Jump to content

Unable to remove 1clickmovie downloader

Itay

By Itay
in Resolved Malware Removal Logs

 Share

Recommended Posts

Itay

Itay

Posted
Posted

Hello,

 

I have a problem, i can't remove 1clickmovie downloader. I have tried running malwarebytes and followed the instructions of a guide but it still hasn't removed.
Can you please help me to remove that?

I could really use your help.

 

Thanks in advance!

Itay

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Itay and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites
Itay

Itay

Posted
  • Author
Posted

Hello Borislav

 

Here is my log files:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-04-2014 01
Ran by user67 (administrator) on USER67-PC on 21-04-2014 23:38:45
Running from C:\Users\user67\Desktop
Microsoft Windows 7 Enterprise  (X86) OS Language: 040D
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Giraffic) C:\Program Files\Giraffic\GirafficWatchdog.exe
(Giraffic) C:\Program Files\Giraffic\Giraffic.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alibaba (China) Co., Ltd.) C:\Program Files\TradeManager\AliIM.exe
(Mail.Ru) C:\Users\user67\AppData\Local\MailRu\MailRuUpdater.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(阿里云计算有限公司) C:\Program Files\TradeManager\miser\AliimSafe.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-24] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797008 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [167936 2010-01-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-31] (AVAST Software)
HKU\S-1-5-21-2625312380-2101670457-819080607-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [19604072 2013-06-03] (Skype Technologies S.A.)
HKU\S-1-5-21-2625312380-2101670457-819080607-1000\...\Run: [Facebook Update] => C:\Users\user67\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-26] (Facebook Inc.)
HKU\S-1-5-21-2625312380-2101670457-819080607-1000\...\Run: [aliim] => C:\Program Files\TradeManager\AliIM.exe [293272 2013-08-22] (Alibaba (China) Co., Ltd.)
HKU\S-1-5-21-2625312380-2101670457-819080607-1000\...\Run: [MailRuUpdater] => C:\Users\user67\AppData\Local\MailRu\MailRuUpdater.exe [2069536 2014-04-21] (Mail.Ru)
HKU\S-1-5-21-2625312380-2101670457-819080607-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-2625312380-2101670457-819080607-1000\...\MountPoints2: {a93a4399-dcf8-11e2-8053-001cc03e082c} - F:\LaunchU3.exe -a
Startup: C:\Users\user67\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\מעקב אחר התראות על מפלס דיו נמוך - HP Deskjet 2510 series.lnk
ShortcutTarget: מעקב אחר התראות על מפלס דיו נמוך - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: http=127.0.0.1:8555;https=127.0.0.1:8555
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBD2F2722895CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = he-IL
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.search.us.com/v/2/?guid={79F370B2-F9BA-44CF-82BE-ACB455439D98}&serpv=5
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=openpr3
SearchScopes: HKCU - DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=openpr3
SearchScopes: HKCU - {0737FBB4-C43A-47F6-AD56-B42806268D75} URL = http://search.us.com/serp?guid={79F370B2-F9BA-44CF-82BE-ACB455439D98}&action=default_search&serpv=5&k={searchTerms}
SearchScopes: HKCU - {1D42F24D-3EED-4599-BB8B-C9CCCDF539DB} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10583
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=openpr3
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 
FireFox:
========
FF ProfilePath: C:\Users\user67\AppData\Roaming\Mozilla\Firefox\Profiles\xclojr0e.default
FF DefaultSearchEngine: Поиск@Mail.Ru
FF SelectedSearchEngine: Поиск@Mail.Ru
FF Plugin: @alibaba.com/nptrademanager;version=1.0 - C:\Program Files\TradeManager\nptrademanager.dll ( )
FF Plugin: @alibaba.com/npwangwang;version=1.0 - C:\Program Files\TradeManager\npwangwang.dll ( )
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files\TradeManager\npAliSSOLogin.dll (Alibaba software (Shanghai) Corporation.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\user67\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\user67\AppData\Local\TNT2\2.0.0.1627\npTNT2.dll No File
FF Extension: YoutubeAdblocker - C:\Users\user67\AppData\Roaming\Mozilla\Firefox\Profiles\xclojr0e.default\Extensions\qio@cvoeoi.edu [2014-04-17]
FF Extension: saavee net - C:\Users\user67\AppData\Roaming\Mozilla\Firefox\Profiles\xclojr0e.default\Extensions\s5g@ioy-eyiy.co.uk [2014-04-17]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-07-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-11]
 
Chrome: 
=======
CHR StartupUrls: "https://www.google.co.il/"
CHR DefaultSearchKeyword: google.co.il
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\user67\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-24]
CHR Extension: (כונן Google) - C:\Users\user67\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-24]
CHR Extension: (YouTube) - C:\Users\user67\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-24]
CHR Extension: (McAfee Security Scan+) - C:\Users\user67\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-21]
CHR Extension: (חיפוש Google) - C:\Users\user67\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-24]
CHR Extension: (AdBlock) - C:\Users\user67\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-24]
CHR Extension: (CHNPrice search for aliExpress.com) - C:\Users\user67\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihlaoogegdjakmdbpbilijdghoggkim [2014-01-30]
CHR Extension: (Google Wallet) - C:\Users\user67\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\user67\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-24]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-31]
 
========================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-31] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-03-12] (AVAST Software)
R2 Giraffic; C:\Program Files\Giraffic\GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-03-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-03-31] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-03-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-03-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-03-31] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [67264 2014-03-31] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180760 2014-03-31] ()
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-14] (ELAN Microelectronic Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S1 MpKsl8f892b96; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F738554E-FBB3-4FE4-8ED7-A3ED21B470AA}\MpKsl8f892b96.sys [39464 2014-04-20] ()
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.)
R1 wStLib; C:\Windows\System32\drivers\wStLib.sys [52928 2014-03-19] (StdLib)
S1 aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys [X]
S1 aswNdisFlt; system32\DRIVERS\aswNdisFlt.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-21 23:04 - 2014-04-21 23:04 - 08756952 _____ (Andrei Doubrovski ) C:\Users\user67\Downloads\as_simple_as_photoshop.exe
2014-04-21 23:03 - 2014-04-21 23:03 - 00654304 _____ ( ) C:\Users\user67\Documents\as_simple_as_photoshop_he.exe
2014-04-21 22:59 - 2014-04-21 22:59 - 00680136 _____ ( ) C:\Users\user67\Documents\adobe_photoshop_he.exe
2014-04-21 18:44 - 2014-04-21 18:45 - 00035326 _____ () C:\Users\user67\Desktop\Addition.txt
2014-04-21 18:43 - 2014-04-21 23:39 - 00016782 _____ () C:\Users\user67\Desktop\FRST.txt
2014-04-21 18:43 - 2014-04-21 23:38 - 00000000 ____D () C:\FRST
2014-04-21 18:41 - 2014-04-21 23:37 - 01151488 _____ (Farbar) C:\Users\user67\Desktop\FRST.exe
2014-04-21 17:53 - 2014-04-21 23:07 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 17:53 - 2014-04-21 17:53 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-21 17:53 - 2014-04-21 17:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-21 17:53 - 2014-04-21 17:53 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-21 17:53 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-21 17:53 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-21 17:53 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-21 17:51 - 2014-04-21 17:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\user67\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-21 17:49 - 2014-04-21 17:49 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\user67\Downloads\rkill.com
2014-04-20 22:00 - 2014-04-21 17:12 - 00000000 ____D () C:\Users\user67\AppData\Local\MailRu
2014-04-20 21:58 - 2014-04-20 22:21 - 00000000 ____D () C:\SpyHunter 4.17.6.4336 + Patch
2014-04-20 21:58 - 2014-04-20 21:58 - 00000000 ____D () C:\Users\user67\AppData\Local\Mail.Ru
2014-04-20 21:57 - 2014-04-20 21:57 - 00004394 _____ () C:\Users\user67\Desktop\SpyHunter_4.17.6.4336_+_Patch.torrent
2014-04-20 21:55 - 2014-04-21 17:17 - 00000000 ____D () C:\Users\user67\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-04-20 21:55 - 2014-04-20 21:55 - 00006258 _____ () C:\Users\user67\Desktop\[kickass.to]spyhunter.4.1.11.0.crack.torrent
2014-04-20 18:48 - 2014-04-20 18:48 - 00000000 ____D () C:\dbdbfbb21163bad718ece2b9
2014-04-20 01:49 - 2014-04-20 01:49 - 00000000 ____D () C:\ec68e49a57ca8a84b914f3cf57
2014-04-18 00:57 - 2014-04-18 00:57 - 00000000 ____D () C:\f64224d072732abc91b65af2c09547
2014-04-17 09:39 - 2014-04-17 09:39 - 00000000 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-17 00:36 - 2014-04-17 00:36 - 00000000 ____D () C:\64b3b47209fd4bfd06729fe64e
2014-04-17 00:33 - 2014-04-20 21:55 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-04-17 00:30 - 2014-04-17 00:31 - 00000000 ____D () C:\SpyHunter v4.1.11.0 Software + Crack
2014-04-17 00:27 - 2014-04-21 18:03 - 00000000 ____D () C:\Program Files\SW-Booster
2014-04-17 00:25 - 2014-04-17 00:26 - 00000000 ____D () C:\ProgramData\ef34932db21e7963
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\user67\AppData\Local\Torch
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\user67\AppData\Local\Comodo
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Torch
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\Guest
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\beinah landu\AppData\Local\Torch
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\beinah landu\AppData\Local\Comodo
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\AltNoyLand\AppData\Local\Torch
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\AltNoyLand\AppData\Local\Comodo
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\Administrator
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\ProgramData\saVeE noet
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Program Files\saVeE noet
2014-04-17 00:23 - 2014-04-17 00:23 - 00000000 ____D () C:\ProgramData\InstallMate
2014-04-16 23:44 - 2014-04-16 23:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-04-16 23:43 - 2014-04-21 17:17 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-04-16 23:42 - 2014-04-17 00:33 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-04-14 12:58 - 2014-04-14 12:58 - 00000000 ____D () C:\9de9c358a87ba4c5f214c5807a30
2014-04-13 22:38 - 2014-04-13 22:38 - 00000000 ____D () C:\7cbf5c09297ad9cf2e31318b47
2014-04-13 01:22 - 2014-04-13 01:23 - 00000000 ____D () C:\b368dfd98cbdcf75f8a15156
2014-04-10 17:08 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\AltNoyLand\AppData\Local\Google
2014-04-10 16:21 - 2014-04-10 16:37 - 00000000 ____D () C:\Users\user67\Desktop\ חשבונות
2014-04-10 16:13 - 2014-04-10 17:08 - 00002195 _____ () C:\Users\AltNoyLand\Desktop\Google Chrome.lnk
2014-04-10 16:13 - 2014-04-10 16:13 - 00123552 _____ () C:\Users\AltNoyLand\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-10 16:13 - 2014-04-10 16:13 - 00001365 _____ () C:\Users\AltNoyLand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-10 16:13 - 2014-04-10 16:13 - 00000000 ____D () C:\Users\AltNoyLand\AppData\Roaming\AVAST Software
2014-04-10 16:13 - 2014-04-10 16:13 - 00000000 ____D () C:\Users\AltNoyLand\AppData\Roaming\Adobe
2014-04-10 16:12 - 2014-04-10 16:13 - 00000000 ____D () C:\Users\AltNoyLand
2014-04-10 16:12 - 2014-04-10 16:12 - 00000020 ___SH () C:\Users\AltNoyLand\ntuser.ini
2014-04-10 16:12 - 2014-04-10 16:12 - 00000000 _SHDL () C:\Users\AltNoyLand\תפריט התחלה
2014-04-10 16:12 - 2014-04-10 16:12 - 00000000 _SHDL () C:\Users\AltNoyLand\AppData\Roaming\Microsoft\Windows\Start Menu\תוכניות
2014-04-10 16:12 - 2014-04-10 16:12 - 00000000 ____D () C:\Users\AltNoyLand\AppData\Local\VirtualStore
2014-04-10 16:12 - 2013-06-25 23:26 - 00000000 ____D () C:\Users\AltNoyLand\Documents\Visual Studio 2012
2014-04-10 16:12 - 2013-06-25 00:23 - 00000000 ____D () C:\Users\AltNoyLand\AppData\Local\Microsoft Help
2014-04-10 16:12 - 2009-07-14 07:42 - 00000000 ___RD () C:\Users\AltNoyLand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-10 16:12 - 2009-07-14 07:37 - 00000000 ___RD () C:\Users\AltNoyLand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-10 16:11 - 2014-04-10 16:11 - 00000000 ____D () C:\Users\user67\Desktop\ Personal
2014-04-09 16:45 - 2014-04-09 16:45 - 00000000 ____D () C:\Users\user67\Documents\Personal
2014-04-09 12:12 - 2014-04-09 12:34 - 00000000 ____D () C:\Users\user67\Documents\Personal
2014-04-09 09:57 - 2014-04-09 09:57 - 00000165 ____H () C:\Users\user67\Desktop\Personal
2014-04-08 23:07 - 2014-04-08 23:07 - 00000000 ____D () C:\0482f2185555752d04063c936a
2014-04-08 00:56 - 2014-04-08 00:56 - 00000000 ____D () C:\fa283408c7d72573056b81
2014-04-06 22:35 - 2014-04-06 22:35 - 00000000 ____D () C:\4a2063449ea901ca174d56
2014-04-05 23:20 - 2014-04-05 23:20 - 00000000 ____D () C:\cb8d5c543575deda16cfacd2
2014-04-04 18:46 - 2014-04-04 18:46 - 00000000 ____D () C:\291490daf3e408d9b901
2014-04-03 23:00 - 2014-04-03 23:00 - 00000000 ____D () C:\1c7ca544a56ec2024071552f4f
2014-04-03 21:07 - 2014-04-03 21:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-01 22:30 - 2014-04-01 22:31 - 00000000 ____D () C:\3d8b6aaa86d1f13c34e608138c2c
2014-04-01 16:38 - 2014-04-21 18:04 - 00063350 _____ () C:\Windows\PFRO.log
2014-03-31 23:02 - 2014-03-31 23:03 - 00000000 ____D () C:\05563fa557e3a8efd368923c02a4
2014-03-31 15:18 - 2014-04-03 21:02 - 00000000 ____D () C:\Adobe photoshop CS6 13.0 [Extended x86+x64] (2012) PC
2014-03-31 13:32 - 2014-03-31 13:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-31 00:47 - 2014-03-31 00:47 - 00000000 ____D () C:\9e8edf3ca65c7453be7803b4ce2b2c
2014-03-30 09:30 - 2014-03-30 09:30 - 00000000 ____D () C:\a98e1750b21a05ce833f
2014-03-30 00:13 - 2014-03-30 00:13 - 00000000 ____D () C:\ea3d0a2487e9672d2caccb
2014-03-28 13:32 - 2014-03-28 13:32 - 00000227 _____ () C:\Users\beinah landu\Desktop\ Personal
2014-03-28 12:54 - 2014-03-28 12:54 - 00000000 ____D () C:\Users\beinah landu\AppData\Roaming\Mozilla
2014-03-28 12:54 - 2014-03-28 12:54 - 00000000 ____D () C:\Users\beinah landu\AppData\Local\Mozilla
2014-03-28 09:47 - 2014-04-21 20:01 - 00001960 _____ () C:\Windows\setupact.log
2014-03-28 09:47 - 2014-03-28 09:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-28 00:02 - 2014-03-28 00:02 - 00000000 ____D () C:\aa80ac1bb8869f5c79ae8c
2014-03-26 23:51 - 2014-03-26 23:51 - 00000000 ____D () C:\ce593e543b0756bd0f638080eed4e7
2014-03-25 23:03 - 2014-03-25 23:03 - 00000000 ____D () C:\71197a28b735035a9ff2
2014-03-24 22:52 - 2014-03-24 22:52 - 00000000 ____D () C:\74d734b9a5c7bee269d312e00e
2014-03-24 00:10 - 2014-03-24 00:10 - 00000000 ____D () C:\13e9e438b07eebf102b735fc
2014-03-23 03:17 - 2014-03-23 03:17 - 00000000 ____D () C:\7aa3c0ec2587a673569d23
 
==================== One Month Modified Files and Folders =======
 
2014-04-21 23:39 - 2014-04-21 18:43 - 00016782 _____ () C:\Users\user67\Desktop\FRST.txt
2014-04-21 23:38 - 2014-04-21 18:43 - 00000000 ____D () C:\FRST
2014-04-21 23:37 - 2014-04-21 18:41 - 01151488 _____ (Farbar) C:\Users\user67\Desktop\FRST.exe
2014-04-21 23:32 - 2013-06-27 16:40 - 00000000 ____D () C:\Program Files\Giraffic
2014-04-21 23:32 - 2013-06-24 18:56 - 00000000 ____D () C:\Users\user67\AppData\Roaming\Skype
2014-04-21 23:07 - 2014-04-21 17:53 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 23:07 - 2013-06-24 18:56 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 23:04 - 2014-04-21 23:04 - 08756952 _____ (Andrei Doubrovski ) C:\Users\user67\Downloads\as_simple_as_photoshop.exe
2014-04-21 23:03 - 2014-04-21 23:03 - 00654304 _____ ( ) C:\Users\user67\Documents\as_simple_as_photoshop_he.exe
2014-04-21 22:59 - 2014-04-21 22:59 - 00680136 _____ ( ) C:\Users\user67\Documents\adobe_photoshop_he.exe
2014-04-21 22:59 - 2013-07-04 21:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-21 22:52 - 2013-07-04 11:10 - 00000000 ____D () C:\Users\user67\Documents\1111 Ebay
2014-04-21 21:30 - 2013-07-26 12:25 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2625312380-2101670457-819080607-1000UA.job
2014-04-21 21:25 - 2013-06-24 16:59 - 01989989 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 20:21 - 2014-01-09 10:25 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-04-21 20:21 - 2014-01-09 10:24 - 00000000 ____D () C:\Program Files\TradeManager
2014-04-21 20:21 - 2013-06-24 18:56 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-21 20:08 - 2009-07-14 07:34 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-21 20:08 - 2009-07-14 07:34 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 20:01 - 2014-03-28 09:47 - 00001960 _____ () C:\Windows\setupact.log
2014-04-21 20:01 - 2013-06-27 16:40 - 00000000 ____D () C:\ProgramData\Giraffic
2014-04-21 20:01 - 2013-06-24 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-21 20:01 - 2009-07-14 07:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-21 18:45 - 2014-04-21 18:44 - 00035326 _____ () C:\Users\user67\Desktop\Addition.txt
2014-04-21 18:28 - 2013-09-12 11:21 - 00000000 ____D () C:\Users\user67\AppData\Roaming\uTorrent
2014-04-21 18:04 - 2014-04-01 16:38 - 00063350 _____ () C:\Windows\PFRO.log
2014-04-21 18:04 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\Vss
2014-04-21 18:03 - 2014-04-17 00:27 - 00000000 ____D () C:\Program Files\SW-Booster
2014-04-21 17:53 - 2014-04-21 17:53 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-21 17:53 - 2014-04-21 17:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-21 17:53 - 2014-04-21 17:53 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-21 17:52 - 2014-04-21 17:51 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\user67\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-21 17:49 - 2014-04-21 17:49 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\user67\Downloads\rkill.com
2014-04-21 17:17 - 2014-04-20 21:55 - 00000000 ____D () C:\Users\user67\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-04-21 17:17 - 2014-04-16 23:43 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-04-21 17:12 - 2014-04-20 22:00 - 00000000 ____D () C:\Users\user67\AppData\Local\MailRu
2014-04-20 22:21 - 2014-04-20 21:58 - 00000000 ____D () C:\SpyHunter 4.17.6.4336 + Patch
2014-04-20 22:04 - 2013-12-05 14:01 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-20 21:58 - 2014-04-20 21:58 - 00000000 ____D () C:\Users\user67\AppData\Local\Mail.Ru
2014-04-20 21:57 - 2014-04-20 21:57 - 00004394 _____ () C:\Users\user67\Desktop\SpyHunter_4.17.6.4336_+_Patch.torrent
2014-04-20 21:55 - 2014-04-20 21:55 - 00006258 _____ () C:\Users\user67\Desktop\[kickass.to]spyhunter.4.1.11.0.crack.torrent
2014-04-20 21:55 - 2014-04-17 00:33 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-04-20 20:05 - 2014-01-30 10:27 - 00046126 _____ () C:\Users\user67\Desktop\Personal
2014-04-20 18:48 - 2014-04-20 18:48 - 00000000 ____D () C:\dbdbfbb21163bad718ece2b9
2014-04-20 14:08 - 2013-09-12 11:51 - 00356864 _____ () C:\Users\user67\Desktop\Minecraft.exe
2014-04-20 12:30 - 2013-07-26 12:25 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2625312380-2101670457-819080607-1000Core.job
2014-04-20 01:49 - 2014-04-20 01:49 - 00000000 ____D () C:\ec68e49a57ca8a84b914f3cf57
2014-04-20 01:38 - 2014-03-10 12:52 - 00000000 ____D () C:\Users\beinah landu\AppData\Roaming\Skype
2014-04-18 00:57 - 2014-04-18 00:57 - 00000000 ____D () C:\f64224d072732abc91b65af2c09547
2014-04-17 09:39 - 2014-04-17 09:39 - 00000000 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-17 09:39 - 2013-09-12 11:29 - 00000000 ____D () C:\Program Files\Java
2014-04-17 00:36 - 2014-04-17 00:36 - 00000000 ____D () C:\64b3b47209fd4bfd06729fe64e
2014-04-17 00:33 - 2014-04-16 23:42 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-04-17 00:31 - 2014-04-17 00:30 - 00000000 ____D () C:\SpyHunter v4.1.11.0 Software + Crack
2014-04-17 00:26 - 2014-04-17 00:25 - 00000000 ____D () C:\ProgramData\ef34932db21e7963
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\user67\AppData\Local\Torch
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\user67\AppData\Local\Comodo
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Torch
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\Guest
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\beinah landu\AppData\Local\Torch
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\beinah landu\AppData\Local\Comodo
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\AltNoyLand\AppData\Local\Torch
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\AltNoyLand\AppData\Local\Comodo
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Users\Administrator
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\ProgramData\saVeE noet
2014-04-17 00:25 - 2014-04-17 00:25 - 00000000 ____D () C:\Program Files\saVeE noet
2014-04-17 00:25 - 2014-04-10 17:08 - 00000000 ____D () C:\Users\AltNoyLand\AppData\Local\Google
2014-04-17 00:25 - 2014-03-10 12:51 - 00000000 ____D () C:\Users\beinah landu\AppData\Local\Google
2014-04-17 00:25 - 2013-06-24 21:14 - 00000000 ____D () C:\Users\user67\AppData\Local\Google
2014-04-17 00:23 - 2014-04-17 00:23 - 00000000 ____D () C:\ProgramData\InstallMate
2014-04-16 23:44 - 2014-04-16 23:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-04-14 12:59 - 2013-06-24 18:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-14 12:58 - 2014-04-14 12:58 - 00000000 ____D () C:\9de9c358a87ba4c5f214c5807a30
2014-04-13 22:38 - 2014-04-13 22:38 - 00000000 ____D () C:\7cbf5c09297ad9cf2e31318b47
2014-04-13 16:24 - 2013-06-24 21:32 - 00000000 ____D () C:\Users\user67\Documents\עבודות בית ספר
2014-04-13 01:23 - 2014-04-13 01:22 - 00000000 ____D () C:\b368dfd98cbdcf75f8a15156
2014-04-12 16:42 - 2014-02-12 15:23 - 00000000 ____D () C:\Users\user67\Documents\My WangWang
2014-04-10 17:08 - 2014-04-10 16:13 - 00002195 _____ () C:\Users\AltNoyLand\Desktop\Google Chrome.lnk
2014-04-10 16:37 - 2014-04-10 16:21 - 00000000 ____D () C:\Users\user67\Desktop\ חשבונות
2014-04-10 16:13 - 2014-04-10 16:13 - 00123552 _____ () C:\Users\AltNoyLand\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-10 16:13 - 2014-04-10 16:13 - 00001365 _____ () C:\Users\AltNoyLand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-10 16:13 - 2014-04-10 16:13 - 00000000 ____D () C:\Users\AltNoyLand\AppData\Roaming\AVAST Software
2014-04-10 16:13 - 2014-04-10 16:13 - 00000000 ____D () C:\Users\AltNoyLand\AppData\Roaming\Adobe
2014-04-10 16:13 - 2014-04-10 16:12 - 00000000 ____D () C:\Users\AltNoyLand
2014-04-10 16:12 - 2014-04-10 16:12 - 00000020 ___SH () C:\Users\AltNoyLand\ntuser.ini
2014-04-10 16:12 - 2014-04-10 16:12 - 00000000 _SHDL () C:\Users\AltNoyLand\תפריט התחלה
2014-04-10 16:12 - 2014-04-10 16:12 - 00000000 _SHDL () C:\Users\AltNoyLand\AppData\Roaming\Microsoft\Windows\Start Menu\תוכניות
2014-04-10 16:12 - 2014-04-10 16:12 - 00000000 ____D () C:\Users\AltNoyLand\AppData\Local\VirtualStore
2014-04-10 16:11 - 2014-04-10 16:11 - 00000000 ____D () C:\Users\user67\Desktop\Yacoavi
2014-04-10 00:36 - 2013-08-15 01:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 00:34 - 2013-06-25 00:26 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 16:45 - 2014-04-09 16:45 - 00000000 ____D () C:\Users\user67\Documents\Personal
2014-04-09 12:34 - 2014-04-09 12:12 - 00000000 ____D () C:\Users\user67\Documents\Personal
2014-04-09 09:57 - 2014-04-09 09:57 - 00000165 ____H () C:\Users\user67\Desktop\Personal
2014-04-08 23:07 - 2014-04-08 23:07 - 00000000 ____D () C:\0482f2185555752d04063c936a
2014-04-08 00:56 - 2014-04-08 00:56 - 00000000 ____D () C:\fa283408c7d72573056b81
2014-04-06 22:35 - 2014-04-06 22:35 - 00000000 ____D () C:\4a2063449ea901ca174d56
2014-04-05 23:20 - 2014-04-05 23:20 - 00000000 ____D () C:\cb8d5c543575deda16cfacd2
2014-04-05 20:02 - 2014-01-29 23:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-04 18:46 - 2014-04-04 18:46 - 00000000 ____D () C:\291490daf3e408d9b901
2014-04-03 23:00 - 2014-04-03 23:00 - 00000000 ____D () C:\1c7ca544a56ec2024071552f4f
2014-04-03 21:08 - 2014-04-03 21:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-03 21:02 - 2014-03-31 15:18 - 00000000 ____D () C:\Adobe photoshop CS6 13.0 [Extended x86+x64] (2012) PC
2014-04-03 21:02 - 2013-11-21 21:27 - 00000000 ____D () C:\Users\user67\AppData\Local\Adobe
2014-04-03 12:19 - 2013-06-24 18:53 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-03 12:19 - 2013-06-24 18:49 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-03 09:51 - 2014-04-21 17:53 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-21 17:53 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-21 17:53 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 22:31 - 2014-04-01 22:30 - 00000000 ____D () C:\3d8b6aaa86d1f13c34e608138c2c
2014-03-31 23:03 - 2014-03-31 23:02 - 00000000 ____D () C:\05563fa557e3a8efd368923c02a4
2014-03-31 23:03 - 2009-07-14 05:04 - 00000678 _____ () C:\Windows\win.ini
2014-03-31 13:32 - 2014-03-31 13:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-31 13:32 - 2014-02-11 21:40 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-31 13:32 - 2014-02-11 21:40 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-31 13:32 - 2014-02-11 21:40 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-31 13:32 - 2014-02-11 21:40 - 00180760 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-31 13:32 - 2014-02-11 21:40 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-31 13:32 - 2014-02-11 21:40 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-31 13:32 - 2014-02-11 21:40 - 00067264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-31 13:32 - 2014-02-11 21:40 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-31 00:47 - 2014-03-31 00:47 - 00000000 ____D () C:\9e8edf3ca65c7453be7803b4ce2b2c
2014-03-30 21:09 - 2013-06-24 17:42 - 02619604 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-30 09:30 - 2014-03-30 09:30 - 00000000 ____D () C:\a98e1750b21a05ce833f
2014-03-30 00:13 - 2014-03-30 00:13 - 00000000 ____D () C:\ea3d0a2487e9672d2caccb
2014-03-28 13:32 - 2014-03-28 13:32 - 00000227 _____ () C:\Users\beinah landu\Desktop\Personal
2014-03-28 12:54 - 2014-03-28 12:54 - 00000000 ____D () C:\Users\beinah landu\AppData\Roaming\Mozilla
2014-03-28 12:54 - 2014-03-28 12:54 - 00000000 ____D () C:\Users\beinah landu\AppData\Local\Mozilla
2014-03-28 09:47 - 2014-03-28 09:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-28 00:02 - 2014-03-28 00:02 - 00000000 ____D () C:\aa80ac1bb8869f5c79ae8c
2014-03-27 20:02 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-26 23:51 - 2014-03-26 23:51 - 00000000 ____D () C:\ce593e543b0756bd0f638080eed4e7
2014-03-25 23:03 - 2014-03-25 23:03 - 00000000 ____D () C:\71197a28b735035a9ff2
2014-03-25 22:25 - 2014-03-16 18:59 - 00000000 ____D () C:\Users\beinah landu\Documents\1 pcs
2014-03-24 22:52 - 2014-03-24 22:52 - 00000000 ____D () C:\74d734b9a5c7bee269d312e00e
2014-03-24 00:10 - 2014-03-24 00:10 - 00000000 ____D () C:\13e9e438b07eebf102b735fc
2014-03-23 11:41 - 2013-11-24 19:14 - 00000000 ____D () C:\Users\user67\Documents\A information needed
2014-03-23 03:17 - 2014-03-23 03:17 - 00000000 ____D () C:\7aa3c0ec2587a673569d23
 
Files to move or delete:
====================
C:\Users\user67\avast_free_antivirus_setup.exe
C:\Users\user67\HSS-3.32-install-e-550-plain.exe
 
 
Some content of TEMP:
====================
C:\Users\user67\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\user67\AppData\Local\Temp\MailRuUpdater.exe
C:\Users\user67\AppData\Local\Temp\SHSetup.exe
C:\Users\user67\AppData\Local\Temp\TsuDCE018D2.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-20 14:28
 
==================== End Of Log ====================
 
 
 
 
 
 
 
Additonal:
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-04-2014 01
Ran by user67 at 2014-04-21 23:39:24
Running from C:\Users\user67\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2016 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Data Access Objects (DAO) 3.5 (HKLM\...\Data Access Objects (DAO) 3.5) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
EarMaster School 5 (HKLM\...\EarMaster School 5_is1) (Version: 5.0 - EarMaster ApS)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
ETDWare PS/2-x86 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Foxit Reader (HKLM\...\{D60F533D-0CBF-475F-8300-8B13799775D0}) (Version: 4.3.1.218 - Foxit Corporation)
Giraffic Video Accelerator (HKLM\...\Giraffic) (Version: 0.86.412.230 - Giraffic)
GIRDAC PDF to Word Converter Pro Trial (HKLM\...\GIRDAC PDF to Word Converter Pro) (Version: 8.1.1.7 - GIRDAC InfoTechnologies)
Google Chrome (HKLM\...\{54DF35BD-4A36-35DA-B029-A0C083C88614}) (Version: 10.2.34950 - Google, Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
HP Deskjet 2510 series Setup Guide (HKLM\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series עזרה (HKLM\...\{581A94AF-813C-4C58-8E7A-1ACC173DD564}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 6.7.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.7.0 - )
Malwarebytes Anti-Malware גירסה 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.0 (HKLM\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.0 (HKLM\...\{00F93853-D9D3-4795-A89E-84CCBA0205C9}) (Version: 8.0.225.0 - Microsoft)
Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop (Version: 2.0.30717.9005 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Hebrew) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Hebrew) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Hebrew) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Hebrew) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Arabic) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Hebrew) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Russian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Hebrew) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Hebrew) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Hebrew) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Hebrew) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{D9DA2981-3298-4F1A-9192-F2CF5BD91145}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{79B49428-E9B0-4479-A0FA-3EFF8AFA9F07}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{CD920828-2B95-49A4-8BFD-1D34BCBF5A27}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Core Libraries (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86-x64 Compilers (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Preparation (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) Resources (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU (Version: 4.0.8876.1 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2012 for Windows Desktop (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources (Version: 11.0.50727 - Microsoft Corporation) Hidden
Minecraft1.4.7 (HKLM\...\Minecraft1.4.7) (Version:  - )
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2018 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA מנהל ההתקן עבור ‎3D Vision 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.18 - NVIDIA Corporation)
NVIDIA מנהל ההתקן של בקר ‎3D Vision 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.18 - NVIDIA Corporation)
NVIDIA מנהל התקן עבור נתונים גרפיים 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.18 - NVIDIA Corporation)
NVIDIA תכנת PhysX מערכת 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
Photo Stamp Remover 5.5 (HKLM\...\Photo Stamp Remover_is1) (Version: 5.5 - SoftOrbits)
Prerequisites for SSDT  (HKLM\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6316 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.5 (HKLM\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.5.158 - Skype Technologies S.A.)
SoftOrbits Photo Retoucher 1.3 (HKLM\...\SoftOrbits Photo Retoucher_is1) (Version: 1.3 - SoftOrbits)
SW-Sustainer 1.80 (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c67abfdb}) (Version:  - Certified Publisher)
TradeManager 2013 Beta2 (HKLM\...\TradeManager) (Version:  - Alibaba (China) Network Technology Co., Ltd.)
uMark 4 (HKLM\...\{F5F26E02-77A1-4CDF-8651-DF514071D88A}) (Version: 4.0 - Uconomix)
Update for  (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-0419-0000-0000000FF1CE}_Office14.STANDARD_{E61D2005-D8F8-4C83-A08E-7E43C1D8588B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-040D-0000-0000000FF1CE}_Office14.STANDARD_{0C2F1EBB-1F4D-49B5-AD10-F27181F4C6FB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-040D-0000-0000000FF1CE}_Office14.STANDARD_{50B8128B-D2EA-4B8E-9B39-AB61C583F0F3}) (Version:  - Microsoft)
Update for Microsoft Visual Studio 2012 (KB2781514) (HKLM\...\{56ef8912-352f-4fab-9c73-6f1c92a7127f}) (Version: 11.0.51219 - Microsoft Corporation)
WinDjView 1.0.3 (HKLM\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
Windows Software Development Kit (Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps (Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (Version: 8.59.25584 - Microsoft Corporation) Hidden
WinRAR 5.00 (32-סיביות) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
לוח הבקרה של NVIDIA 320.18 (Version: 320.18 - NVIDIA Corporation) Hidden
מחקר לשיפור המוצרים של HP Deskjet 2510 series (HKLM\...\{5EA48586-BD60-474F-8FEE-21896AE5B037}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
עדכוני NVIDIA 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
עולם של אנרגיה 9.0 (HKLM\...\עולם_של_אנרגיה_6.0) (Version:  - )
תוכנת התקן בסיסי מסוג ‎HP Deskjet 2510 series (HKLM\...\{B5B82F60-2D2E-4491-889B-BF3DA9BBE203}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
 
==================== Restore Points  =========================
 
17-04-2014 11:18:11 Removed SpyHunter
17-04-2014 21:56:42 Windows Update
18-04-2014 07:38:52 Removed SpyHunter
18-04-2014 07:44:38 Installed SpyHunter
18-04-2014 07:51:24 Installed SpyHunter
19-04-2014 17:16:44 Windows Update
19-04-2014 22:48:02 Windows Update
20-04-2014 15:48:01 Windows Update
20-04-2014 17:06:23 Windows Update
20-04-2014 18:48:50 Installed SpyHunter
20-04-2014 19:15:42 Removed SpyHunter
20-04-2014 19:22:14 Installed SpyHunter
21-04-2014 11:31:32 Windows Update
21-04-2014 14:15:17 Removed SpyHunter
21-04-2014 14:41:22 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 05:04 - 2009-06-11 00:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {22C6E888-B7F8-4F70-9BCC-07E5C2196E4C} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {259DC73D-C163-441E-A5FB-D9C583100EDF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-24] (Google Inc.)
Task: {325ACB4A-DB2B-452A-A8EA-191B4C8F27C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-24] (Google Inc.)
Task: {367937D1-9877-44E6-ABC7-22821898C089} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {6B9644EC-1E37-4988-832D-83D1760E6FF1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2625312380-2101670457-819080607-1000UA => C:\Users\user67\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-26] (Facebook Inc.)
Task: {C0E3C6AF-9685-46CA-BB1E-96FD817B9F3F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2625312380-2101670457-819080607-1000Core => C:\Users\user67\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-26] (Facebook Inc.)
Task: {C50B0333-3C2F-4130-A0C3-240D789E4147} - System32\Tasks\1ClickMovieDownloader V6-chromeinstaller => C:\Program Files\1ClickMovieDownloader V6\1ClickMovieDownloader V6-chromeinstaller.exe
Task: {D36180F2-12E6-419A-9929-0D8457CA5729} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {D6171C14-550E-4B30-BCB0-D795578863D4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-31] (AVAST Software)
Task: {FA98397B-3D64-4EA0-A13F-D2C8E4B3EB45} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2625312380-2101670457-819080607-1000Core.job => C:\Users\user67\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2625312380-2101670457-819080607-1000UA.job => C:\Users\user67\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-06-24 18:10 - 2013-05-12 22:58 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-04-21 14:29 - 2014-04-21 14:29 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14042100\algo.dll
2014-02-11 21:39 - 2014-02-11 21:39 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-12-12 07:40 - 2012-12-12 07:40 - 00037488 _____ () C:\Program Files\TradeManager\rv2log.dll
2012-12-12 07:40 - 2012-12-12 07:40 - 00321648 _____ () C:\Program Files\TradeManager\rv2core.dll
2012-11-23 09:11 - 2012-11-23 09:11 - 00279584 _____ () C:\Program Files\TradeManager\pcre.dll
2012-11-22 12:04 - 2012-11-22 12:04 - 01554888 _____ () C:\Program Files\TradeManager\LIBEAY32.dll
2013-03-27 07:17 - 2013-03-27 07:17 - 00367120 _____ () C:\Program Files\TradeManager\rv2archive.dll
2012-11-22 12:00 - 2012-11-22 12:00 - 00322376 _____ () C:\Windows\system32\aliedit\aliedit.dll
2013-01-14 15:17 - 2013-01-14 15:17 - 00456208 _____ () C:\Program Files\TradeManager\uacagent.dll
2012-11-22 12:04 - 2012-11-22 12:04 - 00072192 _____ () C:\Program Files\TradeManager\zlibwapi.dll
2013-01-14 15:18 - 2013-01-14 15:18 - 00577040 _____ () C:\Program Files\TradeManager\unifiedconfig.dll
2014-04-11 00:12 - 2014-04-02 04:57 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-11 00:12 - 2014-04-02 04:57 - 00674632 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-11 00:12 - 2014-04-02 04:57 - 00093000 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\libegl.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-04-11 00:12 - 2014-04-02 04:57 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-11 00:12 - 2014-04-02 04:58 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-11 00:12 - 2014-04-02 04:57 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (לוחות מקשים סטנדרטיים)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: MpKsl8f892b96
Description: MpKsl8f892b96
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl8f892b96
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Avast! Firewall Driver
Description: Avast! Firewall Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswNdisFlt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Alps Pointing-device for VAIO
Description: Alps Pointing-device for VAIO
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Alps Electric
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/21/2014 08:18:38 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (04/21/2014 06:19:48 PM) (Source: Application Hang) (User: )
Description: ‏‏התוכנית firefox.exe בגירסה 28.0.0.5186 הפסיקה לקיים אינטראקציה עם Windows ונסגרה. כדי לגלות אם יש מידע זמין נוסף אודות הבעיה, בדוק את היסטוריית הבעיה בלוח הבקרה של מרכז הפעולות.
 
מזהה תהליך: 11e0
 
זמן התחלה: 01cf5d75005f7f01
 
זמן סיום: 431
 
נתיב יישום: C:\Program Files\Mozilla Firefox\firefox.exe
 
מזהה דוח: 58ef53ca-c968-11e3-9e59-001cc03e082c
 
Error: (04/21/2014 05:14:52 PM) (Source: Application Hang) (User: )
Description: ‏‏התוכנית Spyhunter4.exe בגירסה 4.17.6.4336 הפסיקה לקיים אינטראקציה עם Windows ונסגרה. כדי לגלות אם יש מידע זמין נוסף אודות הבעיה, בדוק את היסטוריית הבעיה בלוח הבקרה של מרכז הפעולות.
 
מזהה תהליך: 8c0
 
זמן התחלה: 01cf5d6b87dccfeb
 
זמן סיום: 16
 
נתיב יישום: C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
 
מזהה דוח: 4845f5d5-c95f-11e3-9f99-001cc03e082c
 
Error: (04/20/2014 02:28:42 PM) (Source: SideBySide) (User: )
Description: ‏‏יצירת הקשר הפעלה נכשלה עבור ''Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1''.
לא היתה אפשרות למצוא את ההרכבה התלויה Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
נא השתמש ב- sxstrace.exe לצורך אבחון מפורט.
 
Error: (04/20/2014 11:26:05 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (04/20/2014 01:46:29 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{C200C42F-EF7C-47E8-B576-7FE9CFA355B6}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}Explorer
 
Error: (04/19/2014 08:54:51 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (04/18/2014 07:21:43 PM) (Source: SideBySide) (User: )
Description: ‏‏יצירת הקשר הפעלה נכשלה עבור ''Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1''.
לא היתה אפשרות למצוא את ההרכבה התלויה Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
נא השתמש ב- sxstrace.exe לצורך אבחון מפורט.
 
Error: (04/18/2014 04:29:34 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108
 
Error: (04/18/2014 03:29:38 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
 
System errors:
=============
Error: (04/21/2014 08:01:40 PM) (Source: Service Control Manager) (User: )
Description: ‏‏טעינת מנהלי ההתקנים הבאים מסוג הפעלת-אתחול או הפעלת-מערכת נכשלה: 
aswKbd
aswNdisFlt
 
Error: (04/21/2014 08:01:31 PM) (Source: Service Control Manager) (User: )
Description: ‏‏שירות ה- IP Helper הפסיק עם השגיאה הבאה: 
%%126
 
Error: (04/21/2014 08:01:20 PM) (Source: Service Control Manager) (User: )
Description: ‏‏הפעלת השירות avast! Firewall נכשלה בשל השגיאה הבאה: 
%%1053
 
Error: (04/21/2014 08:01:20 PM) (Source: Service Control Manager) (User: )
Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לחיבור של שירות avast! Firewall.
 
Error: (04/21/2014 08:01:15 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 18:47:21 on ‎21/‎04/‎2014 was unexpected.
 
Error: (04/21/2014 06:23:04 PM) (Source: Disk) (User: )
Description: ‏‏בהתקן \Device\Harddisk0\DR0 נמצא בלוק פגום.
 
Error: (04/21/2014 06:23:00 PM) (Source: Disk) (User: )
Description: ‏‏בהתקן \Device\Harddisk0\DR0 נמצא בלוק פגום.
 
Error: (04/21/2014 06:18:15 PM) (Source: Disk) (User: )
Description: ‏‏בהתקן \Device\Harddisk0\DR0 נמצא בלוק פגום.
 
Error: (04/21/2014 06:18:12 PM) (Source: Disk) (User: )
Description: ‏‏בהתקן \Device\Harddisk0\DR0 נמצא בלוק פגום.
 
Error: (04/21/2014 06:05:04 PM) (Source: Service Control Manager) (User: )
Description: ‏‏טעינת מנהלי ההתקנים הבאים מסוג הפעלת-אתחול או הפעלת-מערכת נכשלה: 
aswKbd
aswNdisFlt
 
 
Microsoft Office Sessions:
=========================
Error: (04/21/2014 08:18:38 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (04/21/2014 06:19:48 PM) (Source: Application Hang)(User: )
Description: firefox.exe28.0.0.518611e001cf5d75005f7f01431C:\Program Files\Mozilla Firefox\firefox.exe58ef53ca-c968-11e3-9e59-001cc03e082c
 
Error: (04/21/2014 05:14:52 PM) (Source: Application Hang)(User: )
Description: Spyhunter4.exe4.17.6.43368c001cf5d6b87dccfeb16C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe4845f5d5-c95f-11e3-9f99-001cc03e082c
 
Error: (04/20/2014 02:28:42 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 2510 series\DriverStore\Pipeline\amd64\hpinkinsAC11.exe
 
Error: (04/20/2014 11:26:05 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (04/20/2014 01:46:29 AM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{C200C42F-EF7C-47E8-B576-7FE9CFA355B6}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}Explorer
 
Error: (04/19/2014 08:54:51 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (04/18/2014 07:21:43 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 2510 series\DriverStore\Pipeline\amd64\hpinkinsAC11.exe
 
Error: (04/18/2014 04:29:34 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108
 
Error: (04/18/2014 03:29:38 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 68%
Total physical RAM: 3068.71 MB
Available physical RAM: 978.43 MB
Total Pagefile: 6135.71 MB
Available Pagefile: 3260.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.68 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:298.09 GB) (Free:68.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B965B965)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End Of Log ====================
 
Link to post
Share on other sites
Itay

Itay

Posted
  • Author
Posted

Hello Itay and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

 

Hi Borislav,

Waiting for you reply.

Thanks you!

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

I notice that you are using more than one antivirus program.

  • avast! Antivirus
  • Microsoft Security Essentials
  • This is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. Please uninstall one of them. When you are ready, please reboot your system.

    Step 2

    • Launch Malwarebytes' Anti-Malware
    • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
    • Go to Scanner tab and select Threat Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
Link to post
Share on other sites
Itay

Itay

Posted
  • Author
Posted
Hi, I have unistalled MSE and also McAfee.

 

Here is the results of the Scan:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 29/04/2014

Scan Time: 20:46:15

Logfile: 

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.04.29.05

Rootkit Database: v2014.03.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled

 

OS: Windows 7

CPU: x86

File System: NTFS

User: user67

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 335834

Time Elapsed: 10 min, 17 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites
Itay

Itay

Posted
  • Author
Posted

I ran Junkware removal tool log twice.

First without running as administrator and the second when running as administrator.

 

 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Enterprise x86
Ran by user67 on Tue 04/29/2014 at 21:18:39.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "C:\ProgramData\application data\boost_interprocess"
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\user67\AppData\Roaming\mozilla\firefox\profiles\xclojr0e.default\prefs.js
 
user_pref("extensions.JvV1Y0aDTR7.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"immediate-suppor
user_pref("extensions.ojgS4DScIv.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"immediate-support
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/29/2014 at 21:21:44.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
AdwCleaner log:
 
 
 
 
# AdwCleaner v3.205 - Report created 29/04/2014 at 21:27:55
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Enterprise  (32 bits)
# Username : user67 - USER67-PC
# Running from : C:\Users\user67\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\SW-Booster
Folder Deleted : C:\Program Files\saVeE noet
Folder Deleted : C:\Windows\system32\hotspot shield
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\AltNoyLand\AppData\Local\torch
Folder Deleted : C:\Users\beinah landu\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\torch
Folder Deleted : C:\Users\user67\AppData\Local\Mail.Ru
Folder Deleted : C:\Users\user67\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com
Folder Deleted : C:\Users\user67\AppData\Roaming\Mozilla\Firefox\Profiles\xclojr0e.default\Extensions\qio@cvoeoi.edu
Folder Deleted : C:\Users\user67\AppData\Roaming\Mozilla\Firefox\Profiles\xclojr0e.default\Extensions\s5g@ioy-eyiy.co.uk
Folder Deleted : C:\Users\AltNoyLand\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Folder Deleted : C:\Users\beinah landu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmhbpboffoemnfbiaeijbhbgddemmnjh
Folder Deleted : C:\Users\AltNoyLand\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmhbpboffoemnfbiaeijbhbgddemmnjh
Folder Deleted : C:\Users\beinah landu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmhbpboffoemnfbiaeijbhbgddemmnjh
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmhbpboffoemnfbiaeijbhbgddemmnjh
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmhbpboffoemnfbiaeijbhbgddemmnjh
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\opiancechogjiigdnobfddacfedhbmgb
Folder Deleted : C:\Users\AltNoyLand\AppData\Local\Google\Chrome\User Data\Default\Extensions\opiancechogjiigdnobfddacfedhbmgb
Folder Deleted : C:\Users\beinah landu\AppData\Local\Google\Chrome\User Data\Default\Extensions\opiancechogjiigdnobfddacfedhbmgb
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\opiancechogjiigdnobfddacfedhbmgb
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\opiancechogjiigdnobfddacfedhbmgb
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c67abfdb}
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [MailRuUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16490
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\beinah landu\AppData\Roaming\Mozilla\Firefox\Profiles\w1li3bit.default\prefs.js ]
 
 
[ File : C:\Users\user67\AppData\Roaming\Mozilla\Firefox\Profiles\xclojr0e.default\prefs.js ]
 
Line Deleted : user_pref("extensions.JvV1Y0aDTR7.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf([...]
Line Deleted : user_pref("extensions.ojgS4DScIv.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\[...]
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\AltNoyLand\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : opiancechogjiigdnobfddacfedhbmgb
Deleted [Extension] : gmhbpboffoemnfbiaeijbhbgddemmnjh
 
[ File : C:\Users\beinah landu\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : gmhbpboffoemnfbiaeijbhbgddemmnjh
Deleted [Extension] : opiancechogjiigdnobfddacfedhbmgb
 
[ File : C:\Users\user67\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5107 octets] - [29/04/2014 21:23:22]
AdwCleaner[s0].txt - [5035 octets] - [29/04/2014 21:27:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5095 octets] ##########
Link to post
Share on other sites
  • 1 month later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.