04 15:50 - 2014-11-04 15:50 - 00000197 _____ () C:\Windows\system32\2014-11-04-21-50-42.096-AvastVBoxSVC.exe-4416.log
2014-11-04 15:30 - 2014-11-04 15:30 - 17526360 _____ () C:\Users\Inbar\Downloads\RogueKillerX64.exe
2014-11-04 15:28 - 2014-11-04 15:30 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-04 15:28 - 2014-11-04 15:28 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-04 15:19 - 2014-11-04 15:22 - 00000000 ____D () C:\Users\Inbar\AppData\Local\FreeFixer
2014-11-04 15:19 - 2014-11-04 15:19 - 00000000 ____D () C:\Users\Inbar\AppData\Roaming\FreeFixer
2014-11-04 15:18 - 2014-11-04 15:18 - 02666167 _____ (Kephyr) C:\Users\Inbar\Downloads\freefixersetup.exe
2014-11-04 15:18 - 2014-11-04 15:18 - 00000000 ____D () C:\Users\Inbar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2014-11-04 15:18 - 2014-11-04 15:18 - 00000000 ____D () C:\Program Files\FreeFixer
2014-11-04 14:57 - 2014-02-17 13:41 - 00027456 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2014-11-04 14:56 - 2014-11-04 14:56 - 77279232 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2014-11-04 14:56 - 2014-11-04 14:56 - 43929600 _____ () C:\Windows\system32\config\COMPONENTS.iobit
2014-11-04 14:56 - 2014-11-04 14:56 - 00286720 _____ () C:\Windows\system32\config\DEFAULT.iobit
2014-11-04 14:56 - 2014-11-04 14:56 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2014-11-04 14:56 - 2014-11-04 14:56 - 00024576 _____ () C:\Windows\system32\config\SAM.iobit
2014-11-04 14:55 - 2014-11-04 14:55 - 00002263 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-04 14:55 - 2014-11-04 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-04 14:54 - 2014-11-12 17:33 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-04 14:54 - 2014-11-12 10:59 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-04 14:54 - 2014-11-04 14:54 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-04 14:54 - 2014-11-04 14:54 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-04 14:53 - 2014-11-04 14:53 - 00003094 _____ () C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2014-11-04 14:53 - 2014-11-04 14:53 - 00002854 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Inbar
2014-11-04 14:53 - 2014-11-04 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-11-04 14:53 - 2014-11-04 14:53 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-11-04 14:52 - 2014-11-04 14:53 - 00000000 ____D () C:\Users\Inbar\AppData\Roaming\Apple Computer
2014-11-04 14:50 - 2014-11-04 14:50 - 00000197 _____ () C:\Windows\system32\2014-11-04-20-50-23.086-AvastVBoxSVC.exe-4964.log
2014-11-04 14:46 - 2014-11-04 14:46 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-11-04 14:45 - 2014-11-10 08:55 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-04 14:45 - 2014-11-04 14:45 - 00002886 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Inbar
2014-11-04 14:45 - 2014-11-04 14:45 - 00001236 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-11-04 14:45 - 2014-11-04 14:45 - 00000000 ____D () C:\Users\Inbar\AppData\Roaming\ProductData
2014-11-04 14:44 - 2014-11-04 14:45 - 17344288 _____ (IObit) C:\Users\Inbar\Downloads\iobituninstaller.exe
2014-11-04 14:44 - 2014-11-04 14:44 - 38723968 _____ (IObit ) C:\Users\Inbar\Downloads\advanced-systemcare-setup.exe
2014-11-04 14:36 - 2014-11-04 14:36 - 00000247 _____ () C:\Windows\system32\2014-11-04-20-36-09.047-aswFe.exe-5060.log
2014-11-04 14:33 - 2014-11-04 14:36 - 00000247 _____ () C:\Windows\system32\2014-11-04-20-33-45.088-aswFe.exe-3384.log
2014-11-04 14:33 - 2014-11-04 14:33 - 00000197 _____ () C:\Windows\system32\2014-11-04-20-33-44.087-AvastVBoxSVC.exe-5008.log
2014-11-04 14:32 - 2014-11-12 09:05 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-04 14:32 - 2014-11-04 14:32 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-04 14:32 - 2014-11-04 14:32 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-04 14:32 - 2014-11-04 14:32 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-04 14:32 - 2014-11-04 14:32 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-04 14:32 - 2014-11-04 14:32 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-04 14:32 - 2014-11-04 14:32 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-04 14:32 - 2014-11-04 14:32 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-11-04 14:32 - 2014-11-04 14:32 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-04 14:32 - 2014-11-04 14:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-04 14:32 - 2014-11-04 14:32 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-04 14:32 - 2014-11-04 14:32 - 00001972 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-04 14:32 - 2014-11-04 14:32 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-04 14:32 - 2014-11-04 14:32 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-04 14:32 - 2014-11-04 14:32 - 00000000 ____D () C:\Users\Inbar\AppData\Roaming\AVAST Software
2014-11-04 14:32 - 2014-11-04 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-04 14:30 - 2014-11-04 14:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-04 14:30 - 2014-11-04 14:30 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-04 14:26 - 2014-11-04 14:28 - 00435571 _____ () C:\Users\Inbar\Downloads\avgremover.log
2014-11-04 14:21 - 2014-11-04 14:21 - 05004328 _____ (AVAST Software) C:\Users\Inbar\Downloads\avast_free_antivirus_setup_online.exe
2014-11-04 14:21 - 2014-11-04 14:21 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Inbar\Downloads\avg_remover_stf_x64_2015_5501.exe
2014-11-04 14:20 - 2014-11-04 15:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-04 14:20 - 2014-11-04 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-04 14:20 - 2014-11-04 14:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-04 14:20 - 2014-11-04 14:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-04 14:20 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-04 14:20 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-04 14:20 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-04 14:19 - 2014-11-04 14:19 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Inbar\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-04 14:17 - 2014-11-04 14:17 - 04976456 _____ (Piriform Ltd) C:\Users\Inbar\Downloads\ccsetup419.exe
2014-10-30 10:00 - 2014-10-30 12:19 - 00000000 ____D () C:\ProgramData\390cc85377a92420
2014-10-30 08:21 - 2014-11-04 14:23 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-10-30 08:20 - 2014-10-30 08:20 - 00058040 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNew.sys
2014-10-30 08:20 - 2014-10-30 08:20 - 00001936 _____ () C:\Windows\patsearch.bin
2014-10-30 08:20 - 2014-10-30 08:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-30 08:19 - 2014-10-30 08:23 - 00000000 ____D () C:\Users\Inbar\AppData\Local\GeniusBox
2014-10-30 08:19 - 2014-10-30 08:19 - 00000064 _____ () C:\Users\Inbar\AppData\Local\394f7061a6e4a11d06e715e579e33e4b
2014-10-25 07:25 - 2014-10-25 07:25 - 29419944 _____ (Oracle Corporation) C:\Users\Inbar\Downloads\jre-7u60-windows.exe
2014-10-25 07:25 - 2014-10-25 07:25 - 00000000 ____D () C:\ProgramData\Driver Support
2014-10-25 07:25 - 2014-08-29 16:02 - 00020296 _____ () C:\Windows\system32\roboot64.exe
2014-10-21 13:32 - 2014-10-21 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-10-21 13:32 - 2014-10-21 13:32 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-10-15 08:10 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 08:10 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 08:10 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 08:10 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 08:10 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 08:10 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 08:10 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 08:10 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 08:10 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 08:10 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 08:10 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 08:10 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 08:10 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 08:10 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 08:10 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 08:10 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 08:10 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 08:10 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 08:10 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 08:10 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 08:10 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 08:10 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 08:10 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 08:10 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 08:10 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 08:10 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 08:10 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 08:10 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 08:10 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 08:10 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 08:10 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 08:10 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 08:10 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 08:10 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 08:10 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 08:10 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 08:10 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 08:10 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 08:10 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 08:10 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 08:10 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 08:10 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 08:10 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 08:10 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 08:10 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 08:10 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 08:10 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 08:10 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 08:10 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 08:10 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 08:10 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 08:10 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 08:10 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 08:10 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 08:10 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 08:10 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 08:10 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 08:10 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 08:10 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 08:10 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 08:10 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 08:10 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 08:10 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 08:10 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 08:10 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 08:10 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 08:10 - 2014-08-28 20:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 08:10 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 08:10 - 2014-08-28 20:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 08:10 - 2014-08-28 20:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-15 08:10 - 2014-08-28 20:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 08:10 - 2014-08-28 19:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 08:10 - 2014-08-28 19:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 08:10 - 2014-08-28 19:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 08:10 - 2014-08-28 19:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-15 08:10 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 08:10 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 08:10 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 08:10 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 08:10 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 08:10 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 08:10 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 08:10 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 08:10 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 08:10 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 08:10 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 08:10 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 08:10 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 08:10 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 08:10 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 08:10 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 08:10 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-12 17:33 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 11:34 - 2013-04-16 17:17 - 01359879 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 11:33 - 2014-01-28 14:14 - 00001012 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-12 11:33 - 2014-01-28 14:14 - 00000996 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-12 11:23 - 2013-04-17 08:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 09:05 - 2013-06-13 20:20 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-11 17:14 - 2013-06-13 19:53 - 00000000 ____D () C:\Users\Inbar\AppData\Local\LogMeIn Hamachi
2014-11-11 16:28 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 11:45 - 2013-04-16 17:31 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FF098157-94B2-43D4-9FF2-E871644B2CBA}
2014-11-11 11:19 - 2009-07-13 22:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 11:19 - 2009-07-13 22:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 14:43 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-06 13:16 - 2013-10-29 07:49 - 00000000 ____D () C:\Users\Inbar\Documents\PFWL
2014-11-04 21:46 - 2013-04-16 17:17 - 00000000 ____D () C:\Users\Inbar
2014-11-04 21:16 - 2013-04-17 07:59 - 00000000 ____D () C:\Users\Inbar\AppData\Local\Deployment
2014-11-04 16:18 - 2014-08-11 19:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-04 16:18 - 2013-10-16 18:06 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-04 16:18 - 2013-04-17 17:18 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-04 16:18 - 2013-04-17 08:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-04 16:18 - 2013-04-17 08:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-04 16:18 - 2013-04-17 08:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-04 14:57 - 2013-04-17 01:11 - 00000000 ____D () C:\Windows\Panther
2014-11-04 14:55 - 2013-04-17 07:59 - 00000000 ____D () C:\Users\Inbar\AppData\Local\Google
2014-11-04 14:54 - 2013-04-17 07:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-04 14:53 - 2013-04-17 16:40 - 00000000 ____D () C:\ProgramData\IObit
2014-11-04 14:53 - 2013-04-17 16:40 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-11-04 14:52 - 2013-04-17 16:40 - 00000000 ____D () C:\Users\Inbar\AppData\Roaming\IObit
2014-11-04 14:17 - 2013-04-17 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-04 14:17 - 2013-04-17 17:15 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-04 14:14 - 2013-04-16 17:20 - 00000000 ____D () C:\Users\Inbar\AppData\Local\VirtualStore
2014-11-03 10:41 - 2013-06-13 20:20 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-11-03 10:41 - 2013-06-13 20:20 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-11-03 10:41 - 2013-06-13 20:20 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-11-03 10:41 - 2013-06-13 20:20 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-10-28 14:54 - 2013-10-05 18:18 - 00000000 ____D () C:\Windows\rescache
2014-10-28 05:34 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-21 18:32 - 2009-07-13 22:45 - 00307800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-21 13:32 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-21 09:49 - 2014-05-22 02:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-21 09:43 - 2013-04-17 16:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-21 09:42 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-21 09:41 - 2013-09-10 21:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-21 09:40 - 2013-04-16 18:03 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Inbar\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-11 11:41
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Inbar at 2014-11-12 11:35:37
Running from C:\Users\Inbar\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
Boot Camp Services (HKLM\...\{FA2B2C2A-EA41-495A-9308-60726125D562}) (Version: 5.0.5033 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
FreeFixer (HKLM-x32\...\FreeFixer1.12) (Version: 1.12 - Kephyr)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.0.4.30 - IObit)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LogMeIn (HKLM-x32\...\{CB7AF84A-1B7F-4C6B-8A58-EB7CDE48C23A}) (Version: 4.1.3268 - LogMeIn, Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.255 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.255 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4006.2305 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM-x32\...\{41BB84BA-5CE5-403D-9650-990299509F14}) (Version: 13.0.4.705 - SAP)
SAP Crystal Reports runtime engine for .NET Framework 4 (64-bit) (HKLM\...\{C306FE94-98CC-4727-9D85-2BA9EB3078CD}) (Version: 13.0.2.469 - SAP)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net  (02/01/2008 3.10.3.10) (HKLM\...\D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\EA3C044F6FD39CEC8F4F596836BF4197E97E1D39) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Keyboard (10/29/2012 5.0.3.0) (HKLM\...\59357B4067FCABD09BD751BD9A00336CF05B2E22) (Version: 10/29/2012 5.0.3.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch (09/11/2012 4.0.3.0) (HKLM\...\B374E899604BD9007FF7564A07F627CCDA58763C) (Version: 09/11/2012 4.0.3.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/11/2012 4.0.3.0) (HKLM\...\742CB1BDA52EA9F1BBE482DA6DAA17944652B476) (Version: 09/11/2012 4.0.3.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple System Device (08/28/2012 5.0.0.0) (HKLM\...\051EC488BEF1D02E9051B188C43B026A88E197E5) (Version: 08/28/2012 5.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Trackpad (10/29/2011 5.0.0.0) (HKLM\...\551732BB0872DA97E26385C221B172A5BD4DE93C) (Version: 10/29/2011 5.0.0.0 - Apple Inc.)
Windows Driver Package - Atheros Communications Inc. (athr) Net  (11/13/2010 9.2.0.113) (HKLM\...\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows Driver Package - Broadcom (b57nd60a) Net  (09/04/2012 15.4.0.17) (HKLM\...\75E64992A03EC5E73D33586790CC506561DCC5DB) (Version: 09/04/2012 15.4.0.17 - Broadcom)
Windows Driver Package - Broadcom (B57ports) Net  (06/16/2009 1.0.0.1) (HKLM\...\FC2077892425ED71A137B1CB6D99A9CA7475435D) (Version: 06/16/2009 1.0.0.1 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net  (11/13/2012 5.106.199.1) (HKLM\...\3D6DDDCF8961C8C866F6660579A59B5B6CFA281F) (Version: 11/13/2012 5.106.199.1 - Broadcom)
Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost  (08/14/2012 1.0.0.243) (HKLM\...\ADF3AD5C5705E56E7DEA1447D58EFF216BA1223D) (Version: 08/14/2012 1.0.0.243 - Broadcom Corporation)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (11/09/2012 6.6001.1.38) (HKLM\...\907F370097451D1FE9BF31A43BF04CDAF69407D4) (Version: 11/09/2012 6.6001.1.38 - Cirrus Logic, Inc.)
Windows Driver Package - Intel (e1express) Net  (03/26/2010 9.13.41.0) (HKLM\...\159439476E3A00F9FAE49DD6C1A78F2F6288A5B9) (Version: 03/26/2010 9.13.41.0 - Intel)
Windows Driver Package - Intel (e1kexpress) Net  (04/12/2010 11.6.92.0) (HKLM\...\5BEF08C10896D86DC13394FFA75874564B700368) (Version: 04/12/2010 11.6.92.0 - Intel)
Windows Driver Package - Intel (e1qexpress) Net  (12/04/2009 11.4.7.0) (HKLM\...\57AFA39B22ADEC4E383572E9331167546EB3C9C7) (Version: 12/04/2009 11.4.7.0 - Intel)
Windows Driver Package - Intel (e1rexpress) Net  (01/07/2010 11.4.16.0) (HKLM\...\F71DB41300D30088C8D3716343D1429488E605C1) (Version: 01/07/2010 11.4.16.0 - Intel)
Windows Driver Package - Intel (e1yexpress) Net  (04/07/2010 10.1.9.0) (HKLM\...\CB599752301BCA080D135697FDD05900F5A5CF4C) (Version: 04/07/2010 10.1.9.0 - Intel)
Windows Driver Package - Intel System  (07/20/2007 1.2.76.0) (HKLM\...\E2708073906571A0B56F17FD825EF19281ECE29B) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows Driver Package - Marvell (yukonx64) Net  (12/06/2007 10.51.1.3) (HKLM\...\CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A) (Version: 12/06/2007 10.51.1.3 - Marvell)
Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA  (07/03/2012 1.3.18.0) (HKLM\...\B46A8C1640335CA36A800E2C6D832964F6F58B54) (Version: 07/03/2012 1.3.18.0 - NVIDIA Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
30-10-2014 14:21:23 Installed AVG 2015
30-10-2014 14:21:35 Installed AVG 2015
04-11-2014 17:43:05 Advanced-System Protector
04-11-2014 20:11:12 IObit Uninstaller restore point
04-11-2014 20:11:41 Removed AVG 2015
04-11-2014 20:12:30 Removed AVG 2015
04-11-2014 20:30:42 avast! antivirus system restore point
04-11-2014 20:57:37 Windows Modules Installer
04-11-2014 22:10:54 Checkpoint by HitmanPro
04-11-2014 22:11:27 Checkpoint by HitmanPro
10-11-2014 14:56:19 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2014-11-04 14:23 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {382BD829-A96E-4AE8-871B-29AB1DC9C377} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {486043BB-45F8-4644-983C-72590B97E9CA} - System32\Tasks\Uninstaller_SkipUac_Inbar => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-04] (IObit)
Task: {965B0221-12E2-4A49-870E-9966E0352B42} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {B8B130FC-95D3-4439-82A2-9AFDA084CDAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-04] (Adobe Systems Incorporated)
Task: {C640CDB0-DE33-40A6-869C-B49BE521A15C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.)
Task: {CDA70B68-4413-414D-9BBF-834F253CC4F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.)
Task: {D446B275-7893-41DD-A690-650661A2455D} - System32\Tasks\ASC7_SkipUac_Inbar => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
Task: {E9A2E7B5-46BF-49F8-AB7D-66D026DD626B} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-08-20] (IObit)
Task: {ED912F1D-60D9-4BDC-8DBF-72A511C9EBB0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-04] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-01-16 16:55 - 2013-01-16 16:55 - 00226144 _____ () C:\Windows\system32\AppleOSSMgr.exe
2013-04-16 19:54 - 2012-12-10 23:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-04 14:32 - 2014-11-04 14:32 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-04 14:32 - 2014-11-04 14:32 - 05846160 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2013-11-15 13:56 - 2013-11-15 13:56 - 00082744 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\IBuEngHost.exe
2014-11-04 14:52 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2014-11-12 09:06 - 2014-11-12 09:06 - 02902016 _____ () C:\Program Files\AVAST Software\Avast\defs\14111200\algo.dll
2014-11-04 14:32 - 2014-11-04 14:32 - 04491192 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-11-04 14:52 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madExcept_.bpl
2014-11-04 14:52 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madBasic_.bpl
2014-11-04 14:52 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madDisAsm_.bpl
2014-11-04 14:52 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
2014-01-16 12:04 - 2014-01-16 12:04 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
2014-01-16 12:04 - 2014-01-16 12:04 - 00021832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll
2013-03-11 09:23 - 2013-03-11 09:23 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll
2014-01-16 12:04 - 2014-01-16 12:04 - 00141640 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll
2014-01-16 12:04 - 2014-01-16 12:04 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll
2014-01-16 12:04 - 2014-01-16 12:04 - 00415560 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll
2014-01-16 12:04 - 2014-01-16 12:04 - 00529224 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll
2014-01-16 10:04 - 2014-01-16 10:04 - 00128840 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll
2014-01-16 12:04 - 2014-01-16 12:04 - 00570696 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll
2014-01-16 12:04 - 2014-01-16 12:04 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll
2014-11-04 14:32 - 2014-11-04 14:32 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-11-23 20:21 - 2011-11-23 20:21 - 00105576 ____R () C:\Program Files (x86)\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
2014-11-04 14:52 - 2013-12-02 19:06 - 01281312 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\Scan.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\CN33EBXH1S05KC:NW
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-704479898-1673602517-2252040063-500 - Administrator - Disabled)
Guest (S-1-5-21-704479898-1673602517-2252040063-501 - Limited - Disabled)
Inbar (S-1-5-21-704479898-1673602517-2252040063-1000 - Administrator - Enabled) => C:\Users\Inbar
LogMeInRemoteUser (S-1-5-21-704479898-1673602517-2252040063-1001 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/12/2014 11:33:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/11/2014 11:41:39 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2013":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'
 
Error: (11/11/2014 11:41:39 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2013":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_23; ;DBF=C:\Users\Inbar\Documents\QuickBooks\Backups\Kenneth J Heinrich, MD, SC April 2014 (QuickBooks2013 Jul 16,2013  12 06 AM).QBW;ENG=QB_data_engine_23;DBN=d4fd234849be43baa2013f6311e575e5
 
Error: (11/11/2014 11:41:39 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2013":
Connection Error:Invalid user ID or password
 
Error: (11/11/2014 11:23:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/71899A67BF33AF31BEFDC071F8F733B183856332.crt> with error: This operation returned because the timeout period expired.
.
 
Error: (11/11/2014 11:23:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/71899A67BF33AF31BEFDC071F8F733B183856332.crt> with error: This operation returned because the timeout period expired.
.
 
Error: (11/11/2014 11:23:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/71899A67BF33AF31BEFDC071F8F733B183856332.crt> with error: This operation returned because the timeout period expired.
.
 
Error: (11/11/2014 11:23:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/71899A67BF33AF31BEFDC071F8F733B183856332.crt> with error: This operation returned because the timeout period expired.
.
 
Error: (11/11/2014 11:11:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/10/2014 00:34:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (11/12/2014 11:34:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/12/2014 11:33:53 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (11/12/2014 11:33:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: 
%%1053
 
Error: (11/12/2014 11:33:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
 
Error: (11/12/2014 09:06:16 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (11/11/2014 06:20:58 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer PFWLSERVER
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B5E89A7F-9FE5-43A7-AC3F-6C80E51A8D88}.
The master browser is stopping or an election is being forced.
 
Error: (11/11/2014 11:12:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/11/2014 11:12:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (11/11/2014 11:11:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: 
%%1053
 
Error: (11/11/2014 11:11:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3540M CPU @ 3.00GHz
Percentage of memory in use: 25%
Total physical RAM: 8066.68 MB
Available physical RAM: 5998.82 MB
Total Pagefile: 16131.55 MB
Available Pagefile: 13644.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (BOOTCAMP) (Fixed) (Total:74.08 GB) (Free:7.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Macintosh HD) (Fixed) (Total:391.03 GB) (Free:140.71 GB) HFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.9 GB) (Disk ID: 00004C91)
 
Partition: GPT Partition Type.
Partition 2: (Not Active) - (Size=391 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=74.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Attached Files


"Stupidity is forever: ignorance can be fixed."


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:17 PM

Posted 12 November 2014 - 01:47 PM

Hi Allan,

Thank you for all the information.

Can you tell me if you installed this program?

Corsica Technology Web Instrument

Please do this.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
S4 LMIRfsClientNP; No ImagePath
2014-10-25 07:25 - 2014-08-29 16:02 - 00020296 _____ () C:\Windows\system32\roboot64.exe
C:\Users\Inbar\AppData\Local\Temp\dllnt_dump.dll
AlternateDataStreams: C:\Windows\SysWOW64\CN33EBXH1S05KC:NW
Folder: C:\ProgramData\390cc85377a92420
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize program?
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 AllanK

AllanK
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 13 November 2014 - 11:29 AM

Hi Gary,

 

Here are the reports - no more Ads by SpeedCheck are popping up.  Looks like you have nailed it!

 

I don't recognize Corsica Technology Web Instrument.

 

==============================================

 

# AdwCleaner v4.101 - Report created 13/11/2014 at 10:00:01
# Updated 09/11/2014 by Xplode
# Database : 2014-11-12.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Inbar - INBAR-PC
# Running from : C:\Users\Inbar\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : webinstrNew
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Driver Support
Folder Deleted : C:\ProgramData\390cc85377a92420
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Users\Inbar\AppData\Local\FreeFixer
Folder Deleted : C:\Users\Inbar\AppData\Local\GeniusBox
Folder Deleted : C:\Users\Inbar\AppData\Roaming\FreeFixer
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\drivers\webinstrNew.sys
File Deleted : C:\Users\Inbar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\Inbar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1924 octets] - [13/11/2014 09:58:34]
AdwCleaner[S0].txt - [1873 octets] - [13/11/2014 10:00:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1933 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Inbar on Thu 11/13/2014 at 10:07:28.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/13/2014 at 10:11:47.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2014
Ran by Inbar at 2014-11-13 10:13:21 Run:1
Running from C:\Users\Inbar\Desktop
Loaded Profile: Inbar (Available profiles: Inbar & LogMeInRemoteUser)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
S4 LMIRfsClientNP; No ImagePath
2014-10-25 07:25 - 2014-08-29 16:02 - 00020296 _____ () C:\Windows\system32\roboot64.exe
C:\Users\Inbar\AppData\Local\Temp\dllnt_dump.dll
AlternateDataStreams: C:\Windows\SysWOW64\CN33EBXH1S05KC:NW
Folder: C:\ProgramData\390cc85377a92420
*****************
 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\intu-help-qb6" => Key deleted successfully.
"HKCR\CLSID\{6898B29B-BF49-43cb-A0B1-D0B9496AF491}" => Key not found.
"HKCR\PROTOCOLS\Handler\qbwc" => Key deleted successfully.
"HKCR\CLSID\{FC598A64-626C-4447-85B8-53150405FD57}" => Key not found.
LMIRfsClientNP => Service deleted successfully.
"C:\Windows\system32\roboot64.exe" => File/Directory not found.
C:\Users\Inbar\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Windows\SysWOW64\CN33EBXH1S05KC => ":NW" ADS removed successfully.
 
========================= Folder: C:\ProgramData\390cc85377a92420 ========================
 
Directory Not Found
 
==== End of Fixlog ====
 

"Stupidity is forever: ignorance can be fixed."


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:17 PM

Posted 13 November 2014 - 04:30 PM

Very good. :thumbsup2:

We still have some work to do to make sure your computer sparkles.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [58040 2014-10-30] (Corsica)
C:\Windows\system32\Drivers\webinstrNew.sys
EmptyTemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Emsisoft log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 AllanK

AllanK
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 15 November 2014 - 03:08 PM

Hi Gary,

 

Here you go.  No more pop-ups, seems to be running well.

 

===============================

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014
Ran by Inbar at 2014-11-15 12:50:46 Run:2
Running from C:\Users\Inbar\Desktop
Loaded Profile: Inbar (Available profiles: Inbar & LogMeInRemoteUser)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [58040 2014-10-30] (Corsica)
C:\Windows\system32\Drivers\webinstrNew.sys
EmptyTemp:
*****************
 
webinstrNew => Service not found.
"C:\Windows\system32\Drivers\webinstrNew.sys" => File/Directory not found.
EmptyTemp: => Removed 197.4 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 

Emsisoft Emergency Kit - Version 9.0
Last update: 11/15/2014 12:56:16 PM
User account: Inbar-PC\Inbar
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 11/15/2014 1:54:12 PM
Value: HKEY_USERS\S-1-5-21-704479898-1673602517-2252040063-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-704479898-1673602517-2252040063-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\webinstrNew.sys.vir detected: Application.Win32.AdSong (A)
 
Scanned 768635
Found 3
 
Scan end: 11/15/2014 2:02:03 PM
Scan time: 0:07:51
 
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\webinstrNew.sys.vir Quarantined Application.Win32.AdSong (A)
Value: HKEY_USERS\S-1-5-21-704479898-1673602517-2252040063-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-704479898-1673602517-2252040063-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
 
Quarantined 3
==========================================
 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Java 8 Update 25  
 Adobe Reader XI  
 Google Chrome 38.0.2125.111  
 Google Chrome 38.0.2125.122  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 5% 
````````````````````End of Log`````````````````````` 
===============================================
 

 


"Stupidity is forever: ignorance can be fixed."


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:17 PM

Posted 15 November 2014 - 04:42 PM

Greetings one last time Allan!

That looks great. It looks like we are all done. :thumbsup:

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a day or so in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 AllanK

AllanK
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 16 November 2014 - 12:27 AM

Many, many thanks for your help. Much appreciated!

Cheers!

"Stupidity is forever: ignorance can be fixed."


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:17 PM

Posted 16 November 2014 - 09:31 AM

:)
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:17 PM

Posted 17 November 2014 - 10:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users