Jump to content

Crypted.exe

Itayyy

By Itayyy
in Resolved Malware Removal Logs

 Share

Recommended Posts

Itayyy

Itayyy

Posted
Posted

found ive got that program on my pc , searched in google and its apprently a Keylogger or a virus or something bad :D 

I wanted to remove it but i cant find the folder "IXP000.TMP" Its sitting on ... any help would be appreciated on what is this program and how to remove it :) 

tyy

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....

 
Next,
 
Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt)  Please attach those logs to your reply.


 

Let me see those logs please...

 

Thank you,

 

Kevin

Link to post
Share on other sites
Itayyy

Itayyy

Posted
  • Author
Posted

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

 

 

 

Next,

 

Please open Malwarebytes Anti-Malware.

 

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'

  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply

      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....

 

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

 

  • Double-click to run it. When the tool opens click Yes to disclaimer.

    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)

  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt)  Please attach those logs to your reply.

 

 

Let me see those logs please...

 

Thank you,

 

Kevin

Malwarebytes Anti-Malware
www.malwarebytes.org
 
תאריך סריקה: 09/01/2016
זמן סריקה: 14:24
יומן: 
מנהל: כן
 
גרסה: 2.2.0.1024
תוכנות זדוניות מסד נתונים: v2016.01.09.02
Rootkit מסד נתונים: v2016.01.05.01
רישיון: משפט
הגנה מפני תוכנות זדוניות: פעיל
הגנה מפני אתרים זדוניים: פעיל
מיגון: בעלי מוגבלויות
 
מערכת הפעלה: Windows 7 Service Pack 1
מעבד: x64
מערכת קבצים: NTFS
משתמש: Itay
 
סוג הסריקה: סריקת איומים
תוצאות: הושלם
אובייקטים שנסרקו: 381067
זמן שחלף: 2 שעות, 9 דקות, 25שניות 
 
זיכרון: פעיל
רשומת אתחול: פעיל
מערכת הקבצים: פעיל
ארכיונים: פעיל
רוטקיט: פעיל
היוריסטיקה: פעיל
PUP: פעיל
PUM: פעיל
 
תהליכים: 0
(לא זוהו פריטים זדוני)
 
רכיבים: 0
(לא זוהו פריטים זדוני)
 
מפתחות עורך הרישום: 1
Backdoor.DarkComet.Trace, HKU\S-1-5-21-3941593106-3924251866-3501638744-1000\SOFTWARE\DC3_FEXEC, בהסגר, [078f34031a7fce6871e03fa9c93ac739], 
 
ערכי עורך הרישום: 0
(לא זוהו פריטים זדוני)
 
מידע של עורך הרישום: 0
(לא זוהו פריטים זדוני)
 
תיקיות: 1
Trojan.StolenData, C:\Users\Itay\AppData\Roaming\dclogs, בהסגר, [682e0631732696a07e8bb24ee81c0cf4], 
 
קבצים: 3
HackTool.Agent, C:\Users\Itay\Downloads\Windows_7_Loader_v_2.1.8.rar, בהסגר, [3066dd5afe9b3bfb9c9e859fac558080], 
Trojan.StolenData, C:\Users\Itay\AppData\Roaming\dclogs\2015-08-28-6.dc, בהסגר, [682e0631732696a07e8bb24ee81c0cf4], 
Trojan.StolenData, C:\Users\Itay\AppData\Roaming\dclogs\2015-08-29-7.dc, בהסגר, [682e0631732696a07e8bb24ee81c0cf4], 
 
הסקטורים הפיזיים: 0
(לא זוהו פריטים זדוני)
 
 
(end)
fakkk sorry its in hebrew but ill sum it up for u . 
I did the scam and found 5 viruses :
1) Backdoor.DarkComet.Trace
2) Trojen.Stolendata
3) HackTool.Agent
4) Torjan.StolenData
5)Torjan.StolenData
So after the scan it offered me to remove them and i did that , whats next?
If u need me to translate something just tell me 
Link to post
Share on other sites
Itayyy

Itayyy

Posted
  • Author
Posted

 

I wanted the logs from FRST, if they too are in Hebrew then we have a problem...

 

​GOT THE FILES WOOHOO !
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by Itay (administrator) on ITAY-PC (09-01-2016 20:03:23)
Running from C:\Users\Itay\Downloads
Loaded Profiles: Itay (Available Profiles: Itay & DefaultAppPool)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: עברית (ישראל)‏
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-16] (NVIDIA Corporation)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-12-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [591512 2015-11-19] (Razer Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3941593106-3924251866-3501638744-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-3941593106-3924251866-3501638744-1000\...\Run: [GoogleChromeAutoLaunch_08BBA831A3456B4933DA4A85E02CE15B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175368 2015-12-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153392 2015-12-16] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{C93D7107-2F32-4313-879E-28368414EEC7}: [DhcpNameServer] 10.0.0.138
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google מצגות) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-27]
CHR Extension: (Google Docs) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-27]
CHR Extension: (כונן Google) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Steam inventory helper) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-01-02]
CHR Extension: (חיפוש Google) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-27]
CHR Extension: (LoungeDestroyer) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2015-12-26]
CHR Extension: (Google Docs Offline) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-14]
CHR Extension: (AdBlock) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-27]
CHR Extension: (Gmail) - C:\Users\Itay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-27]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-12-19] (Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-19] (REALiX)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-09] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-10-03] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
S3 S6000KNT; System32\Drivers\S6000KNT.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-09 20:03 - 2016-01-09 20:03 - 00012274 _____ C:\Users\Itay\Downloads\FRST.txt
2016-01-09 20:02 - 2016-01-09 20:03 - 00000000 ____D C:\FRST
2016-01-09 20:02 - 2016-01-09 20:02 - 02370560 _____ (Farbar) C:\Users\Itay\Downloads\FRST64.exe
2016-01-09 14:22 - 2016-01-09 17:50 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-09 14:22 - 2016-01-09 14:22 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-09 14:22 - 2016-01-09 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-09 14:22 - 2016-01-09 14:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-09 14:22 - 2016-01-09 14:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-09 14:22 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-09 14:22 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-09 14:22 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-09 14:21 - 2016-01-09 14:21 - 22908888 _____ (Malwarebytes ) C:\Users\Itay\Downloads\mbam-setup-2.2.0.1024 (1).exe
2016-01-09 12:07 - 2016-01-09 12:07 - 00000884 _____ C:\Users\Itay\Downloads\Node.cs
2016-01-09 11:38 - 2016-01-09 11:38 - 22908888 _____ (Malwarebytes ) C:\Users\Itay\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-08 22:44 - 2016-01-08 22:44 - 00546199 _____ C:\Users\Itay\Downloads\Unpark-CPU-App (1).zip
2016-01-06 19:30 - 2016-01-06 19:30 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-01-06 19:30 - 2016-01-06 19:30 - 00000000 _SHDL C:\Users\DefaultAppPool\תפריט התחלה
2016-01-06 19:30 - 2016-01-06 19:30 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-01-06 19:30 - 2016-01-06 19:30 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-01-06 19:30 - 2016-01-06 19:30 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-01-06 19:30 - 2016-01-06 19:30 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-01-06 19:30 - 2016-01-06 19:30 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\תוכניות
2016-01-06 19:30 - 2016-01-06 19:30 - 00000000 ____D C:\Users\DefaultAppPool
2016-01-06 19:30 - 2015-10-26 22:57 - 00000000 ____D C:\Users\DefaultAppPool\Documents\Visual Studio 2010
2016-01-06 19:30 - 2015-10-02 02:07 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2016-01-06 19:30 - 2009-07-14 11:54 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2016-01-02 21:55 - 2016-01-02 21:55 - 00173371 _____ C:\Users\Itay\Downloads\images (3).zip
2016-01-02 20:25 - 2016-01-02 20:25 - 00773632 _____ C:\Users\Itay\Downloads\chap7-Collections-CSharp-PPT.ppt
2015-12-31 20:24 - 2015-12-31 20:24 - 00001794 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-31 20:24 - 2015-12-31 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-31 20:24 - 2015-12-31 20:24 - 00000000 ____D C:\Program Files\CCleaner
2015-12-31 20:23 - 2015-12-31 20:23 - 07925316 _____ C:\Users\Itay\Downloads\CCleaner Pro v5.13.5460.rar
2015-12-31 17:41 - 2015-12-31 17:41 - 00000000 ____D C:\Windows\SysWOW64\NV
2015-12-31 17:41 - 2015-12-31 17:41 - 00000000 ____D C:\Windows\system32\NV
2015-12-31 17:37 - 2015-12-16 19:34 - 42977072 _____ C:\Windows\system32\nvcompiler.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 37609080 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 31061624 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 24895792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 21122456 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 20663816 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 18716176 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 17561432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 17156968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 16981976 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 16286888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 12334200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-12-31 17:37 - 2015-12-16 19:34 - 03211760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 03168376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 02755704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 01915696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436143.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436143.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 00938104 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 00872056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 00734512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 00681592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-12-31 17:37 - 2015-12-16 19:34 - 00031352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-12-31 17:33 - 2015-12-31 17:34 - 336974040 _____ (NVIDIA Corporation) C:\Users\Itay\Downloads\361.43-notebook-win8-win7-64bit-international-whql.exe
2015-12-31 16:43 - 2015-12-31 17:38 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-31 16:42 - 2015-12-31 16:42 - 00428672 ____N (Alcor) C:\Windows\system\S6000Dex.dll
2015-12-31 16:42 - 2015-12-31 16:42 - 00247896 _____ (Alcor Micro, Corp.) C:\Windows\system32\S6000DIF.dll
2015-12-28 14:34 - 2015-12-25 22:09 - 00003801 _____ C:\Users\Itay\Desktop\Program - עותק.cs
2015-12-28 14:34 - 2015-12-25 22:09 - 00000916 _____ C:\Users\Itay\Desktop\IntNode.cs
2015-12-28 07:20 - 2015-12-28 07:20 - 00002705 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-28 07:20 - 2015-12-28 07:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-28 07:20 - 2015-12-28 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-26 17:19 - 2015-12-26 17:19 - 00145213 _____ C:\Users\Itay\Downloads\images (2).zip
2015-12-26 17:14 - 2015-12-26 17:14 - 00165987 _____ C:\Users\Itay\Downloads\images (1).zip
2015-12-26 17:13 - 2015-12-26 17:13 - 00173920 _____ C:\Users\Itay\Downloads\images.zip
2015-12-25 22:09 - 2015-12-25 22:09 - 00003801 _____ C:\Users\Itay\Desktop\Program.cs
2015-12-21 09:55 - 2015-12-21 09:55 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll
2015-12-20 21:52 - 2015-12-20 21:52 - 00000262 _____ C:\Windows\Tasks\AutoKMS.job
2015-12-20 21:52 - 2015-12-20 21:52 - 00000000 ____D C:\Windows\AutoKMS
2015-12-20 21:50 - 2015-12-20 21:50 - 00001648 _____ C:\Users\Itay\Downloads\question3 - class.cs
2015-12-20 21:50 - 2015-12-20 21:50 - 00001234 _____ C:\Users\Itay\Downloads\question4.cs
2015-12-20 21:50 - 2015-12-20 21:50 - 00000888 _____ C:\Users\Itay\Downloads\question5.cs
2015-12-20 21:50 - 2015-12-20 21:50 - 00000529 _____ C:\Users\Itay\Downloads\question2.cs
2015-12-20 21:50 - 2015-12-20 21:50 - 00000512 _____ C:\Users\Itay\Downloads\question3 - main.cs
2015-12-20 16:01 - 2015-12-20 16:02 - 00000000 ____D C:\Users\Itay\AppData\Roaming\ProductData
2015-12-20 16:01 - 2015-12-20 16:01 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2015-12-20 16:01 - 2015-12-20 16:01 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2015-12-19 16:46 - 2016-01-07 17:38 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-19 16:46 - 2016-01-07 17:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-19 16:46 - 2016-01-07 17:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-19 16:46 - 2015-12-19 16:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-12-19 16:46 - 2015-12-19 16:46 - 00000000 ____D C:\Windows\system32\Macromed
2015-12-19 16:38 - 2015-12-19 16:38 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-12-19 16:38 - 2015-12-19 16:38 - 00000000 ____D C:\Windows\system32\SRSLabs
2015-12-19 16:38 - 2015-12-19 16:38 - 00000000 ____D C:\Program Files\Realtek
2015-12-19 16:37 - 2015-12-19 16:37 - 04628736 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-12-19 16:37 - 2015-12-19 16:37 - 04005405 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-12-19 16:37 - 2015-12-19 16:37 - 03278408 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 03271912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 02997504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 02965120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 02893568 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-12-19 16:37 - 2015-12-19 16:37 - 02028664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 01601944 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 01382240 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 01351992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 01121864 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 00961848 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 00873464 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 00749000 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 00689888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 00574760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 00387320 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 00214840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 00195192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 00158704 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 00122328 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 00110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 00075544 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-12-19 16:37 - 2015-12-19 16:37 - 00023704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-12-19 16:35 - 2015-12-19 16:35 - 04161536 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2015-12-19 16:35 - 2015-12-19 16:35 - 01026304 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-12-19 16:35 - 2015-12-19 16:35 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-12-19 16:33 - 2015-12-19 16:33 - 00176880 _____ (JMicron Technology Corporation) C:\Windows\system32\Drivers\jmcr.sys
2015-12-19 16:33 - 2015-12-19 16:33 - 00053624 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\tosrfec.sys
2015-12-19 16:32 - 2015-12-19 16:32 - 00181760 _____ (Renesas Electronics Corporation) C:\Windows\system32\Drivers\nusb3xhc.sys
2015-12-19 16:25 - 2016-01-04 07:17 - 00000000 ____D C:\ProgramData\ProductData
2015-12-19 16:25 - 2015-12-20 16:01 - 00000388 _____ C:\Windows\Tasks\RunAsStdUser Task.job
2015-12-19 16:24 - 2016-01-07 17:38 - 00002154 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2015-12-19 16:24 - 2016-01-07 17:35 - 00000290 _____ C:\Windows\Tasks\Driver Booster Scheduler.job
2015-12-19 16:24 - 2016-01-07 17:35 - 00000246 _____ C:\Windows\Tasks\Driver Booster SkipUAC (Itay).job
2015-12-19 16:24 - 2015-12-20 16:04 - 00000000 ____D C:\Program Files (x86)\IObit
2015-12-19 16:24 - 2015-12-20 16:01 - 00000000 ____D C:\Users\Itay\AppData\Roaming\IObit
2015-12-19 16:24 - 2015-12-20 16:01 - 00000000 ____D C:\Users\Itay\AppData\LocalLow\IObit
2015-12-19 16:24 - 2015-12-20 16:01 - 00000000 ____D C:\ProgramData\IObit
2015-12-19 16:24 - 2015-12-19 16:24 - 00026528 _____ (REALiX) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-12-19 16:24 - 2015-12-19 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2015-12-19 16:22 - 2015-12-19 16:23 - 13786328 _____ (IObit ) C:\Users\Itay\Downloads\driver_booster_setup.exe
2015-12-18 18:50 - 2015-12-18 20:20 - 00000000 ____D C:\BigTargil.py
2015-12-18 18:42 - 2015-12-18 18:42 - 00837844 _____ C:\Users\Itay\Downloads\PIL-1.1.7.win32-py2.7 (1).exe
2015-12-18 18:39 - 2015-12-18 18:39 - 00694386 _____ C:\Users\Itay\Downloads\PIL-1.1.7.win32-py2.5.exe
2015-12-18 18:39 - 2015-12-18 18:39 - 00693895 _____ C:\Users\Itay\Downloads\PIL-1.1.7.win32-py2.4.exe
2015-12-18 18:39 - 2015-12-18 18:39 - 00498749 _____ C:\Users\Itay\Downloads\Imaging-1.1.7.tar.gz
2015-12-18 18:38 - 2015-12-18 18:38 - 00838324 _____ C:\Users\Itay\Downloads\PIL-1.1.7.win32-py2.6.exe
2015-12-18 18:38 - 2015-12-18 18:38 - 00837844 _____ C:\Users\Itay\Downloads\PIL-1.1.7.win32-py2.7.exe
2015-12-18 18:35 - 2015-12-20 09:45 - 00000000 ____D C:\project
2015-12-14 16:46 - 2015-12-14 16:46 - 00001068 _____ C:\Users\Itay\Downloads\Custom-Menu-by-BananaGaming.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-09 20:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows
2016-01-09 18:27 - 2015-08-27 23:58 - 00000000 ____D C:\Users\Itay\AppData\Roaming\TS3Client
2016-01-09 17:03 - 2015-08-27 18:28 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-09 16:46 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-09 16:46 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-09 16:36 - 2009-07-14 11:55 - 00000000 ____D C:\Windows\CSC
2016-01-09 12:52 - 2015-10-25 21:56 - 00000000 ____D C:\Users\Itay\Documents\Visual Studio 2010
2016-01-09 09:57 - 2015-10-28 14:55 - 00000000 ____D C:\Users\Itay\AppData\Roaming\Skype
2016-01-01 17:41 - 2015-08-27 23:35 - 00000000 ____D C:\Users\Itay\AppData\Local\Steam
2016-01-01 07:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2015-12-31 17:46 - 2015-08-27 18:34 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-12-31 17:46 - 2015-08-27 18:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-31 17:46 - 2015-08-27 18:27 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-12-31 17:41 - 2015-08-27 23:33 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-31 17:31 - 2015-11-06 07:15 - 00000000 ____D C:\Windows\system32\appmgmt
2015-12-31 17:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system
2015-12-28 07:20 - 2015-10-28 14:55 - 00000000 ____D C:\Users\Itay\AppData\Local\Skype
2015-12-28 07:20 - 2015-10-28 14:55 - 00000000 ____D C:\ProgramData\Skype
2015-12-22 11:20 - 2015-10-15 21:16 - 00000000 ____D C:\Users\Itay\Desktop\CSGO Pics
2015-12-20 21:54 - 2009-07-14 11:17 - 00441238 _____ C:\Windows\system32\perfh00D.dat
2015-12-20 21:54 - 2009-07-14 11:17 - 00104956 _____ C:\Windows\system32\perfc00D.dat
2015-12-20 21:54 - 2009-07-14 07:13 - 01399442 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-19 16:35 - 2015-08-27 18:08 - 00116304 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-12-18 20:23 - 2015-09-10 20:59 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-18 20:23 - 2015-09-10 20:59 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-17 16:49 - 2015-08-27 18:11 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-16 19:34 - 2015-10-07 16:04 - 03637352 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-12-16 19:34 - 2015-08-27 18:28 - 14005408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-12-16 19:34 - 2015-08-27 18:28 - 00469144 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-12-16 19:34 - 2015-08-27 18:28 - 00388560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-12-16 19:34 - 2015-08-27 18:28 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-12-16 19:34 - 2015-08-27 18:28 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-12-16 19:34 - 2015-08-27 18:28 - 00034848 _____ C:\Windows\system32\nvinfo.pb
2015-12-16 19:34 - 2015-08-27 18:16 - 00207152 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-12-16 19:34 - 2015-08-27 18:16 - 00194680 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-12-16 16:53 - 2015-08-27 18:34 - 06359672 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-12-16 16:53 - 2015-08-27 18:34 - 02985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-12-16 16:53 - 2015-08-27 18:34 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-12-16 16:53 - 2015-08-27 18:34 - 01256240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-12-16 16:53 - 2015-08-27 18:34 - 00523384 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-12-16 16:53 - 2015-08-27 18:34 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-12-16 16:53 - 2015-08-27 18:34 - 00075056 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-12-16 16:53 - 2015-08-27 18:34 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-12-16 16:49 - 2015-08-27 18:34 - 06090019 _____ C:\Windows\system32\nvcoproc.bin
2015-12-15 00:24 - 2015-08-27 23:56 - 00130880 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2015-12-10 22:29 - 2009-07-14 06:45 - 00379176 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-10 11:20 - 2015-10-01 08:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-10 11:16 - 2015-08-28 23:15 - 00000000 ____D C:\Windows\system32\MRT
2015-12-10 11:11 - 2015-08-28 23:15 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-11-07 18:03 - 2015-11-07 18:00 - 0000000 _____ () C:\Program Files\Alice.txt
2015-11-07 18:00 - 2015-11-07 18:00 - 0000000 _____ () C:\Program Files (x86)\Alice.txt
2015-08-28 15:59 - 2015-08-28 15:59 - 0000003 _____ () C:\Users\Itay\AppData\Local\updater.log
2015-08-28 15:59 - 2015-08-28 15:59 - 0000424 _____ () C:\Users\Itay\AppData\Local\UserProducts.xml
 
Some files in TEMP:
====================
C:\Users\Itay\AppData\Local\Temp\CC1.Exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-27 18:58
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-01-2015
Ran by Itay (2016-01-09 20:04:17)
Running from C:\Users\Itay\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-08-27 15:57:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3941593106-3924251866-3501638744-500 - Administrator - Disabled)
Guest (S-1-5-21-3941593106-3924251866-3501638744-501 - Limited - Enabled)
Itay (S-1-5-21-3941593106-3924251866-3501638744-1000 - Administrator - Enabled) => C:\Users\Itay
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Apple Application Support‏ (64 סיביות) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Driver Booster 3.1 (HKLM-x32\...\Driver Booster_is1) (Version: 3.1 - IObit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)
Malwarebytes Anti-Malware גירסה 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA מנהל התקן עבור נתונים גרפיים 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA תכנת PhysX מערכת 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28188 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
לוח הבקרה של NVIDIA 361.43 (Version: 361.43 - NVIDIA Corporation) Hidden
ערכת שפה של Microsoft Visual Studio 2010 Tools for Office Runtime (x64)‎ - ‏HEB (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - HEB) (Version: 10.0.50903 - Microsoft Corporation)
תמיכה ביישומים של Apple‏ (32 סיביות) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1215AAE6-32C4-4C19-AC2D-02B65CEEE01E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {7E2D2722-0523-4BDC-A6AE-04467EFB63C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\Driver Booster Scheduler.job => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
Task: C:\Windows\Tasks\Driver Booster SkipUAC (Itay).job => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e2f726febb14.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0fed69e6790.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e5580017157.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RunAsStdUser Task.job => C:\Program Files (x86)\IObit\Advanced SystemCare\NoteIcon.exeHC:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
Task: C:\Windows\Tasks\update-S-1-5-21-3941593106-3924251866-3501638744-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-27 18:28 - 2015-12-16 19:34 - 00012080 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-27 18:34 - 2015-12-16 16:53 - 00126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-08-27 18:14 - 2015-06-05 10:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-08-27 18:28 - 2015-12-16 19:34 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-08-27 18:35 - 2015-12-16 19:34 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-08-27 23:34 - 2015-11-10 21:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-08-27 23:34 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-08-27 23:34 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-08-27 23:34 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-08-27 23:34 - 2015-12-14 22:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll
2015-08-27 23:34 - 2015-09-24 02:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-08-27 23:34 - 2015-09-24 02:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-08-27 23:34 - 2015-09-24 02:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-08-27 23:34 - 2015-09-24 02:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-08-27 23:34 - 2015-09-24 02:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-08-27 23:34 - 2015-12-14 22:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-08-27 23:34 - 2015-11-04 00:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-10-01 08:28 - 2015-10-01 08:28 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-12-17 16:49 - 2015-12-11 05:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-17 16:49 - 2015-12-11 05:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-08-27 23:34 - 2015-11-17 02:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-08-27 23:34 - 2015-09-25 01:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2015-12-25 18:23 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\Itay\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3941593106-3924251866-3501638744-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Product => C:\Users\Itay\AppData\Local\Temp\IXP000.TMP\Crypted.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FA17B480-6F0E-4427-97B4-F3FCC703E0A6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B8F5E0B1-4FD4-4463-9CE8-3A35D4A911DC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1AB2673C-F5D5-418C-A87E-A4ACED50E043}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1A56289C-4992-420F-AF0C-9462B8B94B2E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{76D33AB9-93E4-407A-8E4F-D7C915365993}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3FABBE1E-09D6-4E0F-8AC5-C79479A23742}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{AA89AD65-F141-4B82-BD39-02FAC0315F92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{D7A346CA-C72D-467F-8645-E6B89413DE76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{B573AC19-07EE-4BEF-97F0-39ECD6A42626}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FD9CC4E-1CBE-4EB1-8886-20861F306348}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4C3D8FBA-C788-458E-A246-CC9808CE46A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{04A5F4DF-AA51-4D46-A7F5-FAC632BA1F23}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0C6C91D6-C0D4-43F3-A2DE-E1B800963FBE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{2A04292E-42A7-476D-8F85-6C5415F9A4BA}C:\heights\portableapps\portablepython2.7.6.1\app\pycharm\bin\pycharm.exe] => (Allow) C:\heights\portableapps\portablepython2.7.6.1\app\pycharm\bin\pycharm.exe
FirewallRules: [uDP Query User{1CFC1E7D-0BAD-4B68-8DC1-748E9818F814}C:\heights\portableapps\portablepython2.7.6.1\app\pycharm\bin\pycharm.exe] => (Allow) C:\heights\portableapps\portablepython2.7.6.1\app\pycharm\bin\pycharm.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [{860CE1CC-690D-49B2-B9F0-AEA2CCA26E19}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{8F9ABB14-0AF1-461F-81CE-72AA650AD3A8}C:\heights\portableapps\portablepython2.7.6.1\app\python.exe] => (Allow) C:\heights\portableapps\portablepython2.7.6.1\app\python.exe
FirewallRules: [uDP Query User{ADD43936-F2B1-4603-B7E0-CC72D55D03E1}C:\heights\portableapps\portablepython2.7.6.1\app\python.exe] => (Allow) C:\heights\portableapps\portablepython2.7.6.1\app\python.exe
FirewallRules: [{006FE319-54BB-4273-8365-6B4ABBE5AFFC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CD65D427-7A0B-495E-8834-AF6F58D699FD}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{44514709-9E9C-4CB8-9121-92D98485EB51}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{51A91A62-47DE-4E66-B7B8-D1E0FC2B8FC6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{26E06C71-6816-4762-8E73-E28BA199D9B3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{30874C88-26ED-4C88-9B12-98D05DA7609E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{C59883F6-B262-41FE-9602-AC0F15AFC1CF}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [TCP Query User{43CCF120-A5B2-45B2-8935-D2AE457746BF}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [uDP Query User{89C510BC-D175-4E58-B9BF-9F3B299B54D0}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
 
==================== Restore Points =========================
 
25-12-2015 12:35:49 Windows Update
29-12-2015 15:58:54 Windows Update
31-12-2015 16:41:49 Driver Booster : Microsoft Visual C++ 2008 Redistributable (x64)
31-12-2015 16:43:23 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
31-12-2015 16:44:01 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
31-12-2015 17:31:43 Removed Windows 7 USB/DVD Download Tool
31-12-2015 17:38:03 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
01-01-2016 07:37:21 Windows Update
05-01-2016 16:17:13 Windows Update
07-01-2016 17:36:48 Driver Booster : Adobe Flash Player ActiveX
08-01-2016 17:27:23 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (12/31/2015 06:07:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: ‏‏שירות ה- Task Scheduler תלוי בשירות ה- Windows Event Log שהפעלתו נכשלה בשל השגיאה הבאה: 
%%1058
 
Error: (12/31/2015 03:11:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ‏‏הפעלת השירות Net.Pipe Listener Adapter נכשלה בשל השגיאה הבאה: 
%%1053
 
Error: (12/31/2015 03:11:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לחיבור של שירות Net.Pipe Listener Adapter.
 
Error: (12/31/2015 03:10:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: ‏‏שירות ה- Net.Tcp Listener Adapter תלוי בשירות ה- Net.Tcp Port Sharing Service שהפעלתו נכשלה בשל השגיאה הבאה: 
%%1053
 
Error: (12/31/2015 03:09:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ‏‏הפעלת השירות Net.Tcp Port Sharing Service נכשלה בשל השגיאה הבאה: 
%%1053
 
Error: (12/31/2015 03:09:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לחיבור של שירות Net.Tcp Port Sharing Service.
 
Error: (12/31/2015 03:08:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: ‏‏שירות ה- Task Scheduler תלוי בשירות ה- Windows Event Log שהפעלתו נכשלה בשל השגיאה הבאה: 
%%1058
 
Error: (08/27/2015 11:35:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ‏‏הפעלת השירות Steam Client Service נכשלה בשל השגיאה הבאה: 
%%1053
 
Error: (08/27/2015 11:35:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לחיבור של שירות Steam Client Service.
 
Error: (08/27/2015 06:18:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: ‏‏שירות ה- Intel® Content Protection HECI Service הפסיק עם השגיאה הבאה: 
%%-2147024637
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 60%
Total physical RAM: 6051.76 MB
Available physical RAM: 2395.59 MB
Total Virtual: 12101.72 MB
Available Virtual: 7826.42 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:341.2 GB) (Free:244.13 GB) NTFS
Drive d: () (Fixed) (Total:123.96 GB) (Free:98.93 GB) NTFS
Drive f: (‏‏שמור על-ידי המערכת) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CD958172)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=341.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=511 MB) - (Type=27)
Partition 4: (Not Active) - (Size=124 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for those logs, unfortunately there is evidence of installed and active illegal software, that is a direct breach of forum protocol. I cannot offer any further help, a moderator will lock and close your thread...

If you disagree please contact one of the moderators....

 

Thank you,

 

Kevin

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.