Itayyy Posted January 9, 2016 ID:1011575 Share Posted January 9, 2016 found ive got that program on my pc , searched in google and its apprently a Keylogger or a virus or something bad I wanted to remove it but i cant find the folder "IXP000.TMP" Its sitting on ... any help would be appreciated on what is this program and how to remove it tyy Link to post Share on other sites More sharing options...
Itayyy Posted January 9, 2016 Author ID:1011578 Share Posted January 9, 2016 ??????? Link to post Share on other sites More sharing options...
kevinf80 Posted January 9, 2016 ID:1011579 Share Posted January 9, 2016 Hello and welcome to Malwarebytes,Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Next, Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. With some infections, you may or may not see this message box. 'Could not load DDA driver' Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more.To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…If Malwarebytes is not installed follow these instructions first:Download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-Malware A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program. Click Finish. Follow the instructions above.... Next, Download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach those logs to your reply. Let me see those logs please... Thank you, Kevin Link to post Share on other sites More sharing options...
Itayyy Posted January 9, 2016 Author ID:1011633 Share Posted January 9, 2016 Hello and welcome to Malwarebytes,Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol.... Next, Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as MalwareClick on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.A Threat Scan will begin.With some infections, you may or may not see this message box. 'Could not load DDA driver'Click 'Yes' to this message, to allow the driver to load after a restart.Allow the computer to restart. Continue with the rest of these instructions.When the scan is complete, click Apply Actions.Wait for the prompt to restart the computer to appear, then click on Yes.After the restart once you are back at your desktop, open MBAM once more.To get the log from Malwarebytes do the following:Click on the History tab > Application Logs.Double click on the scan log which shows the Date and time of the scan just performed.Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to replyPlease use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…If Malwarebytes is not installed follow these instructions first:Download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup and follow the prompts to install the program.At the end, be sure a checkmark is placed next to the following:Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.Click Finish. Follow the instructions above.... Next, Download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)Make sure Addition.txt is checkmarked under "Optional scans"Press Scan button to run the tool....It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The tool will also make a log named (Addition.txt) Please attach those logs to your reply. Let me see those logs please... Thank you, KevinMalwarebytes Anti-Malwarewww.malwarebytes.org תאריך סריקה: 09/01/2016זמן סריקה: 14:24יומן: מנהל: כן גרסה: 2.2.0.1024תוכנות זדוניות מסד נתונים: v2016.01.09.02Rootkit מסד נתונים: v2016.01.05.01רישיון: משפטהגנה מפני תוכנות זדוניות: פעילהגנה מפני אתרים זדוניים: פעילמיגון: בעלי מוגבלויות מערכת הפעלה: Windows 7 Service Pack 1מעבד: x64מערכת קבצים: NTFSמשתמש: Itay סוג הסריקה: סריקת איומיםתוצאות: הושלםאובייקטים שנסרקו: 381067זמן שחלף: 2 שעות, 9 דקות, 25שניות זיכרון: פעילרשומת אתחול: פעילמערכת הקבצים: פעילארכיונים: פעילרוטקיט: פעילהיוריסטיקה: פעילPUP: פעילPUM: פעיל תהליכים: 0(לא זוהו פריטים זדוני) רכיבים: 0(לא זוהו פריטים זדוני) מפתחות עורך הרישום: 1Backdoor.DarkComet.Trace, HKU\S-1-5-21-3941593106-3924251866-3501638744-1000\SOFTWARE\DC3_FEXEC, בהסגר, [078f34031a7fce6871e03fa9c93ac739], ערכי עורך הרישום: 0(לא זוהו פריטים זדוני) מידע של עורך הרישום: 0(לא זוהו פריטים זדוני) תיקיות: 1Trojan.StolenData, C:\Users\Itay\AppData\Roaming\dclogs, בהסגר, [682e0631732696a07e8bb24ee81c0cf4], קבצים: 3HackTool.Agent, C:\Users\Itay\Downloads\Windows_7_Loader_v_2.1.8.rar, בהסגר, [3066dd5afe9b3bfb9c9e859fac558080], Trojan.StolenData, C:\Users\Itay\AppData\Roaming\dclogs\2015-08-28-6.dc, בהסגר, [682e0631732696a07e8bb24ee81c0cf4], Trojan.StolenData, C:\Users\Itay\AppData\Roaming\dclogs\2015-08-29-7.dc, בהסגר, [682e0631732696a07e8bb24ee81c0cf4], הסקטורים הפיזיים: 0(לא זוהו פריטים זדוני) (end)fakkk sorry its in hebrew but ill sum it up for u . I did the scam and found 5 viruses :1) Backdoor.DarkComet.Trace2) Trojen.Stolendata3) HackTool.Agent4) Torjan.StolenData5)Torjan.StolenDataSo after the scan it offered me to remove them and i did that , whats next?If u need me to translate something just tell me Link to post Share on other sites More sharing options...
kevinf80 Posted January 9, 2016 ID:1011651 Share Posted January 9, 2016 I wanted the logs from FRST, if they too are in Hebrew then we have a problem... Link to post Share on other sites More sharing options...
Itayyy Posted January 9, 2016 Author ID:1011659 Share Posted January 9, 2016 I wanted the logs from FRST, if they too are in Hebrew then we have a problem... GOT THE FILES WOOHOO !Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015Ran by Itay (administrator) on ITAY-PC (09-01-2016 20:03:23)Running from C:\Users\Itay\DownloadsLoaded Profiles: Itay (Available Profiles: Itay & DefaultAppPool)Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: עברית (ישראל)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-16] (NVIDIA Corporation)HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-12-19] (Realtek Semiconductor)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [591512 2015-11-19] (Razer Inc.)HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-3941593106-3924251866-3501638744-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)HKU\S-1-5-21-3941593106-3924251866-3501638744-1000\...\Run: [GoogleChromeAutoLaunch_08BBA831A3456B4933DA4A85E02CE15B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175368 2015-12-16] (NVIDIA Corporation)AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153392 2015-12-16] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138Tcpip\..\Interfaces\{C93D7107-2F32-4313-879E-28368414EEC7}: [DhcpNameServer] 10.0.0.138 Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONBHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) Chrome: =======CHR Profile: C:\Users\Itay\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google מצגות) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-27]CHR Extension: (Google Docs) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-27]CHR Extension: (כונן Google) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]CHR Extension: (YouTube) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]CHR Extension: (Steam inventory helper) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-01-02]CHR Extension: (חיפוש Google) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]CHR Extension: (Google Sheets) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-27]CHR Extension: (LoungeDestroyer) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2015-12-26]CHR Extension: (Google Docs Offline) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-14]CHR Extension: (AdBlock) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-08]CHR Extension: (Chrome Web Store Payments) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-27]CHR Extension: (Gmail) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-27] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-12-19] (Realtek Semiconductor)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-19] (REALiX)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-09] (Malwarebytes)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-10-03] (NVIDIA Corporation)R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)S3 S6000KNT; System32\Drivers\S6000KNT.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-09 20:03 - 2016-01-09 20:03 - 00012274 _____ C:\Users\Itay\Downloads\FRST.txt2016-01-09 20:02 - 2016-01-09 20:03 - 00000000 ____D C:\FRST2016-01-09 20:02 - 2016-01-09 20:02 - 02370560 _____ (Farbar) C:\Users\Itay\Downloads\FRST64.exe2016-01-09 14:22 - 2016-01-09 17:50 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2016-01-09 14:22 - 2016-01-09 14:22 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2016-01-09 14:22 - 2016-01-09 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2016-01-09 14:22 - 2016-01-09 14:22 - 00000000 ____D C:\ProgramData\Malwarebytes2016-01-09 14:22 - 2016-01-09 14:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2016-01-09 14:22 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys2016-01-09 14:22 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2016-01-09 14:22 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys2016-01-09 14:21 - 2016-01-09 14:21 - 22908888 _____ (Malwarebytes ) C:\Users\Itay\Downloads\mbam-setup-2.2.0.1024 (1).exe2016-01-09 12:07 - 2016-01-09 12:07 - 00000884 _____ C:\Users\Itay\Downloads\Node.cs2016-01-09 11:38 - 2016-01-09 11:38 - 22908888 _____ (Malwarebytes ) C:\Users\Itay\Downloads\mbam-setup-2.2.0.1024.exe2016-01-08 22:44 - 2016-01-08 22:44 - 00546199 _____ C:\Users\Itay\Downloads\Unpark-CPU-App (1).zip2016-01-06 19:30 - 2016-01-06 19:30 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini2016-01-06 19:30 - 2016-01-06 19:30 - 00000000 _SHDL C:\Users\DefaultAppPool\תפריט התחלה2016-01-06 19:30 - 2016-01-06 19:30 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents2016-01-06 19:30 - 2016-01-06 19:30 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos2016-01-06 19:30 - 2016-01-06 19:30 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures2016-01-06 19:30 - 2016-01-06 19:30 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music2016-01-06 19:30 - 2016-01-06 19:30 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\תוכניות2016-01-06 19:30 - 2016-01-06 19:30 - 00000000 ____D C:\Users\DefaultAppPool2016-01-06 19:30 - 2015-10-26 22:57 - 00000000 ____D C:\Users\DefaultAppPool\Documents\Visual Studio 20102016-01-06 19:30 - 2015-10-02 02:07 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help2016-01-06 19:30 - 2009-07-14 11:54 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs2016-01-02 21:55 - 2016-01-02 21:55 - 00173371 _____ C:\Users\Itay\Downloads\images (3).zip2016-01-02 20:25 - 2016-01-02 20:25 - 00773632 _____ C:\Users\Itay\Downloads\chap7-Collections-CSharp-PPT.ppt2015-12-31 20:24 - 2015-12-31 20:24 - 00001794 _____ C:\Users\Public\Desktop\CCleaner.lnk2015-12-31 20:24 - 2015-12-31 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2015-12-31 20:24 - 2015-12-31 20:24 - 00000000 ____D C:\Program Files\CCleaner2015-12-31 20:23 - 2015-12-31 20:23 - 07925316 _____ C:\Users\Itay\Downloads\CCleaner Pro v5.13.5460.rar2015-12-31 17:41 - 2015-12-31 17:41 - 00000000 ____D C:\Windows\SysWOW64\NV2015-12-31 17:41 - 2015-12-31 17:41 - 00000000 ____D C:\Windows\system32\NV2015-12-31 17:37 - 2015-12-16 19:34 - 42977072 _____ C:\Windows\system32\nvcompiler.dll2015-12-31 17:37 - 2015-12-16 19:34 - 37609080 _____ C:\Windows\SysWOW64\nvcompiler.dll2015-12-31 17:37 - 2015-12-16 19:34 - 31061624 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2015-12-31 17:37 - 2015-12-16 19:34 - 24895792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2015-12-31 17:37 - 2015-12-16 19:34 - 21122456 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2015-12-31 17:37 - 2015-12-16 19:34 - 20663816 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2015-12-31 17:37 - 2015-12-16 19:34 - 18716176 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll2015-12-31 17:37 - 2015-12-16 19:34 - 17561432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2015-12-31 17:37 - 2015-12-16 19:34 - 17156968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2015-12-31 17:37 - 2015-12-16 19:34 - 16981976 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2015-12-31 17:37 - 2015-12-16 19:34 - 16286888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2015-12-31 17:37 - 2015-12-16 19:34 - 12334200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2015-12-31 17:37 - 2015-12-16 19:34 - 03211760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2015-12-31 17:37 - 2015-12-16 19:34 - 03168376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2015-12-31 17:37 - 2015-12-16 19:34 - 02755704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2015-12-31 17:37 - 2015-12-16 19:34 - 01915696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436143.dll2015-12-31 17:37 - 2015-12-16 19:34 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436143.dll2015-12-31 17:37 - 2015-12-16 19:34 - 00938104 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2015-12-31 17:37 - 2015-12-16 19:34 - 00872056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2015-12-31 17:37 - 2015-12-16 19:34 - 00734512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2015-12-31 17:37 - 2015-12-16 19:34 - 00681592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2015-12-31 17:37 - 2015-12-16 19:34 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2015-12-31 17:37 - 2015-12-16 19:34 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2015-12-31 17:37 - 2015-12-16 19:34 - 00031352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys2015-12-31 17:33 - 2015-12-31 17:34 - 336974040 _____ (NVIDIA Corporation) C:\Users\Itay\Downloads\361.43-notebook-win8-win7-64bit-international-whql.exe2015-12-31 16:43 - 2015-12-31 17:38 - 00000000 ____D C:\ProgramData\Package Cache2015-12-31 16:42 - 2015-12-31 16:42 - 00428672 ____N (Alcor) C:\Windows\system\S6000Dex.dll2015-12-31 16:42 - 2015-12-31 16:42 - 00247896 _____ (Alcor Micro, Corp.) C:\Windows\system32\S6000DIF.dll2015-12-28 14:34 - 2015-12-25 22:09 - 00003801 _____ C:\Users\Itay\Desktop\Program - עותק.cs2015-12-28 14:34 - 2015-12-25 22:09 - 00000916 _____ C:\Users\Itay\Desktop\IntNode.cs2015-12-28 07:20 - 2015-12-28 07:20 - 00002705 _____ C:\Users\Public\Desktop\Skype.lnk2015-12-28 07:20 - 2015-12-28 07:20 - 00000000 ___RD C:\Program Files (x86)\Skype2015-12-28 07:20 - 2015-12-28 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2015-12-26 17:19 - 2015-12-26 17:19 - 00145213 _____ C:\Users\Itay\Downloads\images (2).zip2015-12-26 17:14 - 2015-12-26 17:14 - 00165987 _____ C:\Users\Itay\Downloads\images (1).zip2015-12-26 17:13 - 2015-12-26 17:13 - 00173920 _____ C:\Users\Itay\Downloads\images.zip2015-12-25 22:09 - 2015-12-25 22:09 - 00003801 _____ C:\Users\Itay\Desktop\Program.cs2015-12-21 09:55 - 2015-12-21 09:55 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll2015-12-20 21:52 - 2015-12-20 21:52 - 00000262 _____ C:\Windows\Tasks\AutoKMS.job2015-12-20 21:52 - 2015-12-20 21:52 - 00000000 ____D C:\Windows\AutoKMS2015-12-20 21:50 - 2015-12-20 21:50 - 00001648 _____ C:\Users\Itay\Downloads\question3 - class.cs2015-12-20 21:50 - 2015-12-20 21:50 - 00001234 _____ C:\Users\Itay\Downloads\question4.cs2015-12-20 21:50 - 2015-12-20 21:50 - 00000888 _____ C:\Users\Itay\Downloads\question5.cs2015-12-20 21:50 - 2015-12-20 21:50 - 00000529 _____ C:\Users\Itay\Downloads\question2.cs2015-12-20 21:50 - 2015-12-20 21:50 - 00000512 _____ C:\Users\Itay\Downloads\question3 - main.cs2015-12-20 16:01 - 2015-12-20 16:02 - 00000000 ____D C:\Users\Itay\AppData\Roaming\ProductData2015-12-20 16:01 - 2015-12-20 16:01 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled2015-12-20 16:01 - 2015-12-20 16:01 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}2015-12-19 16:46 - 2016-01-07 17:38 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-12-19 16:46 - 2016-01-07 17:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-12-19 16:46 - 2016-01-07 17:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-12-19 16:46 - 2015-12-19 16:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed2015-12-19 16:46 - 2015-12-19 16:46 - 00000000 ____D C:\Windows\system32\Macromed2015-12-19 16:38 - 2015-12-19 16:38 - 00000000 ____D C:\Windows\SysWOW64\RTCOM2015-12-19 16:38 - 2015-12-19 16:38 - 00000000 ____D C:\Windows\system32\SRSLabs2015-12-19 16:38 - 2015-12-19 16:38 - 00000000 ____D C:\Program Files\Realtek2015-12-19 16:37 - 2015-12-19 16:37 - 04628736 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys2015-12-19 16:37 - 2015-12-19 16:37 - 04005405 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT2015-12-19 16:37 - 2015-12-19 16:37 - 03278408 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll2015-12-19 16:37 - 2015-12-19 16:37 - 03271912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll2015-12-19 16:37 - 2015-12-19 16:37 - 02997504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll2015-12-19 16:37 - 2015-12-19 16:37 - 02965120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll2015-12-19 16:37 - 2015-12-19 16:37 - 02893568 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl2015-12-19 16:37 - 2015-12-19 16:37 - 02028664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll2015-12-19 16:37 - 2015-12-19 16:37 - 01601944 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll2015-12-19 16:37 - 2015-12-19 16:37 - 01382240 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll2015-12-19 16:37 - 2015-12-19 16:37 - 01351992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll2015-12-19 16:37 - 2015-12-19 16:37 - 01121864 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll2015-12-19 16:37 - 2015-12-19 16:37 - 00961848 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll2015-12-19 16:37 - 2015-12-19 16:37 - 00873464 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll2015-12-19 16:37 - 2015-12-19 16:37 - 00749000 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll2015-12-19 16:37 - 2015-12-19 16:37 - 00689888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll2015-12-19 16:37 - 2015-12-19 16:37 - 00574760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll2015-12-19 16:37 - 2015-12-19 16:37 - 00387320 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll2015-12-19 16:37 - 2015-12-19 16:37 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll2015-12-19 16:37 - 2015-12-19 16:37 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll2015-12-19 16:37 - 2015-12-19 16:37 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll2015-12-19 16:37 - 2015-12-19 16:37 - 00214840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll2015-12-19 16:37 - 2015-12-19 16:37 - 00195192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll2015-12-19 16:37 - 2015-12-19 16:37 - 00158704 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll2015-12-19 16:37 - 2015-12-19 16:37 - 00122328 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll2015-12-19 16:37 - 2015-12-19 16:37 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll2015-12-19 16:37 - 2015-12-19 16:37 - 00110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll2015-12-19 16:37 - 2015-12-19 16:37 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll2015-12-19 16:37 - 2015-12-19 16:37 - 00075544 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll2015-12-19 16:37 - 2015-12-19 16:37 - 00023704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll2015-12-19 16:35 - 2015-12-19 16:35 - 04161536 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys2015-12-19 16:35 - 2015-12-19 16:35 - 01026304 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys2015-12-19 16:35 - 2015-12-19 16:35 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll2015-12-19 16:33 - 2015-12-19 16:33 - 00176880 _____ (JMicron Technology Corporation) C:\Windows\system32\Drivers\jmcr.sys2015-12-19 16:33 - 2015-12-19 16:33 - 00053624 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\tosrfec.sys2015-12-19 16:32 - 2015-12-19 16:32 - 00181760 _____ (Renesas Electronics Corporation) C:\Windows\system32\Drivers\nusb3xhc.sys2015-12-19 16:25 - 2016-01-04 07:17 - 00000000 ____D C:\ProgramData\ProductData2015-12-19 16:25 - 2015-12-20 16:01 - 00000388 _____ C:\Windows\Tasks\RunAsStdUser Task.job2015-12-19 16:24 - 2016-01-07 17:38 - 00002154 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk2015-12-19 16:24 - 2016-01-07 17:35 - 00000290 _____ C:\Windows\Tasks\Driver Booster Scheduler.job2015-12-19 16:24 - 2016-01-07 17:35 - 00000246 _____ C:\Windows\Tasks\Driver Booster SkipUAC (Itay).job2015-12-19 16:24 - 2015-12-20 16:04 - 00000000 ____D C:\Program Files (x86)\IObit2015-12-19 16:24 - 2015-12-20 16:01 - 00000000 ____D C:\Users\Itay\AppData\Roaming\IObit2015-12-19 16:24 - 2015-12-20 16:01 - 00000000 ____D C:\Users\Itay\AppData\LocalLow\IObit2015-12-19 16:24 - 2015-12-20 16:01 - 00000000 ____D C:\ProgramData\IObit2015-12-19 16:24 - 2015-12-19 16:24 - 00026528 _____ (REALiX) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS2015-12-19 16:24 - 2015-12-19 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 32015-12-19 16:22 - 2015-12-19 16:23 - 13786328 _____ (IObit ) C:\Users\Itay\Downloads\driver_booster_setup.exe2015-12-18 18:50 - 2015-12-18 20:20 - 00000000 ____D C:\BigTargil.py2015-12-18 18:42 - 2015-12-18 18:42 - 00837844 _____ C:\Users\Itay\Downloads\PIL-1.1.7.win32-py2.7 (1).exe2015-12-18 18:39 - 2015-12-18 18:39 - 00694386 _____ C:\Users\Itay\Downloads\PIL-1.1.7.win32-py2.5.exe2015-12-18 18:39 - 2015-12-18 18:39 - 00693895 _____ C:\Users\Itay\Downloads\PIL-1.1.7.win32-py2.4.exe2015-12-18 18:39 - 2015-12-18 18:39 - 00498749 _____ C:\Users\Itay\Downloads\Imaging-1.1.7.tar.gz2015-12-18 18:38 - 2015-12-18 18:38 - 00838324 _____ C:\Users\Itay\Downloads\PIL-1.1.7.win32-py2.6.exe2015-12-18 18:38 - 2015-12-18 18:38 - 00837844 _____ C:\Users\Itay\Downloads\PIL-1.1.7.win32-py2.7.exe2015-12-18 18:35 - 2015-12-20 09:45 - 00000000 ____D C:\project2015-12-14 16:46 - 2015-12-14 16:46 - 00001068 _____ C:\Users\Itay\Downloads\Custom-Menu-by-BananaGaming.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-09 20:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows2016-01-09 18:27 - 2015-08-27 23:58 - 00000000 ____D C:\Users\Itay\AppData\Roaming\TS3Client2016-01-09 17:03 - 2015-08-27 18:28 - 00000000 ____D C:\Program Files (x86)\Steam2016-01-09 16:46 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02016-01-09 16:46 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02016-01-09 16:36 - 2009-07-14 11:55 - 00000000 ____D C:\Windows\CSC2016-01-09 12:52 - 2015-10-25 21:56 - 00000000 ____D C:\Users\Itay\Documents\Visual Studio 20102016-01-09 09:57 - 2015-10-28 14:55 - 00000000 ____D C:\Users\Itay\AppData\Roaming\Skype2016-01-01 17:41 - 2015-08-27 23:35 - 00000000 ____D C:\Users\Itay\AppData\Local\Steam2016-01-01 07:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf2015-12-31 17:46 - 2015-08-27 18:34 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation2015-12-31 17:46 - 2015-08-27 18:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation2015-12-31 17:46 - 2015-08-27 18:27 - 00000000 ____D C:\Program Files\NVIDIA Corporation2015-12-31 17:41 - 2015-08-27 23:33 - 00000000 ____D C:\ProgramData\NVIDIA2015-12-31 17:31 - 2015-11-06 07:15 - 00000000 ____D C:\Windows\system32\appmgmt2015-12-31 17:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system2015-12-28 07:20 - 2015-10-28 14:55 - 00000000 ____D C:\Users\Itay\AppData\Local\Skype2015-12-28 07:20 - 2015-10-28 14:55 - 00000000 ____D C:\ProgramData\Skype2015-12-22 11:20 - 2015-10-15 21:16 - 00000000 ____D C:\Users\Itay\Desktop\CSGO Pics2015-12-20 21:54 - 2009-07-14 11:17 - 00441238 _____ C:\Windows\system32\perfh00D.dat2015-12-20 21:54 - 2009-07-14 11:17 - 00104956 _____ C:\Windows\system32\perfc00D.dat2015-12-20 21:54 - 2009-07-14 07:13 - 01399442 _____ C:\Windows\system32\PerfStringBackup.INI2015-12-19 16:35 - 2015-08-27 18:08 - 00116304 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll2015-12-18 20:23 - 2015-09-10 20:59 - 00000000 ___SD C:\Windows\SysWOW64\GWX2015-12-18 20:23 - 2015-09-10 20:59 - 00000000 ___SD C:\Windows\system32\GWX2015-12-17 16:49 - 2015-08-27 18:11 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-12-16 19:34 - 2015-10-07 16:04 - 03637352 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll2015-12-16 19:34 - 2015-08-27 18:28 - 14005408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll2015-12-16 19:34 - 2015-08-27 18:28 - 00469144 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll2015-12-16 19:34 - 2015-08-27 18:28 - 00388560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2015-12-16 19:34 - 2015-08-27 18:28 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2015-12-16 19:34 - 2015-08-27 18:28 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2015-12-16 19:34 - 2015-08-27 18:28 - 00034848 _____ C:\Windows\system32\nvinfo.pb2015-12-16 19:34 - 2015-08-27 18:16 - 00207152 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll2015-12-16 19:34 - 2015-08-27 18:16 - 00194680 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll2015-12-16 16:53 - 2015-08-27 18:34 - 06359672 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll2015-12-16 16:53 - 2015-08-27 18:34 - 02985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll2015-12-16 16:53 - 2015-08-27 18:34 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll2015-12-16 16:53 - 2015-08-27 18:34 - 01256240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe2015-12-16 16:53 - 2015-08-27 18:34 - 00523384 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll2015-12-16 16:53 - 2015-08-27 18:34 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll2015-12-16 16:53 - 2015-08-27 18:34 - 00075056 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll2015-12-16 16:53 - 2015-08-27 18:34 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll2015-12-16 16:49 - 2015-08-27 18:34 - 06090019 _____ C:\Windows\system32\nvcoproc.bin2015-12-15 00:24 - 2015-08-27 23:56 - 00130880 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys2015-12-10 22:29 - 2009-07-14 06:45 - 00379176 _____ C:\Windows\system32\FNTCACHE.DAT2015-12-10 11:20 - 2015-10-01 08:54 - 00000000 ____D C:\ProgramData\Microsoft Help2015-12-10 11:16 - 2015-08-28 23:15 - 00000000 ____D C:\Windows\system32\MRT2015-12-10 11:11 - 2015-08-28 23:15 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2015-11-07 18:03 - 2015-11-07 18:00 - 0000000 _____ () C:\Program Files\Alice.txt2015-11-07 18:00 - 2015-11-07 18:00 - 0000000 _____ () C:\Program Files (x86)\Alice.txt2015-08-28 15:59 - 2015-08-28 15:59 - 0000003 _____ () C:\Users\Itay\AppData\Local\updater.log2015-08-28 15:59 - 2015-08-28 15:59 - 0000424 _____ () C:\Users\Itay\AppData\Local\UserProducts.xml Some files in TEMP:====================C:\Users\Itay\AppData\Local\Temp\CC1.Exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-27 18:58 ==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-01-2015Ran by Itay (2016-01-09 20:04:17)Running from C:\Users\Itay\DownloadsWindows 7 Ultimate Service Pack 1 (X64) (2015-08-27 15:57:52)Boot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3941593106-3924251866-3501638744-500 - Administrator - Disabled)Guest (S-1-5-21-3941593106-3924251866-3501638744-501 - Limited - Enabled)Itay (S-1-5-21-3941593106-3924251866-3501638744-1000 - Administrator - Enabled) => C:\Users\Itay ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)Apple Application Support (64 סיביות) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)Driver Booster 3.1 (HKLM-x32\...\Driver Booster_is1) (Version: 3.1 - IObit)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) HiddenIntel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)LIMBO (HKLM-x32\...\Steam App 48000) (Version: - Playdead)Malwarebytes Anti-Malware גירסה 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft .NET Framework 4.5.2 (עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.5.51209 - Microsoft Corporation)Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)NVIDIA מנהל התקן עבור נתונים גרפיים 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)NVIDIA תכנת PhysX מערכת 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28188 - Razer Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) HiddenSkype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)לוח הבקרה של NVIDIA 361.43 (Version: 361.43 - NVIDIA Corporation) Hiddenערכת שפה של Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - HEB (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - HEB) (Version: 10.0.50903 - Microsoft Corporation)תמיכה ביישומים של Apple (32 סיביות) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1215AAE6-32C4-4C19-AC2D-02B65CEEE01E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= autoTask: {7E2D2722-0523-4BDC-A6AE-04467EFB63C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exeTask: C:\Windows\Tasks\Driver Booster Scheduler.job => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exeTask: C:\Windows\Tasks\Driver Booster SkipUAC (Itay).job => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e2f726febb14.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0fed69e6790.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e5580017157.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\RunAsStdUser Task.job => C:\Program Files (x86)\IObit\Advanced SystemCare\NoteIcon.exeHC:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exeTask: C:\Windows\Tasks\update-S-1-5-21-3941593106-3924251866-3501638744-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exeTask: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-08-27 18:28 - 2015-12-16 19:34 - 00012080 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll2015-09-23 15:47 - 2015-09-23 15:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-09-23 15:47 - 2015-09-23 15:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2015-08-27 18:34 - 2015-12-16 16:53 - 00126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2015-08-27 18:14 - 2015-06-05 10:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2015-08-27 18:28 - 2015-12-16 19:34 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll2015-08-27 18:35 - 2015-12-16 19:34 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll2015-08-27 23:34 - 2015-11-10 21:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll2015-08-27 23:34 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll2015-08-27 23:34 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll2015-08-27 23:34 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll2015-08-27 23:34 - 2015-12-14 22:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll2015-08-27 23:34 - 2015-09-24 02:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll2015-08-27 23:34 - 2015-09-24 02:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll2015-08-27 23:34 - 2015-09-24 02:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll2015-08-27 23:34 - 2015-09-24 02:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll2015-08-27 23:34 - 2015-09-24 02:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll2015-08-27 23:34 - 2015-12-14 22:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2015-08-27 23:34 - 2015-11-04 00:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll2015-10-01 08:28 - 2015-10-01 08:28 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll2015-12-17 16:49 - 2015-12-11 05:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll2015-12-17 16:49 - 2015-12-11 05:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll2015-08-27 23:34 - 2015-11-17 02:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2015-08-27 23:34 - 2015-09-25 01:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll2015-12-25 18:23 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\Itay\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3941593106-3924251866-3501638744-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 10.0.0.138HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: Bonjour Service => 2MSCONFIG\Services: bthserv => 3MSCONFIG\Services: iPod Service => 3MSCONFIG\Services: Razer Game Scanner Service => 2MSCONFIG\Services: SkypeUpdate => 2MSCONFIG\Services: TabletInputService => 3MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: Product => C:\Users\Itay\AppData\Local\Temp\IXP000.TMP\Crypted.exeMSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{FA17B480-6F0E-4427-97B4-F3FCC703E0A6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{B8F5E0B1-4FD4-4463-9CE8-3A35D4A911DC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{1AB2673C-F5D5-418C-A87E-A4ACED50E043}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{1A56289C-4992-420F-AF0C-9462B8B94B2E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{76D33AB9-93E4-407A-8E4F-D7C915365993}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeFirewallRules: [{3FABBE1E-09D6-4E0F-8AC5-C79479A23742}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeFirewallRules: [{AA89AD65-F141-4B82-BD39-02FAC0315F92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exeFirewallRules: [{D7A346CA-C72D-467F-8645-E6B89413DE76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exeFirewallRules: [{B573AC19-07EE-4BEF-97F0-39ECD6A42626}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{0FD9CC4E-1CBE-4EB1-8886-20861F306348}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{4C3D8FBA-C788-458E-A246-CC9808CE46A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{04A5F4DF-AA51-4D46-A7F5-FAC632BA1F23}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{0C6C91D6-C0D4-43F3-A2DE-E1B800963FBE}] => (Allow) C:\Program Files\iTunes\iTunes.exeFirewallRules: [TCP Query User{2A04292E-42A7-476D-8F85-6C5415F9A4BA}C:\heights\portableapps\portablepython2.7.6.1\app\pycharm\bin\pycharm.exe] => (Allow) C:\heights\portableapps\portablepython2.7.6.1\app\pycharm\bin\pycharm.exeFirewallRules: [uDP Query User{1CFC1E7D-0BAD-4B68-8DC1-748E9818F814}C:\heights\portableapps\portablepython2.7.6.1\app\pycharm\bin\pycharm.exe] => (Allow) C:\heights\portableapps\portablepython2.7.6.1\app\pycharm\bin\pycharm.exeFirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exeFirewallRules: [{860CE1CC-690D-49B2-B9F0-AEA2CCA26E19}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [TCP Query User{8F9ABB14-0AF1-461F-81CE-72AA650AD3A8}C:\heights\portableapps\portablepython2.7.6.1\app\python.exe] => (Allow) C:\heights\portableapps\portablepython2.7.6.1\app\python.exeFirewallRules: [uDP Query User{ADD43936-F2B1-4603-B7E0-CC72D55D03E1}C:\heights\portableapps\portablepython2.7.6.1\app\python.exe] => (Allow) C:\heights\portableapps\portablepython2.7.6.1\app\python.exeFirewallRules: [{006FE319-54BB-4273-8365-6B4ABBE5AFFC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{CD65D427-7A0B-495E-8834-AF6F58D699FD}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exeFirewallRules: [{44514709-9E9C-4CB8-9121-92D98485EB51}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exeFirewallRules: [{51A91A62-47DE-4E66-B7B8-D1E0FC2B8FC6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exeFirewallRules: [{26E06C71-6816-4762-8E73-E28BA199D9B3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exeFirewallRules: [{30874C88-26ED-4C88-9B12-98D05DA7609E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exeFirewallRules: [{C59883F6-B262-41FE-9602-AC0F15AFC1CF}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exeFirewallRules: [TCP Query User{43CCF120-A5B2-45B2-8935-D2AE457746BF}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exeFirewallRules: [uDP Query User{89C510BC-D175-4E58-B9BF-9F3B299B54D0}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe ==================== Restore Points ========================= 25-12-2015 12:35:49 Windows Update29-12-2015 15:58:54 Windows Update31-12-2015 16:41:49 Driver Booster : Microsoft Visual C++ 2008 Redistributable (x64)31-12-2015 16:43:23 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.6103031-12-2015 16:44:01 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.6103031-12-2015 17:31:43 Removed Windows 7 USB/DVD Download Tool31-12-2015 17:38:03 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.2100501-01-2016 07:37:21 Windows Update05-01-2016 16:17:13 Windows Update07-01-2016 17:36:48 Driver Booster : Adobe Flash Player ActiveX08-01-2016 17:27:23 Windows Update ==================== Faulty Device Manager Devices ============= Name: Unknown DeviceDescription: Unknown DeviceClass Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: (Standard USB Host Controller)Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43)Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors:================== System errors:=============Error: (12/31/2015 06:07:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: שירות ה- Task Scheduler תלוי בשירות ה- Windows Event Log שהפעלתו נכשלה בשל השגיאה הבאה: %%1058 Error: (12/31/2015 03:11:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: הפעלת השירות Net.Pipe Listener Adapter נכשלה בשל השגיאה הבאה: %%1053 Error: (12/31/2015 03:11:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לחיבור של שירות Net.Pipe Listener Adapter. Error: (12/31/2015 03:10:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: שירות ה- Net.Tcp Listener Adapter תלוי בשירות ה- Net.Tcp Port Sharing Service שהפעלתו נכשלה בשל השגיאה הבאה: %%1053 Error: (12/31/2015 03:09:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: הפעלת השירות Net.Tcp Port Sharing Service נכשלה בשל השגיאה הבאה: %%1053 Error: (12/31/2015 03:09:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לחיבור של שירות Net.Tcp Port Sharing Service. Error: (12/31/2015 03:08:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: שירות ה- Task Scheduler תלוי בשירות ה- Windows Event Log שהפעלתו נכשלה בשל השגיאה הבאה: %%1058 Error: (08/27/2015 11:35:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: הפעלת השירות Steam Client Service נכשלה בשל השגיאה הבאה: %%1053 Error: (08/27/2015 11:35:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לחיבור של שירות Steam Client Service. Error: (08/27/2015 06:18:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: שירות ה- Intel® Content Protection HECI Service הפסיק עם השגיאה הבאה: %%-2147024637 ==================== Memory info =========================== Processor: Intel® Core i5-2450M CPU @ 2.50GHzPercentage of memory in use: 60%Total physical RAM: 6051.76 MBAvailable physical RAM: 2395.59 MBTotal Virtual: 12101.72 MBAvailable Virtual: 7826.42 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:341.2 GB) (Free:244.13 GB) NTFSDrive d: () (Fixed) (Total:123.96 GB) (Free:98.93 GB) NTFSDrive f: (שמור על-ידי המערכת) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CD958172)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=341.2 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=511 MB) - (Type=27)Partition 4: (Not Active) - (Size=124 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted January 9, 2016 ID:1011665 Share Posted January 9, 2016 Thanks for those logs, unfortunately there is evidence of installed and active illegal software, that is a direct breach of forum protocol. I cannot offer any further help, a moderator will lock and close your thread...If you disagree please contact one of the moderators.... Thank you, Kevin Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 9, 2016 Root Admin ID:1011687 Share Posted January 9, 2016 015-12-20 21:52 - 2015-12-20 21:52 - 00000262 _____ C:\Windows\Tasks\AutoKMS.job2015-12-20 21:52 - 2015-12-20 21:52 - 00000000 ____D C:\Windows\AutoKMSTask: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 9, 2016 Root Admin ID:1011688 Share Posted January 9, 2016 This topic will now be closed due to evidence of cracked or pirated software on this system.Piracy Policy Link to post Share on other sites More sharing options...
Recommended Posts