Solved PC is very slow

[chipopo2]

I use only Google Chrome but also have IE installed.

 

[Broni]

Go on...

 

[chipopo2]

I only use Google Chrome but also have IE installed.



# AdwCleaner v4.110 - Logfile created 16/02/2015 at 00:46:02
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : Elad - ELAD-PC
# Running from : D:\Elad\Downloads\adwcleaner_4.110 (1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Google Chrome v40.0.2214.111


*************************

AdwCleaner[R0].txt - [1165 bytes] - [15/02/2015 10:47:45]
AdwCleaner[R1].txt - [863 bytes] - [16/02/2015 00:42:46]
AdwCleaner[S0].txt - [1239 bytes] - [15/02/2015 10:50:31]
AdwCleaner[S1].txt - [791 bytes] - [16/02/2015 00:46:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [849 bytes] ##########

 

[chipopo2]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Enterprise x64
Ran by Elad on Mon 02/16/2015 at 0:54:54.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/16/2015 at 0:58:03.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[chipopo2]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Elad (administrator) on ELAD-PC on 16-02-2015 01:01:17
Running from C:\Users\Elad\Desktop
Loaded Profiles: Elad (Available profiles: Elad & ילדים)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: עברית (ישראל)‏
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\Elad\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Thisisu) C:\Users\Elad\Desktop\JRT (2).exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3441956485-605021414-3669656422-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-3441956485-605021414-3669656422-1000\...\Run: [Google Update] => C:\Users\Elad\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-26] (Google Inc.)
HKU\S-1-5-21-3441956485-605021414-3669656422-1000\...\Run: [GoogleChromeAutoLaunch_1B47AD2C38DF335E991454E603A6EBCF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Elad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Elad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Elad\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Elad\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Elad\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3441956485-605021414-3669656422-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: עוזר הכניסה של חשבון Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{A6F0F62C-8B26-45C1-BA31-AD087048E295}: [NameServer] 8.8.8.8

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3441956485-605021414-3669656422-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Elad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3441956485-605021414-3669656422-1000: @talk.google.com/O1DPlugin -> C:\Users\Elad\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3441956485-605021414-3669656422-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Elad\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3441956485-605021414-3669656422-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Elad\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3441956485-605021414-3669656422-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Elad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Elad\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Elad\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-05]

Chrome:
=======
CHR HomePage: Default -> https://www.google.co.il/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8
CHR StartupUrls: Default -> "hxxp://www.google.co.il/", "hxxp://istart.webssearches.com/?type=hp&ts=1399152198&from=tugs&uid=TOSHIBAXDT01ACA200_83R0EPBKSXX83R0EPBKSX", "hxxp://istart.webssearches.com/?type=hppp&ts=1399747179&from=tugs&uid=TOSHIBAXDT01ACA200_83R0EPBKSXX83R0EPBKSX", "hxxp://istart.webssearches.com/?type=hppp&ts=1401360630&from=tugs&uid=TOSHIBAXDT01ACA200_83R0EPBKSXX83R0EPBKSX", "hxxp://istart.webssearches.com/?type=hppp&ts=1401709863&from=tugs&uid=TOSHIBAXDT01ACA200_83R0EPBKSXX83R0EPBKSX", "hxxp://istart.webssearches.com/?type=hppp&ts=1401738428&from=tugs&uid=TOSHIBAXDT01ACA200_83R0EPBKSXX83R0EPBKSX"
CHR Profile: C:\Users\Elad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google מצגות) - C:\Users\Elad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-27]
CHR Extension: (Google Docs) - C:\Users\Elad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-27]
CHR Extension: (כונן Google) - C:\Users\Elad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-27]
CHR Extension: (WOT) - C:\Users\Elad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-02-15]
CHR Extension: (YouTube) - C:\Users\Elad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-27]
CHR Extension: (http://www.nrg.co.il/) - C:\Users\Elad\AppData\Local\Google\Chrome\User Data\Default\Extensions\clfdmokcmibpmbgapmfapjoamgbplgal [2014-11-27]
CHR Extension: (חיפוש Google) - C:\Users\Elad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-27]
CHR Extension: (Google Sheets) - C:\Users\Elad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-27]
CHR Extension: (http://qg.sisma.org.il/school/massuah/classes) - C:\Users\Elad\AppData\Local\Google\Chrome\User Data\Default\Extensions\flhjhancahhnneceefpbbpjoneilnggh [2014-11-27]
CHR Extension: (AdBlock) - C:\Users\Elad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-27]
CHR Extension: (Avast Online Security) - C:\Users\Elad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-27]
CHR Extension: (http://www.sisma.org.il/Pages/homepage.aspx) - C:\Users\Elad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkclklidconadhckdgddkjiflbggajao [2014-11-27]
CHR Extension: (http://grooveshark.com/) - C:\Users\Elad\AppData\Local\Google\Chrome\User Data\Default\Extensions\iihhhkmbmpohpepnfhfnbdlcpfbmebeb [2014-11-27]
CHR Extension: (Google Wallet) - C:\Users\Elad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-27]
CHR Extension: (Gmail) - C:\Users\Elad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-01] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-01] (Avast Software)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-01] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-01] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-04-11] (DEVGURU Co., LTD.(www.devguru.co.kr))
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-15] ()
S3 usbrndis6; C:\Windows\system32\drivers\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-01] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 01:01 - 2015-02-16 01:01 - 00017078 _____ () C:\Users\Elad\Desktop\FRST.txt
2015-02-16 01:00 - 2015-02-16 01:01 - 00000000 ____D () C:\FRST
2015-02-16 00:58 - 2015-02-16 00:58 - 00000630 _____ () C:\Users\Elad\Desktop\JRT.txt
2015-02-16 00:45 - 2015-02-16 00:45 - 02085888 _____ (Farbar) C:\Users\Elad\Desktop\FRST64.exe
2015-02-16 00:44 - 2015-02-16 00:48 - 00000056 _____ () C:\Windows\setupact.log
2015-02-16 00:44 - 2015-02-16 00:44 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-16 00:43 - 2015-02-16 00:44 - 01388274 _____ (Thisisu) C:\Users\Elad\Desktop\JRT (2).exe
2015-02-15 22:25 - 2015-02-15 22:44 - 00000000 ____D () C:\Users\Elad\Desktop\mbar
2015-02-15 19:49 - 2015-02-15 19:49 - 00000247 _____ () C:\Windows\system32\2015-02-15-17-49-13.064-aswFe.exe-5104.log
2015-02-15 19:45 - 2015-02-15 19:49 - 00000247 _____ () C:\Windows\system32\2015-02-15-17-45-10.004-aswFe.exe-4440.log
2015-02-15 19:45 - 2015-02-15 19:45 - 00000197 _____ () C:\Windows\system32\2015-02-15-17-45-06.031-AvastVBoxSVC.exe-3816.log
2015-02-15 19:35 - 2015-02-15 19:39 - 00000247 _____ () C:\Windows\system32\2015-02-15-17-35-01.035-aswFe.exe-5060.log
2015-02-15 19:34 - 2015-02-15 19:35 - 00000197 _____ () C:\Windows\system32\2015-02-15-17-34-58.069-AvastVBoxSVC.exe-5304.log
2015-02-15 19:22 - 2015-02-15 19:22 - 00000247 _____ () C:\Windows\system32\2015-02-15-17-22-44.056-aswFe.exe-2628.log
2015-02-15 19:14 - 2015-02-15 19:22 - 00000247 _____ () C:\Windows\system32\2015-02-15-17-14-51.036-aswFe.exe-4924.log
2015-02-15 19:14 - 2015-02-15 19:14 - 00000197 _____ () C:\Windows\system32\2015-02-15-17-14-45.092-AvastVBoxSVC.exe-5604.log
2015-02-15 10:55 - 2015-02-15 10:55 - 00000197 _____ () C:\Windows\system32\2015-02-15-08-55-36.096-AvastVBoxSVC.exe-2480.log
2015-02-15 10:47 - 2015-02-16 00:46 - 00000000 ____D () C:\AdwCleaner
2015-02-15 10:40 - 2015-02-15 10:40 - 00000000 ____D () C:\Users\Elad\AppData\Local\Secunia PSI
2015-02-15 10:28 - 2015-02-15 10:28 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-02-15 10:28 - 2015-02-15 10:28 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-02-15 00:00 - 2015-02-15 00:00 - 00000197 _____ () C:\Windows\system32\2015-02-14-22-00-08.046-AvastVBoxSVC.exe-2456.log
2015-02-14 23:18 - 2015-01-15 10:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-14 23:18 - 2015-01-15 10:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-14 23:18 - 2015-01-15 10:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-14 23:18 - 2015-01-15 10:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-14 23:18 - 2015-01-15 10:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-14 23:18 - 2015-01-15 10:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-14 23:18 - 2015-01-15 10:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-14 23:18 - 2015-01-15 10:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-14 23:18 - 2015-01-15 10:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-14 23:18 - 2015-01-15 10:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-14 23:18 - 2015-01-15 10:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-14 23:18 - 2015-01-15 09:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-14 23:18 - 2015-01-15 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-14 23:18 - 2015-01-15 09:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-14 23:18 - 2015-01-15 09:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-14 23:18 - 2015-01-15 09:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-14 23:18 - 2015-01-15 09:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-14 23:18 - 2015-01-15 06:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-14 23:17 - 2015-01-14 08:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-14 23:17 - 2015-01-14 08:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-14 23:17 - 2015-01-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-14 23:17 - 2015-01-14 08:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-14 23:17 - 2015-01-14 07:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-14 23:17 - 2015-01-14 07:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-14 23:17 - 2015-01-14 07:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-14 23:17 - 2015-01-14 07:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-14 23:17 - 2015-01-14 07:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-14 23:17 - 2015-01-12 05:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-14 23:17 - 2015-01-12 05:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-14 23:17 - 2015-01-12 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-14 23:17 - 2015-01-12 04:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-14 23:17 - 2015-01-12 04:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-14 23:17 - 2015-01-12 04:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-14 23:17 - 2015-01-12 04:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-14 23:17 - 2015-01-12 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-14 23:17 - 2015-01-12 04:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-14 23:17 - 2015-01-12 04:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-14 23:17 - 2015-01-12 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-14 23:17 - 2015-01-12 04:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-14 23:17 - 2015-01-12 04:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-14 23:17 - 2015-01-12 04:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-14 23:17 - 2015-01-12 04:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 23:17 - 2015-01-12 04:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-14 23:17 - 2015-01-12 04:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-14 23:17 - 2015-01-12 04:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-14 23:17 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-14 23:17 - 2015-01-12 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-14 23:17 - 2015-01-12 04:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-14 23:17 - 2015-01-12 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-14 23:17 - 2015-01-12 04:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-14 23:17 - 2015-01-12 04:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-14 23:17 - 2015-01-12 04:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-14 23:17 - 2015-01-12 04:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-14 23:17 - 2015-01-12 04:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-14 23:17 - 2015-01-12 04:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-14 23:17 - 2015-01-12 04:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-14 23:17 - 2015-01-12 03:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-14 23:17 - 2015-01-12 03:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-14 23:17 - 2015-01-12 03:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-14 23:17 - 2015-01-12 03:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-14 23:17 - 2015-01-12 03:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-14 23:17 - 2015-01-12 03:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-14 23:17 - 2015-01-12 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-14 23:17 - 2015-01-12 03:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-14 23:17 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-14 23:17 - 2015-01-12 03:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-14 23:17 - 2015-01-12 03:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-14 23:17 - 2015-01-12 03:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-14 23:17 - 2015-01-12 03:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-14 23:17 - 2015-01-12 03:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-14 23:17 - 2015-01-12 03:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-14 23:17 - 2015-01-12 03:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-14 23:17 - 2015-01-12 03:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-14 23:17 - 2015-01-12 03:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-14 23:17 - 2015-01-12 03:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-14 23:17 - 2015-01-12 03:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-14 23:17 - 2015-01-12 03:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-14 23:17 - 2015-01-12 03:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-14 23:17 - 2015-01-12 03:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-14 23:17 - 2015-01-12 02:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-14 23:17 - 2015-01-12 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-14 23:17 - 2015-01-10 08:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-14 23:17 - 2015-01-10 08:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-14 23:17 - 2015-01-10 08:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-14 23:17 - 2015-01-10 08:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-14 23:17 - 2015-01-10 08:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-14 23:17 - 2015-01-10 08:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-14 23:17 - 2015-01-10 08:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-14 23:17 - 2015-01-10 08:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-14 23:17 - 2015-01-10 08:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-14 23:17 - 2015-01-10 08:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-14 23:17 - 2015-01-10 08:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-14 23:16 - 2015-01-13 05:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-14 23:16 - 2015-01-13 04:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-14 23:16 - 2015-01-10 08:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-14 23:16 - 2015-01-10 08:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-14 23:16 - 2015-01-10 08:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-14 23:16 - 2015-01-09 04:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-14 23:16 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-14 23:16 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-14 22:37 - 2015-02-14 22:37 - 00000197 _____ () C:\Windows\system32\2015-02-14-20-37-37.054-AvastVBoxSVC.exe-2256.log
2015-02-09 11:22 - 2015-02-09 11:22 - 00000197 _____ () C:\Windows\system32\2015-02-09-09-22-25.072-AvastVBoxSVC.exe-2568.log
2015-02-09 11:03 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-02-09 11:03 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-02-09 11:03 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-02-09 11:03 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-02-09 11:03 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-02-09 11:03 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-02-09 11:03 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-02-09 11:03 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-02-09 10:46 - 2015-02-09 10:46 - 00000000 ____D () C:\Windows\he
2015-02-09 10:45 - 2015-02-09 10:45 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-02-09 10:45 - 2015-02-09 10:45 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-02-09 10:45 - 2015-02-09 10:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-02-09 10:43 - 2015-02-09 10:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-02-09 10:43 - 2015-02-09 10:43 - 00000000 ____D () C:\Program Files\Windows Live
2015-02-09 10:43 - 2014-03-31 21:06 - 00058056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2015-02-09 10:42 - 2015-02-09 10:46 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-02-09 10:40 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-02-09 10:40 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-02-09 10:40 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-02-09 10:40 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-02-09 10:40 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-02-09 10:40 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-02-09 10:40 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-02-09 10:40 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-02-09 10:40 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-02-09 10:40 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-02-09 10:39 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-02-09 10:39 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-02-09 10:38 - 2015-02-09 10:38 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-02-09 10:36 - 2015-02-15 02:25 - 00000000 ____D () C:\Users\Elad\AppData\Local\Windows Live
2015-02-07 19:30 - 2015-02-07 19:31 - 00000197 _____ () C:\Windows\system32\2015-02-07-17-30-20.089-AvastVBoxSVC.exe-2292.log
2015-01-31 21:00 - 2015-01-31 21:00 - 00000000 ____D () C:\Users\Elad\AppData\Roaming\Mozilla
2015-01-31 20:01 - 2015-01-31 20:02 - 00000197 _____ () C:\Windows\system32\2015-01-31-18-01-53.017-AvastVBoxSVC.exe-2140.log
2015-01-23 16:48 - 2015-01-23 16:48 - 00000197 _____ () C:\Windows\system32\2015-01-23-14-48-21.025-AvastVBoxSVC.exe-2252.log
2015-01-22 10:55 - 2015-01-22 10:55 - 00000197 _____ () C:\Windows\system32\2015-01-22-08-55-00.027-AvastVBoxSVC.exe-2084.log
2015-01-22 09:50 - 2015-01-22 10:48 - 00000000 ____D () C:\Users\Elad\Desktop\תיקיה חדשה
2015-01-17 20:00 - 2015-01-17 20:01 - 00000197 _____ () C:\Windows\system32\2015-01-17-18-00-35.047-AvastVBoxSVC.exe-2140.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 00:55 - 2009-07-14 06:45 - 00018880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 00:55 - 2009-07-14 06:45 - 00018880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 00:54 - 2014-11-05 11:48 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-16 00:54 - 2014-01-04 20:54 - 00000000 ____D () C:\Users\Elad\AppData\Roaming\Copy
2015-02-16 00:52 - 2013-12-13 10:45 - 01653200 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 00:51 - 2013-12-20 09:55 - 00000000 ____D () C:\Users\Elad\AppData\Roaming\Dropbox
2015-02-16 00:49 - 2014-11-27 10:31 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 00:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 00:42 - 2014-11-27 10:31 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 00:42 - 2013-12-16 20:38 - 00000000 ____D () C:\Users\Elad\AppData\Roaming\vlc
2015-02-16 00:26 - 2013-12-14 23:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-16 00:06 - 2014-05-26 20:37 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3441956485-605021414-3669656422-1000UA.job
2015-02-15 22:44 - 2014-11-11 12:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-15 22:26 - 2014-06-08 19:14 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-15 22:25 - 2014-06-08 19:14 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-15 22:14 - 2014-11-11 10:52 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-15 11:01 - 2013-12-16 20:33 - 00000000 ____D () C:\Users\Elad\AppData\Roaming\uTorrent
2015-02-15 10:21 - 2014-05-03 23:32 - 00000000 ____D () C:\Users\Elad\AppData\Local\com
2015-02-15 10:12 - 2014-06-08 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-15 10:12 - 2014-06-08 19:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-15 06:06 - 2014-05-26 20:37 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3441956485-605021414-3669656422-1000Core.job
2015-02-15 04:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-02-14 23:57 - 2009-07-14 06:45 - 00447632 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-14 23:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2015-02-14 23:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2015-02-14 23:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\he-IL
2015-02-14 23:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-02-14 23:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-14 23:37 - 2013-12-14 22:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-14 23:30 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-14 23:29 - 2013-12-21 19:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-14 23:22 - 2013-12-21 19:50 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-13 13:03 - 2013-12-20 09:56 - 00000000 ____D () C:\Users\Elad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 20:17 - 2009-09-03 10:15 - 00390626 _____ () C:\Windows\system32\perfh00D.dat
2015-02-12 20:17 - 2009-09-03 10:15 - 00083858 _____ () C:\Windows\system32\perfc00D.dat
2015-02-12 20:17 - 2009-09-03 10:00 - 00680166 _____ () C:\Windows\system32\perfh00C.dat
2015-02-12 20:17 - 2009-09-03 10:00 - 00469020 _____ () C:\Windows\system32\perfh001.dat
2015-02-12 20:17 - 2009-09-03 10:00 - 00128832 _____ () C:\Windows\system32\perfc00C.dat
2015-02-12 20:17 - 2009-09-03 10:00 - 00093678 _____ () C:\Windows\system32\perfc001.dat
2015-02-12 20:17 - 2009-07-14 07:13 - 02611390 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-10 11:21 - 2014-10-18 21:26 - 00000000 ____D () C:\Users\Elad\Desktop\psalim
2015-02-09 15:30 - 2014-04-09 10:15 - 00000000 ____D () C:\Users\ילדים\Desktop\הלל
2015-02-09 11:17 - 2009-09-03 10:14 - 00000000 ____D () C:\Windows\system32\Drivers\he-IL
2015-02-09 11:17 - 2009-09-03 09:59 - 00000000 ____D () C:\Windows\system32\Drivers\ar-SA
2015-02-09 10:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-05 06:01 - 2014-05-26 20:37 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3441956485-605021414-3669656422-1000UA
2015-02-05 06:01 - 2014-05-26 20:37 - 00003506 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3441956485-605021414-3669656422-1000Core
2015-02-05 00:26 - 2013-12-14 23:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 00:26 - 2013-12-14 23:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 00:26 - 2013-12-14 23:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 09:36 - 2014-11-27 10:31 - 00003924 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 09:36 - 2014-11-27 10:31 - 00003672 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-31 20:10 - 2014-11-12 18:02 - 00000000 ____D () C:\Users\Elad\AppData\Local\CrashDumps
2015-01-31 20:10 - 2014-11-05 11:25 - 00000000 ____D () C:\Windows\Minidump
2015-01-31 20:10 - 2013-12-13 20:41 - 00000000 ____D () C:\Windows\Panther

Some content of TEMP:
====================
C:\Users\Elad\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Elad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzs8lc4.dll
C:\Users\Elad\AppData\Local\Temp\Quarantine.exe
C:\Users\Elad\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 00:24

==================== End Of Log ============================

 

[chipopo2]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Elad at 2015-02-16 01:01:54
Running from C:\Users\Elad\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3441956485-605021414-3669656422-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Avidemux 2.6 (HKLM-x32\...\Avidemux 2.6 (64-bit)) (Version: 2.6.1.8321 - )
AviSynth 2.5 (HKLM-x32\...\Avisynth) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Copy (HKLM\...\{3FB1FFA4-3B59-4B9E-A6E9-FDDBDA9D74A1}) (Version: 1.41.253.0 - Barracuda Networks, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3441956485-605021414-3669656422-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FormatFactory 3.3.3.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.3.0 - Format Factory)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Kingo Android ROOT version 1.2.1.1912 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.2.1.1912 - Kingosoft Technology Ltd.)
Malwarebytes Anti-Malware גירסה 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mendeley Desktop 1.11 (HKLM-x32\...\Mendeley Desktop) (Version: 1.11 - Mendeley Ltd.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile HEB Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile HEB Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended HEB Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended HEB Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{0E8D886F-3205-4472-848E-990F400FF218}) (Version: 7601 - Microsoft)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{5CBDF0C2-6FD1-4A32-9A0A-143D9AB91CCE}) (Version: 7601 - Microsoft)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{8DD62FB6-083D-40B9-9D7D-48449FDDDED5}) (Version: 7601 - Microsoft)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{C6DB958A-50CC-481B-9ED8-3BAD236F7B49}) (Version: 7601 - Microsoft)
MKVcleaver 64 bit (HKLM\...\{2C9ACE67-EEDB-4DE6-8C62-11B4AC037D50}) (Version: 6.0.2 - Ilia Bakhmoutski (sheck))
MKVToolNix 7.0.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.0.0 - Moritz Bunkus)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MyFreeCodec (HKU\S-1-5-21-3441956485-605021414-3669656422-1000\...\MyFreeCodec) (Version: - )
RarmaRadio 2.69 (HKLM-x32\...\RarmaRadio_is1) (Version: - RaimerSoft)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Unity Web Player (HKU\S-1-5-21-3441956485-605021414-3669656422-1000\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
גלריית התמונות (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
ערכת שפה של Microsoft Visual Studio 2010 Tools for Office Runtime (x64)‎ - ‏HEB (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - HEB) (Version: 10.0.50903 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3441956485-605021414-3669656422-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Elad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3441956485-605021414-3669656422-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Elad\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3441956485-605021414-3669656422-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Elad\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3441956485-605021414-3669656422-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Elad\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3441956485-605021414-3669656422-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Elad\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3441956485-605021414-3669656422-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Elad\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3441956485-605021414-3669656422-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Elad\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3441956485-605021414-3669656422-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Elad\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3441956485-605021414-3669656422-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Elad\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3441956485-605021414-3669656422-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Elad\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3441956485-605021414-3669656422-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Elad\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

15-11-2014 23:54:50 End of disinfection
17-11-2014 02:24:35 Windows Update
17-11-2014 07:00:56 Windows Update
20-11-2014 10:42:52 Windows Update
27-11-2014 10:26:36 Windows Update
03-12-2014 21:28:41 Windows Update
06-12-2014 21:32:20 Windows Update
10-12-2014 19:01:05 Windows Update
15-12-2014 19:01:05 גיבוי Windows
18-12-2014 14:41:43 Windows Update
21-12-2014 22:22:57 Windows Update
29-12-2014 00:00:06 נקודת ביקורת מתוזמנת
01-01-2015 21:54:05 avast! antivirus system restore point
06-01-2015 22:42:49 Windows Update
11-01-2015 22:23:07 Windows Update
14-01-2015 22:01:02 Windows Update
15-01-2015 19:01:01 גיבוי Windows
23-01-2015 01:34:38 נקודת ביקורת מתוזמנת
24-01-2015 20:16:12 Windows Update
31-01-2015 23:09:41 נקודת ביקורת מתוזמנת
07-02-2015 20:16:29 Windows Update
09-02-2015 10:36:24 Windows Live Essentials
09-02-2015 10:39:19 Installed DirectX
09-02-2015 10:39:50 Installed DirectX
09-02-2015 10:40:25 Installed DirectX
09-02-2015 10:42:37 WLSetup
09-02-2015 11:02:22 Windows Update
14-02-2015 23:18:40 Windows Update
15-02-2015 19:00:45 גיבוי Windows

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {23D914CD-5125-4410-BD8B-2EF2F77121D4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3441956485-605021414-3669656422-1000Core => C:\Users\Elad\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-26] (Google Inc.)
Task: {29CEE17A-F772-4ABD-8BCF-662E424682B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-27] (Google Inc.)
Task: {29E50249-D754-45F7-B54A-6D2532CF029E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-01] (AVAST Software)
Task: {34B83ED5-0193-4223-8B39-95A88AB0D3E7} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {442E8BEC-E847-4A4B-A4F8-CD1E288EC389} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-27] (Google Inc.)
Task: {5B1531B4-49E8-4995-A596-F46FF8238E3C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {9B3AA918-EFA8-4585-A8E1-924596E34B7A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3441956485-605021414-3669656422-1000UA => C:\Users\Elad\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-26] (Google Inc.)
Task: {A0F7708E-1D41-4869-BAC1-FBF19AA28D8C} - System32\Tasks\Google Updater and Installer => C:\Users\Elad\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-26] (Google Inc.)
Task: {C28F59C4-9627-4024-A0CB-F629D371BF46} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D0F84F70-4433-483A-A90A-633BEEC6C285} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {FFEB8E28-24CA-42CB-8C28-E430C08DE1FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3441956485-605021414-3669656422-1000Core.job => C:\Users\Elad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3441956485-605021414-3669656422-1000UA.job => C:\Users\Elad\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-01 21:56 - 2015-01-01 21:56 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-01-01 21:56 - 2015-01-01 21:56 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-02-15 11:01 - 2015-02-15 11:01 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021500\algo.dll
2015-01-01 21:56 - 2015-01-01 21:56 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-02-16 00:54 - 2015-02-16 00:54 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021501\algo.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-01 21:56 - 2015-01-01 21:56 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-10 23:00 - 2015-02-10 23:00 - 00750080 _____ () C:\Users\Elad\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-16 00:49 - 2015-02-16 00:49 - 00043008 _____ () c:\users\elad\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzs8lc4.dll
2015-02-10 23:00 - 2015-02-10 23:00 - 00047616 _____ () C:\Users\Elad\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 23:00 - 2015-02-10 23:00 - 00865280 _____ () C:\Users\Elad\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 23:00 - 2015-02-10 23:00 - 00200704 _____ () C:\Users\Elad\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-06 02:43 - 2015-02-04 11:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 02:43 - 2015-02-04 11:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 02:43 - 2015-02-04 11:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-06 02:43 - 2015-02-04 11:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3441956485-605021414-3669656422-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Elad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Elad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup

==================== Accounts: =============================

Administrator (S-1-5-21-3441956485-605021414-3669656422-500 - Administrator - Disabled)
Elad (S-1-5-21-3441956485-605021414-3669656422-1000 - Administrator - Enabled) => C:\Users\Elad
Guest (S-1-5-21-3441956485-605021414-3669656422-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3441956485-605021414-3669656422-1003 - Limited - Enabled)
ילדים (S-1-5-21-3441956485-605021414-3669656422-1001 - Limited - Enabled) => C:\Users\ילדים

==================== Faulty Device Manager Devices =============

Name: Intel(R) Management Engine Interface
Description: Intel(R) Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: HECIx64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 56%
Total physical RAM: 3831.49 MB
Available physical RAM: 1684.12 MB
Total Pagefile: 7661.17 MB
Available Pagefile: 5141.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:248.92 GB) (Free:109.44 GB) NTFS
Drive d: () (Fixed) (Total:1613.99 GB) (Free:92.03 GB) NTFS
Drive f: (אמצעי אחסון חדש) (Fixed) (Total:1863.01 GB) (Free:1275.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 77C36612)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3F5AE66F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=248.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1614 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[chipopo2]

I'm not supposed to press Fix, right?

 

[chipopo2]

This is strange... I posted the first log too but it's not here. There was also a small reply from you and it's gone. Did you delete them?

 

[Broni]

I can see all logs. No worries.

 

[Broni]

In post #36 I asked you to reset/reinstall Chrome.
I'm not sure if you did it or not or you installed something afterwards or visited some bad site but you surely got reinfected with some "istart.webssearches.com".
It tells me you did read carefully my reply #33, especially this:

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

If you're not careful while on your computer we'll be going back and forth until Christmas.

I suggest you read the above very carefully!

===========================================


Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[chipopo2]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Elad at 2015-02-16 01:39:59 Run:1
Running from C:\Users\Elad\Desktop
Loaded Profiles: Elad (Available profiles: Elad & ילדים)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR StartupUrls: Default -> "hxxp://www.google.co.il/", "hxxp://istart.webssearches.com/?type=hp&ts=1399152198&from=tugs&uid=TOSHIBAXDT01ACA200_83R0EPBKSXX83R0EPBKSX", "hxxp://istart.webssearches.com/?type=hppp&ts=1399747179&from=tugs&uid=TOSHIBAXDT01ACA200_83R0EPBKSXX83R0EPBKSX", "hxxp://istart.webssearches.com/?type=hppp&ts=1401360630&from=tugs&uid=TOSHIBAXDT01ACA200_83R0EPBKSXX83R0EPBKSX", "hxxp://istart.webssearches.com/?type=hppp&ts=1401709863&from=tugs&uid=TOSHIBAXDT01ACA200_83R0EPBKSXX83R0EPBKSX", "hxxp://istart.webssearches.com/?type=hppp&ts=1401738428&from=tugs&uid=TOSHIBAXDT01ACA200_83R0EPBKSXX83R0EPBKSX"
C:\Users\Elad\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Elad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzs8lc4.dll
C:\Users\Elad\AppData\Local\Temp\Quarantine.exe
C:\Users\Elad\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-3441956485-605021414-3669656422-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Elad\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3441956485-605021414-3669656422-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Elad\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
C:\Windows\pss\MyPC Backup.lnk.Startup
C:\Users\Elad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
*****************

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Users\Elad\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Elad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzs8lc4.dll => Moved successfully.
C:\Users\Elad\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Elad\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-3441956485-605021414-3669656422-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-3441956485-605021414-3669656422-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
C:\Windows\pss\MyPC Backup.lnk.Startup => Moved successfully.
"C:\Users\Elad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk" => File/Directory not found.

==== End of Fixlog 01:39:59 ====

 

[chipopo2]

Oh, but I did read it all the way through and I'm trying to stick to the rules. Could be that my kids are the ones I should warn and look after.

Looks like you saved me again
Thanks a lot (y)

 

[Broni]

Instead if blaming your kids create limited accounts for them so they can't install anything on your computer.

Good luck and stay safe

 

[chipopo2]

Oops sorry, not quite perfect yet.
Look at how my facebook is displaying.

 

[chipopo2]

You're completely right about the kids.

 

[chipopo2]

And now they're not loading again

 

[chipopo2]

Listen man, It's 2:00 a.m. here so I'm going to hit the sack. Thanks for all the effort. If you don't give up on me I'll be glad to continue tomorrow but will also understand if you want to quit.
Take care

 

[Broni]

Reset Chrome...
Click on "Customize and control Google Chrome":

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

• Close all Chrome windows and tabs.
• Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
• Click Programs and Features.
• Double-click Google Chrome.
• Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.

Install fresh copy.

 

[chipopo2]

Did both, didn't help either.

Called my service provider and upon their advice I connected a laptop to the line. It worked properly so we can rule out that this has something to do with the internet host.

1. very slow loading of pages
2. sometimes need to refresh a few times until loads successfuly
3. sometimes pictures on a web page don't load
4. error message: the page you requested is not available
5. error message: unable to connect to the proxy server

 

[Broni]

I connected a laptop to the line

What does it mean?

 

[chipopo2]

Didn't understand your question.
I'm back where I started. Same problems.

 

[Broni]

I connected a laptop to the line. It worked properly

I don't understand the above.
What worked properly?

 

[chipopo2]

The laptop worked.
Not my desktop pc, the one we're trying to fix.

 

[Broni]

Check IE and Firefox if they have same issue.

 

[chipopo2]

IE is even worse - pages don't load there at all. I just installed Firefox and it seems to have the same problem.

But I thought of something, tell me what you think. Why don't I use the system resore tool? Would it bring me to a point where the problem didn't exist yet?