PC running slow + hard disk working non stop regardless of user activity [Archive]

View Full Version : PC running slow + hard disk working non stop regardless of user activity

heyehuda

2015-06-12, 15:35

Thanks a lot for your assistance!

Yehuda.
----------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015
Ran by NirH (administrator) on NIRH-PC on 12-06-2015 12:38:14
Running from C:\Users\NirH\Desktop
Loaded Profiles: NirH (Available Profiles: NirH)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: עברית (ישראל)‏
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Google Inc.) C:\Users\NirH\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\NirH\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\NirH\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11483752 2011-11-18] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2510784 2015-05-14] ()
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKU\S-1-5-21-3267004705-2935073521-300055254-1000\...\Run: [Google Update] => C:\Users\NirH\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-22] (Google Inc.)
HKU\S-1-5-21-3267004705-2935073521-300055254-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3267004705-2935073521-300055254-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3267004705-2935073521-300055254-1000\...\Run: [KSS] => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3267004705-2935073521-300055254-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={C4E482E0-FE87-4CE3-B3B6-AE9D76C6CC4D}&mid=dc8abdee227247d096c881ac0ffe86ff-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415tb&pr=fr&d=2014-04-18 22:03:43&v=18.5.0.909&pid=safeguard&sg=&sap=hp
HKU\S-1-5-21-3267004705-2935073521-300055254-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3267004705-2935073521-300055254-1000 -> DefaultScope {56CFC382-74D5-4e15-8500-0CC32584DD74} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-3267004705-2935073521-300055254-1000 -> {56CFC382-74D5-4e15-8500-0CC32584DD74} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-3267004705-2935073521-300055254-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={C4E482E0-FE87-4CE3-B3B6-AE9D76C6CC4D}&mid=dc8abdee227247d096c881ac0ffe86ff-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415tb&pr=fr&d=2014-04-18 22:03:43&v=18.4.0.889&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3267004705-2935073521-300055254-1000 -> {DEC9CEA8-0859-4c41-B97C-66C153CA3A69} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKU\S-1-5-21-3267004705-2935073521-300055254-1000 -> {E934D7F7-AAF2-43e6-BD3F-308FA802A7AE} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG SafeGuard toolbar\18.5.0.909\AVG SafeGuard toolbar_toolbar.dll [2015-05-14] (AVG Secure Search)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.5.0.909\AVG SafeGuard toolbar_toolbar.dll [2015-05-14] (AVG Secure Search)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-14] (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 80.179.52.100 80.179.55.100

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3267004705-2935073521-300055254-1000: @tools.google.com/Google Update;version=3 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-3267004705-2935073521-300055254-1000: @tools.google.com/Google Update;version=9 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\NirH\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Radio G) - C:\Users\NirH\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgbcbdejncdpahgapnmkjimfmlipdgdl [2014-08-29]
CHR Extension: (Skype Click to Call) - C:\Users\NirH\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06]
CHR Extension: (Google Wallet) - C:\Users\NirH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [kgbcbdejncdpahgapnmkjimfmlipdgdl] - C:\Users\NirH\AppData\Local\CRE\kgbcbdejncdpahgapnmkjimfmlipdgdl.crx [2013-03-27]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKU\S-1-5-21-3267004705-2935073521-300055254-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kgbcbdejncdpahgapnmkjimfmlipdgdl] - C:\Users\NirH\AppData\Local\CRE\kgbcbdejncdpahgapnmkjimfmlipdgdl.crx [2013-03-27]
StartMenuInternet: Google Chrome.UYUOKSC7EDNIDHGA2N3LT4J7CM - C:\Users\NirH\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-03-19] (Intel Corporation)
S3 fussvc; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [133632 2012-07-25] (Microsoft Corporation) [File not signed]
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1848168 2015-03-30] (LogMeIn Inc.)
S4 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2015-03-30] (LogMeIn, Inc.)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Te.Service; C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [94208 2012-07-25] (Microsoft Corporation) [File not signed]
R2 vToolbarUpdater18.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [1812416 2015-05-14] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
S3 etdrv; C:\Windows\etdrv.sys [17488 2013-05-25] (Windows (R) 2000 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [17488 2013-05-27] (Windows (R) 2000 DDK provider)
S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2013-05-26] ()
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2015-03-30] (LogMeIn, Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.)
S3 VSPerfDrv110; C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [55416 2012-07-13] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-12 12:38 - 2015-06-12 12:38 - 00015829 _____ C:\Users\NirH\Desktop\FRST.txt
2015-06-12 12:35 - 2015-06-12 12:36 - 00052249 _____ C:\Users\NirH\Downloads\Addition.txt
2015-06-12 12:34 - 2015-06-12 12:36 - 00041303 _____ C:\Users\NirH\Downloads\FRST.txt
2015-06-12 12:33 - 2015-06-12 12:38 - 00000000 ____D C:\FRST
2015-06-12 12:32 - 2015-06-12 12:32 - 01147904 _____ (Farbar) C:\Users\NirH\Desktop\FRST.exe
2015-06-12 12:18 - 2015-06-12 12:18 - 00000207 _____ C:\Windows\tweaking.com-regbackup-NIRH-PC-Windows-7-Ultimate-(32-bit).dat
2015-06-12 12:16 - 2015-06-12 12:16 - 00002181 _____ C:\Users\NirH\Desktop\Tweaking.com - Registry Backup.lnk
2015-06-12 12:16 - 2015-06-12 12:16 - 00000000 ____D C:\Users\NirH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-06-12 12:16 - 2015-06-12 12:16 - 00000000 ____D C:\RegBackup
2015-06-12 12:16 - 2015-06-12 12:16 - 00000000 ____D C:\Program Files\Tweaking.com
2015-06-12 12:14 - 2015-06-12 12:15 - 04720448 _____ C:\Users\NirH\Downloads\tweaking.com_registry_backup_setup.exe
2015-06-12 12:07 - 2015-06-12 12:07 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-06-12 11:44 - 2015-06-12 11:45 - 01988928 _____ (Kaspersky Lab) C:\Users\NirH\Downloads\kss15.0.0.737en_ru_de_fr_es_it_zh-hans_pl_tr_nl_cs_7691.exe
2015-06-12 11:11 - 2015-06-12 11:11 - 00000000 ____D C:\Users\NirH\AppData\Roaming\Tera_Awesomium
2015-06-10 16:25 - 2015-06-10 16:25 - 00000216 _____ C:\Users\NirH\Desktop\TERA.url
2015-06-10 09:38 - 2015-06-02 22:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 09:38 - 2015-05-27 17:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 09:38 - 2015-05-25 20:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 09:38 - 2015-05-23 06:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 09:38 - 2015-05-23 06:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 09:38 - 2015-05-23 06:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 09:38 - 2015-05-23 06:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 09:38 - 2015-05-23 06:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 09:38 - 2015-05-23 06:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 09:38 - 2015-05-23 06:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 09:38 - 2015-05-23 06:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 09:38 - 2015-05-23 06:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 09:38 - 2015-05-23 06:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 09:38 - 2015-05-23 06:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 09:38 - 2015-05-23 06:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 09:38 - 2015-05-23 06:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 09:38 - 2015-05-23 06:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 09:38 - 2015-05-23 06:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 09:38 - 2015-05-23 06:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 09:38 - 2015-05-23 05:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 09:38 - 2015-05-23 05:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 09:38 - 2015-05-23 05:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 09:38 - 2015-05-23 05:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 09:38 - 2015-05-23 05:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 09:38 - 2015-05-23 05:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 09:38 - 2015-05-23 05:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 09:38 - 2015-05-23 05:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 09:38 - 2015-05-23 05:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 09:38 - 2015-05-23 05:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 09:38 - 2015-05-23 05:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 09:38 - 2015-05-23 05:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 09:38 - 2015-05-23 05:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 09:38 - 2015-05-23 05:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 09:38 - 2015-05-22 21:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 09:38 - 2015-05-22 21:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 09:38 - 2015-05-22 21:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 09:38 - 2015-05-22 21:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 09:38 - 2015-05-22 21:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 09:38 - 2015-05-22 21:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 09:38 - 2015-05-22 20:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 09:38 - 2015-05-21 16:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 09:38 - 2015-04-11 06:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 09:37 - 2015-05-25 21:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-10 09:37 - 2015-05-25 21:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 09:37 - 2015-05-25 21:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 09:37 - 2015-05-25 21:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 09:37 - 2015-05-25 21:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 09:37 - 2015-05-25 21:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 09:37 - 2015-05-25 21:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 09:37 - 2015-05-25 21:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 09:37 - 2015-05-25 21:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 09:37 - 2015-05-25 21:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 09:37 - 2015-05-25 21:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 09:37 - 2015-05-25 21:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 09:37 - 2015-05-25 21:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 09:37 - 2015-05-25 21:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 09:37 - 2015-05-25 20:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 09:37 - 2015-05-25 20:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 09:37 - 2015-05-25 20:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 09:37 - 2015-05-25 20:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 09:37 - 2015-05-25 19:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 09:37 - 2015-04-29 21:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 09:37 - 2015-04-29 21:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 09:37 - 2015-04-29 21:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 09:37 - 2015-04-29 21:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 09:37 - 2015-04-29 21:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 09:36 - 2015-05-09 06:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 09:36 - 2015-05-09 06:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 09:36 - 2015-05-09 06:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 09:36 - 2015-05-09 06:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 09:36 - 2015-05-09 06:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 04:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 04:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:35 - 2015-04-24 20:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-08 16:02 - 2015-06-08 20:16 - 00817184 _____ C:\Users\NirH\Documents\מצגת לנאום- נעה.pptx
2015-06-07 20:56 - 2015-06-07 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-06-07 20:56 - 2015-06-07 20:56 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2015-06-07 20:52 - 2015-06-07 20:54 - 08552448 _____ C:\Users\NirH\Downloads\hamachi (1).msi
2015-06-05 19:42 - 2015-06-05 19:42 - 00007665 _____ C:\Users\NirH\AppData\Local\Resmon.ResmonCfg
2015-06-05 14:11 - 2015-03-30 15:25 - 00026176 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-06-05 13:58 - 2015-06-12 10:21 - 00000000 ____D C:\Users\NirH\AppData\Local\LogMeIn Hamachi
2015-06-05 13:58 - 2015-06-05 13:58 - 00000000 ____D C:\Users\NirH\AppData\Local\LogMeIn
2015-06-05 13:58 - 2015-06-05 13:58 - 00000000 ____D C:\ProgramData\LogMeIn
2015-06-05 13:51 - 2015-06-05 13:55 - 08552448 _____ C:\Users\NirH\Downloads\hamachi.msi
2015-06-05 11:42 - 2015-06-05 11:42 - 00288864 _____ C:\Users\NirH\Downloads\CP JAVA 114 05-2012-yehuda.dwg
2015-06-04 20:33 - 2015-06-04 20:33 - 00000214 _____ C:\Users\NirH\Desktop\Garry's Mod.url
2015-06-04 16:37 - 2015-06-04 16:37 - 00000000 ____D C:\Users\NirH\AppData\Local\Steam
2015-06-04 15:58 - 2015-06-04 15:58 - 00002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-04 15:31 - 2015-06-04 15:31 - 00000000 ____D C:\Users\NirH\AppData\Local\GWX
2015-06-02 16:28 - 2015-06-12 10:26 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-02 16:28 - 2015-06-02 16:28 - 00000000 ____D C:\Users\NirH\AppData\Local\TERA
2015-06-01 20:37 - 2015-06-01 20:56 - 00106296 _____ C:\Users\NirH\Downloads\קשרים לוגים.pptx
2015-05-16 10:23 - 2015-06-09 20:44 - 00000000 ____D C:\Users\NirH\Documents\נעה
2015-05-15 18:51 - 2015-05-15 18:51 - 00002248 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk
2015-05-15 18:51 - 2015-05-15 18:51 - 00001180 _____ C:\Users\Public\Desktop\רכישת חומרים מתכלים - HP Officejet 6500 E710n-z.lnk
2015-05-15 18:51 - 2015-05-15 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-05-15 18:51 - 2012-10-17 04:04 - 00580712 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5412.dll
2015-05-15 18:50 - 2015-05-15 18:50 - 00000057 _____ C:\ProgramData\Ament.ini
2015-05-15 18:50 - 2015-05-15 18:50 - 00000000 ____D C:\ProgramData\HP
2015-05-15 18:49 - 2015-05-15 18:58 - 00000000 ____D C:\Users\NirH\AppData\Local\HP
2015-05-15 18:42 - 2015-05-15 18:42 - 00000000 ____D C:\Users\NirH\AppData\Local\Hewlett-Packard
2015-05-15 18:20 - 2015-05-15 18:50 - 00000000 ____D C:\Program Files\Hp
2015-05-15 18:20 - 2015-05-15 18:20 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-05-15 18:18 - 2015-05-15 18:18 - 05197824 _____ C:\Users\NirH\Downloads\HPSupportSolutionsFramework-11.51.0049.msi
2015-05-13 23:14 - 2015-05-01 16:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 15:40 - 2015-01-29 06:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 15:39 - 2015-04-20 05:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 15:39 - 2015-04-20 05:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 15:39 - 2015-04-18 05:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 15:39 - 2015-04-13 06:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 15:38 - 2015-04-08 06:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 15:38 - 2015-04-08 06:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 15:38 - 2015-03-04 07:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 15:38 - 2015-03-04 07:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 15:38 - 2015-03-04 07:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 15:38 - 2015-03-04 07:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 15:38 - 2015-02-18 10:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-12 12:38 - 2009-07-14 07:34 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-12 12:38 - 2009-07-14 07:34 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-12 12:36 - 2012-10-19 21:00 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-12 12:29 - 2012-08-22 18:05 - 01432480 _____ C:\Windows\WindowsUpdate.log
2015-06-12 12:17 - 2012-08-22 18:40 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3267004705-2935073521-300055254-1000UA.job
2015-06-12 11:55 - 2015-02-05 22:12 - 00000000 ____D C:\ProgramData\Skype
2015-06-12 11:54 - 2015-02-05 22:12 - 00002693 _____ C:\Users\Public\Desktop\Skype.lnk
2015-06-12 11:54 - 2015-02-05 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-12 11:42 - 2015-02-05 22:12 - 00000000 ____D C:\Users\NirH\AppData\Roaming\Skype
2015-06-12 11:28 - 2012-08-22 18:39 - 00000000 ____D C:\ProgramData\MFAData
2015-06-12 10:32 - 2014-03-08 14:04 - 00000000 ____D C:\Program Files\Steam
2015-06-12 10:21 - 2012-10-19 21:00 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-12 10:19 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-12 10:19 - 2009-07-14 07:39 - 00092339 _____ C:\Windows\setupact.log
2015-06-11 13:55 - 2012-08-22 18:17 - 01248282 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-10 21:52 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\rescache
2015-06-10 16:25 - 2014-03-08 14:13 - 00000000 ____D C:\Users\NirH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-10 15:35 - 2009-07-14 07:33 - 00448096 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 15:33 - 2014-12-11 16:40 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 15:33 - 2014-05-02 03:17 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 15:33 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\he-IL
2015-06-10 15:32 - 2013-01-05 23:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 15:27 - 2013-07-31 00:22 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 15:27 - 2009-07-14 05:04 - 00000478 _____ C:\Windows\win.ini
2015-06-10 15:20 - 2012-08-22 19:22 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 15:17 - 2012-08-22 18:40 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3267004705-2935073521-300055254-1000Core.job
2015-06-10 08:22 - 2012-08-22 18:50 - 00002352 _____ C:\Users\NirH\Desktop\Google Chrome.lnk
2015-06-08 22:26 - 2013-01-01 22:22 - 00114688 ___SH C:\Users\NirH\Documents\Thumbs.db
2015-06-08 16:34 - 2013-05-25 21:02 - 00000000 ____D C:\Windows\system32\appmgmt
2015-06-06 10:35 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\NDF
2015-06-05 14:15 - 2014-03-08 14:04 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-06-05 13:46 - 2009-07-14 07:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-04 15:57 - 2012-10-19 21:00 - 00000000 ____D C:\Program Files\Google
2015-05-27 22:49 - 2015-02-05 22:12 - 00000000 ___RD C:\Program Files\Skype
2015-05-20 21:44 - 2015-04-05 03:02 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-16 10:19 - 2012-09-01 11:15 - 00073702 _____ C:\Windows\PFRO.log
2015-05-15 18:50 - 2009-07-14 07:52 - 00000000 ____D C:\Windows\twain_32
2015-05-15 18:43 - 2012-08-22 18:40 - 00125496 _____ C:\Users\NirH\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-15 03:02 - 2009-07-14 10:41 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-14 16:31 - 2014-04-18 22:02 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2015-05-14 07:42 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-05-14 07:09 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-14 07:08 - 2014-03-13 22:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-13 23:02 - 2014-03-13 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2015-06-05 19:42 - 2015-06-05 19:42 - 0007665 _____ () C:\Users\NirH\AppData\Local\Resmon.ResmonCfg
2015-05-15 18:50 - 2015-05-15 18:50 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\NirH\AppData\Local\Temp\2EA0.exe
C:\Users\NirH\AppData\Local\Temp\4E80.exe
C:\Users\NirH\AppData\Local\Temp\AA40.exe
C:\Users\NirH\AppData\Local\Temp\AutoRun.exe
C:\Users\NirH\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\NirH\AppData\Local\Temp\drm_dyndata_7320010.dll
C:\Users\NirH\AppData\Local\Temp\E0F4.exe
C:\Users\NirH\AppData\Local\Temp\eauninstall.exe
C:\Users\NirH\AppData\Local\Temp\EBU4711.EXE
C:\Users\NirH\AppData\Local\Temp\OutlookConnector.exe
C:\Users\NirH\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe
C:\Users\NirH\AppData\Local\Temp\SkypeSetup.exe
C:\Users\NirH\AppData\Local\Temp\VP6Install.exe
C:\Users\NirH\AppData\Local\Temp\VP6VFW.dll
C:\Users\NirH\AppData\Local\Temp\_is316B.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-03 15:14

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-06-2015
Ran by NirH at 2015-06-12 12:38:41
Running from C:\Users\NirH\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3267004705-2935073521-300055254-500 - Administrator - Disabled)
Guest (S-1-5-21-3267004705-2935073521-300055254-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3267004705-2935073521-300055254-1002 - Limited - Enabled)
NirH (S-1-5-21-3267004705-2935073521-300055254-1000 - Administrator - Enabled) => C:\Users\NirH

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.20 - GIGABYTE)
µTorrent (HKU\S-1-5-21-3267004705-2935073521-300055254-1000\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4311 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.5.0.909 - AVG Technologies)
BioShock (HKLM\...\Steam App 7670) (Version: - 2K Boston)
Blend for Visual Studio 2012 (Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM\...\Steam App 8980) (Version: - Gearbox Software)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dotfuscator and Analytics Community Edition (Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Easy Tune 6 B11.1206.1 (HKLM\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.1206.1 (Version: 1.00.0000 - GIGABYTE) Hidden
Entity Framework Designer for Visual Studio 2012 - enu (HKLM\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKU\S-1-5-21-3267004705-2935073521-300055254-1000\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
IIS 8.0 Express (HKLM\...\{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LocalESPC (Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (Version: 8.59.25584 - Microsoft) Hidden
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-040D-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3267004705-2935073521-300055254-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{D9DA2981-3298-4F1A-9192-F2CF5BD91145}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{79B49428-E9B0-4479-A0FA-3EFF8AFA9F07}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{CD920828-2B95-49A4-8BFD-1D34BCBF5A27}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Professional 2012 (HKLM\...\{17c2e197-cf26-443b-8beb-53151940df3f}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{1F4DF099-EA5C-482D-9901-C0A8B539B417}) (Version: 4.0.1622 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
ON_OFF Charge B11.1102.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
PreEmptive Analytics Visual Studio Components (Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
rayman2 (HKLM\...\rayman2) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6511 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
TERA (HKLM\...\Steam App 323370) (Version: - En Masse Entertainment)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update for (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Virtua Tennis 4™ (HKLM\...\GFWL_{53450FA2-E900-456E-9715-501000008200}) (Version: 1.0.0000.130 - SEGA)
Virtua Tennis 4™ (Version: 1.0.0000.130 - SEGA) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WCF Data Services 5.0 (for OData v3) Primary Components (Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
X-COM: Apocalypse (HKLM\...\Steam App 7660) (Version: - MicroProse Software, Inc)
X-COM: Enforcer (HKLM\...\Steam App 7770) (Version: - MicroProse Software, Inc)
X-COM: Interceptor (HKLM\...\Steam App 7730) (Version: - MicroProse Software, Inc)
X-COM: Terror from the Deep (HKLM\...\Steam App 7650) (Version: - MicroProse Software, Inc)
X-COM: UFO Defense (HKLM\...\Steam App 7760) (Version: - MicroProse Software, Inc)
YELEDPELE GAMES (HKLM\...\YELEDPELE GAMES) (Version: - )
גלריית התמונות (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
יש לי סוד אני קורא - מתחילים (HKLM\...\יש לי סוד אני קורא - מתחילים) (Version: 5.2 Tasswin:1.72.00 - )
ערכת שפה של Microsoft Visual Studio 2010 Tools for Office Runtime (x86)‎ - ‏HEB (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - HEB) (Version: 10.0.50903 - Microsoft Corporation)
תוכנת התקן בסיסי מסוג ‎HP Officejet 6500 E710n-z (HKLM\...\{ECF95597-4929-4C8C-A4F7-27AAF029AA81}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\NirH\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\NirH\AppData\Local\Google\Chrome\Application\43.0.2357.124\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\NirH\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\NirH\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\NirH\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\NirH\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\NirH\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\NirH\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\NirH\AppData\Local\Temp\4E80.exe ()
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\NirH\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

11-06-2015 21:33:29 נקודת ביקורת מתוזמנת

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:04 - 2009-06-11 00:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {055BB66D-1CF5-4DAE-9344-43A9F8F8F24C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-08] (Microsoft Corporation)
Task: {0A07D0CB-52D9-49C1-B6C8-46906A97F7D9} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.com/almost-done?pid=safeguard&lang=en
Task: {128084A6-9F2F-412C-AF15-DFD3AC86A24A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-19] (Google Inc.)
Task: {1496C285-22C6-41AC-8E8A-CB4C1BCFE9AA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {29B3697F-24FE-4793-9DFD-E691CB6A137B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2C4322C7-AF0B-4C54-BD95-75B0ADAC10B4} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {397090CF-889B-4C38-B048-D145EE5F45B7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {3DCE1FFF-DD39-426B-8ECC-F4F0CD3F61AD} - System32\Tasks\0615tbUpdateInfo => C:\ProgramData\Avg_Update_0615tb\0615tb_{361F641C-D5D1-4EED-83D5-E2ED00F4473C}.exe
Task: {47217321-744E-4B8F-B4EA-4DE40076FB06} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3267004705-2935073521-300055254-1000UA => C:\Users\NirH\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22] (Google Inc.)
Task: {4FF92966-11F8-4AA9-9490-A18F30FFE45E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-19] (Google Inc.)
Task: {53C30401-D9C7-4A5C-B6D8-0DE5DCC89317} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {6CD00337-7726-4D2C-9178-A07FE6648892} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {76221B1F-2541-45A9-B318-FAED288FAE3E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {798BB750-5B9B-4B0F-86B4-80BFB0D81025} - System32\Tasks\{EBF6F85A-3B93-4D50-82F7-E21B9F4DDE82} => pcalua.exe -a C:\Windows\UbiSoft\SetupUbi.exe -d C:\Windows\UbiSoft -c -play rayman2
Task: {8B2BF129-BB73-4AF6-A51E-3DFC729B654B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3267004705-2935073521-300055254-1000Core => C:\Users\NirH\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22] (Google Inc.)
Task: {A294BBAE-11C5-4600-B68A-18984E6BE8F2} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-18] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3267004705-2935073521-300055254-1000Core.job => C:\Users\NirH\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3267004705-2935073521-300055254-1000UA.job => C:\Users\NirH\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => C:\Users\NirH\AppData\Local\Google\Chrome\Application\chrome.exeF--new-window http:/toolbar.avg.com/
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-14 16:31 - 2015-05-14 16:30 - 00166848 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe
2015-05-14 16:31 - 2015-05-14 16:30 - 00526784 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\log4cplusU.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-22 18:18 - 2011-10-21 19:49 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-04-18 22:02 - 2015-05-12 07:14 - 01645504 _____ () C:\Program Files\AVG SafeGuard toolbar\TBAPI.dll
2014-04-18 22:02 - 2015-05-14 16:30 - 02510784 _____ () C:\Program Files\AVG SafeGuard toolbar\vprot.exe
2015-06-10 08:21 - 2015-06-05 21:22 - 01281864 _____ () C:\Users\NirH\AppData\Local\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-10 08:21 - 2015-06-05 21:22 - 00080712 _____ () C:\Users\NirH\AppData\Local\Google\Chrome\Application\43.0.2357.124\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3267004705-2935073521-300055254-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\NirH\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 80.179.52.100 - 80.179.55.100

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: SCBackService => 2
MSCONFIG\Services: WCUService_STC_FF => 2
MSCONFIG\Services: WCUService_STC_IE => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HP Officejet 6500 E710n-z (NET) => "C:\Program Files\Hp\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe" -deviceID "CN199346SF05JW:NW" -scfn "HP Officejet 6500 E710n-z (NET)" -AutoStart 1
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: ZyngaGamesAgent => "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F0F50C2D-1707-4048-9EC5-FB059919200E}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{C1AA0F51-9133-415B-9C66-EE76E94F3199}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{7B7DF4DA-AF6E-46C5-BDE1-DC8616863ECE}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{BC29322B-2192-40D2-AC5F-F59C36C23F2E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{63D83583-A7A1-4957-BFDD-27E80EFBE02D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E78A4091-A5E7-41E9-8344-FF917A82AEE4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D972589F-D517-4514-9B34-EC3576D12664}] => (Allow) C:\Users\NirH\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{DA060309-535A-4DB9-A239-DE52F3167A94}] => (Allow) C:\Program Files\Sega\Virtua Tennis 4\VT4.exe
FirewallRules: [{B23CA778-98D2-4294-8F04-ED5C1540683D}] => (Allow) C:\Program Files\Sega\Virtua Tennis 4\VT4.exe
FirewallRules: [{58E55DA7-E8ED-46D3-A0AB-B80AB1741693}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{85C95AF7-B720-4046-8412-1E2FDF860B76}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{7BE528E5-21AB-4E04-9A38-3D6EAA8932BF}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{9E970F29-E13E-4727-80EB-1404AA429D08}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{D89C3811-6E12-4462-8C51-EA0EA02A5C3F}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{26A92579-48D7-4548-817C-4F2AB4616341}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{F8F10C19-AB9C-4602-981C-955654D271B4}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{DB25EC5D-57A1-44CA-AAD9-FEFEB432EA50}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{B13A3A33-3E87-468C-BC4F-DB8D3C5161B7}] => (Allow) C:\Users\NirH\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AAC9214D-ED44-46F2-9385-AA525B9B5B6C}] => (Allow) C:\Users\NirH\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D9CCC96C-447B-49F1-B041-CEECC877DF8D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{826AD85D-4B37-4725-BE43-122931040EAD}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{CA5DF680-BACD-4019-B931-02B30741F27B}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{8720ABB6-1106-4AE0-BD3A-6F2C3F1D8AEF}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom Enforcer\System\XCom.exe
FirewallRules: [{002351D9-ABD1-4E7A-B31D-3727DE59B067}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom Enforcer\System\XCom.exe
FirewallRules: [{CDA702B3-1BD3-486D-9D8D-3091E5857173}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom UFO Defense\dosbox.exe
FirewallRules: [{C5827318-0404-490B-9301-CA95F8A441F5}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom UFO Defense\dosbox.exe
FirewallRules: [{EA3C1735-7008-4032-8C6B-0AF6D98C2FD2}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom UFO Defense\XCOM\UFO Defense_Patched.exe
FirewallRules: [{98F2DC2A-52F4-407D-93EB-E0EDF11125E0}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom UFO Defense\XCOM\UFO Defense_Patched.exe
FirewallRules: [{FCFA7CDB-582B-445F-9DB3-3E73425C3129}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom Interceptor\Interceptor.exe
FirewallRules: [{ADC1073C-8E0B-434A-B3AC-64B82B69D51A}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom Interceptor\Interceptor.exe
FirewallRules: [{1E011C30-255D-4FF5-AA10-665A1E2FA5AA}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom Apocalypse\dosbox.exe
FirewallRules: [{CD333890-9543-4928-8430-980030EAEF5F}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom Apocalypse\dosbox.exe
FirewallRules: [{BFB4E634-1131-4628-8DD1-894B3B2122BA}] => (Allow) C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{C5986590-B416-4217-A9BC-4D56187DACE4}] => (Allow) C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{CCAD8451-F87A-4791-9161-C15B2EE480A2}] => (Allow) C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe
FirewallRules: [{010D5600-3993-46C3-B091-DC34FF678936}] => (Allow) C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe
FirewallRules: [{536DF3E7-44ED-44CF-85CA-8780493243A1}] => (Allow) C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe
FirewallRules: [{B4892608-1C5A-4B0E-A631-CCF5534B7E65}] => (Allow) C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe
FirewallRules: [{040596B3-9424-4090-8645-C7F41418D807}] => (Allow) C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV\Civilization4.exe
FirewallRules: [{ACF03918-6A5A-4D7D-993E-D742882F12F2}] => (Allow) C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV\Civilization4.exe
FirewallRules: [{99430E3E-0853-49E2-B0D1-20AC8A3C0065}] => (Allow) C:\Program Files\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{A616EB7C-0E0C-4348-A4D1-89F96C887E03}] => (Allow) C:\Program Files\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{A8BA4CDF-8023-461B-A249-4C56DC1C29F2}] => (Allow) C:\Program Files\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe
FirewallRules: [{A8E726DC-A465-4F27-ABD4-E53552ED0442}] => (Allow) C:\Program Files\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe
FirewallRules: [{2D51D3A1-E56D-4EBD-ABFC-E45F4C28A442}] => (Allow) C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{32EB533A-D90D-4238-9578-837C2CC3A138}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A77FA96A-96B3-4030-8425-4D628B482621}] => (Allow) LPort=2869
FirewallRules: [{2C6FE1E1-22D7-46CA-AA0C-7DCA388AA1EE}] => (Allow) LPort=1900
FirewallRules: [{BCBF90CC-D61F-4F5A-8978-331E81A204B7}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{96F1206E-BB73-4651-9159-3196197AA9D8}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{9755FBF5-1365-4C38-8E47-7C2CC1B665E0}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{608FEE9E-C6F2-419E-B5AE-35C0EFA94FCC}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{21EFAFAC-C007-48DD-A7FE-6DF52FC57BC8}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{708FD5A5-B44C-43F1-BC82-044B8768D0DA}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{FE5AE5A0-20FB-46B4-B300-CDCF04A1908E}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{E221B3BA-8872-4D79-9655-9FDE307D64AA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{3F4B9421-1119-42B5-AC67-EE96E46475D3}C:\users\nirh\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Block) C:\users\nirh\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{D0E0B157-A491-4E55-8114-BBE16FCE32B5}C:\users\nirh\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Block) C:\users\nirh\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{3C79370B-737A-4867-9CBA-3B13634E6F20}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\FaxApplications.exe
FirewallRules: [{5A95FA5B-0D65-4337-816C-E86FCE141092}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\DigitalWizards.exe
FirewallRules: [{ACEC11BF-8E13-4614-B1B4-5B44541B9A93}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\SendAFax.exe
FirewallRules: [{E227D3C0-4CDB-4CB9-A503-4B046D12EFCC}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{C2F3EB44-5E58-469E-8358-619BE870AC20}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{337A4958-7D77-44D9-8348-2872BDDA2F6F}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E36181B6-43D4-4F69-85F3-7EEB6DA54ADE}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{F556AF25-4A7F-4A72-8D0B-62F469A6A2B3}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{5B7C6448-F332-4F0E-9EBD-55DBDC65324D}] => (Allow) C:\Program Files\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{01EC6080-45F6-43FE-BFAB-7C6935C78814}] => (Allow) C:\Program Files\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{206F68F2-78DA-4DCB-9909-4896EAF1A4C3}] => (Allow) C:\Program Files\Steam\SteamApps\common\TERA\TERA-Launcher.exe
FirewallRules: [{5AFD65F8-0EFC-4365-8BF2-3759A5F788BF}] => (Allow) C:\Program Files\Steam\SteamApps\common\TERA\TERA-Launcher.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/12/2015 00:19:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3267004705-2935073521-300055254-1000.bak). hr = 0x80070539, ‏‏המבנה של מזהה האבטחה אינו חוקי.
.

פעולה:
אירוע OnIdentify
אוסף נתוני כותב

הקשר:
הקשר ביצוע: Shadow Copy Optimization Writer
מזהה מחלקה של כותב: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
שם כותב: Shadow Copy Optimization Writer
מזהה מופע של כותב: {8db3dabd-56c2-4676-903e-e504eea490fc}

Error: (06/12/2015 00:17:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3267004705-2935073521-300055254-1000.bak). hr = 0x80070539, ‏‏המבנה של מזהה האבטחה אינו חוקי.
.

פעולה:
אירוע OnIdentify
אוסף נתוני כותב

הקשר:
הקשר ביצוע: Shadow Copy Optimization Writer
מזהה מחלקה של כותב: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
שם כותב: Shadow Copy Optimization Writer
מזהה מופע של כותב: {8db3dabd-56c2-4676-903e-e504eea490fc}

Error: (06/12/2015 11:25:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ‏‏התוכנית Steam.exe בגירסה 2.81.34.6 הפסיקה לקיים אינטראקציה עם Windows ונסגרה. כדי לגלות אם יש מידע זמין נוסף אודות הבעיה, בדוק את היסטוריית הבעיה בלוח הבקרה של מרכז הפעולות.

מזהה תהליך: 1708

זמן התחלה: 01d0a4e0bd913d6e

זמן סיום: 1165

נתיב יישום: C:\Program Files\Steam\Steam.exe

מזהה דוח:

Error: (06/12/2015 11:25:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ‏‏התוכנית TERA-Launcher.exe בגירסה 3.5.3.2 הפסיקה לקיים אינטראקציה עם Windows ונסגרה. כדי לגלות אם יש מידע זמין נוסף אודות הבעיה, בדוק את היסטוריית הבעיה בלוח הבקרה של מרכז הפעולות.

מזהה תהליך: 77c

זמן התחלה: 01d0a4e2d0e8a522

זמן סיום: 85

נתיב יישום: C:\Program Files\Steam\steamapps\common\TERA\TERA-Launcher.exe

מזהה דוח:

Error: (06/12/2015 11:24:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ‏‏התוכנית TERA.exe בגירסה 2.0.1.1 הפסיקה לקיים אינטראקציה עם Windows ונסגרה. כדי לגלות אם יש מידע זמין נוסף אודות הבעיה, בדוק את היסטוריית הבעיה בלוח הבקרה של מרכז הפעולות.

מזהה תהליך: c1c

זמן התחלה: 01d0a4e594ffd8cf

זמן סיום: 3788

נתיב יישום: C:\Program Files\Steam\steamapps\common\TERA\Client\Binaries\TERA.exe

מזהה דוח:

Error: (06/12/2015 09:25:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ‏‏יישום שחלות בו תקלות: TERA-Launcher.exe, גירסה: 3.5.3.2, חותמת זמן: 0x5236e244
שם מודול שחלות בו תקלות: TERA-Launcher.exe, גירסה: 3.5.3.2, חותמת זמן: 0x5236e244
קוד חריגה: 0xc0000005
היסט תקלה: 0x0002066f
מזהה תהליך שחלות בו תקלות: 0xa1c
שעת ההפעלה של היישום שחלות בו תקלות: 0xTERA-Launcher.exe0
נתיב היישום שחלות בו תקלות: TERA-Launcher.exe1
נתיב המודול שחלות בו תקלות: TERA-Launcher.exe2
מזהה דוח: TERA-Launcher.exe3

Error: (06/11/2015 09:55:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ‏‏יישום שחלות בו תקלות: fm.exe, גירסה: 15.1.3.0, חותמת זמן: 0x545f6b97
שם מודול שחלות בו תקלות: libcef.dll, גירסה: 3.1916.1749.0, חותמת זמן: 0x53ac3ad7
קוד חריגה: 0x80000003
היסט תקלה: 0x0011e7e0
מזהה תהליך שחלות בו תקלות: 0x5bc
שעת ההפעלה של היישום שחלות בו תקלות: 0xfm.exe0
נתיב היישום שחלות בו תקלות: fm.exe1
נתיב המודול שחלות בו תקלות: fm.exe2
מזהה דוח: fm.exe3

Error: (06/11/2015 09:55:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ‏‏יישום שחלות בו תקלות: fm.exe, גירסה: 15.1.3.0, חותמת זמן: 0x545f6b97
שם מודול שחלות בו תקלות: libcef.dll, גירסה: 3.1916.1749.0, חותמת זמן: 0x53ac3ad7
קוד חריגה: 0x80000003
היסט תקלה: 0x0011e7e0
מזהה תהליך שחלות בו תקלות: 0x4bc
שעת ההפעלה של היישום שחלות בו תקלות: 0xfm.exe0
נתיב היישום שחלות בו תקלות: fm.exe1
נתיב המודול שחלות בו תקלות: fm.exe2
מזהה דוח: fm.exe3

Error: (06/11/2015 09:33:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3267004705-2935073521-300055254-1000.bak). hr = 0x80070539, ‏‏המבנה של מזהה האבטחה אינו חוקי.
.

פעולה:
אירוע OnIdentify
אוסף נתוני כותב

הקשר:
הקשר ביצוע: Shadow Copy Optimization Writer
מזהה מחלקה של כותב: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
שם כותב: Shadow Copy Optimization Writer
מזהה מופע של כותב: {bee714bc-2dc6-4d2e-8c9b-08bad14afff0}

Error: (06/11/2015 08:13:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ‏‏יישום שחלות בו תקלות: fm.exe, גירסה: 15.1.3.0, חותמת זמן: 0x545f6b97
שם מודול שחלות בו תקלות: fm.exe, גירסה: 15.1.3.0, חותמת זמן: 0x545f6b97
קוד חריגה: 0xc0000005
היסט תקלה: 0x00e86606
מזהה תהליך שחלות בו תקלות: 0x1654
שעת ההפעלה של היישום שחלות בו תקלות: 0xfm.exe0
נתיב היישום שחלות בו תקלות: fm.exe1
נתיב המודול שחלות בו תקלות: fm.exe2
מזהה דוח: fm.exe3

System errors:
=============
Error: (06/12/2015 09:57:26 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (06/12/2015 08:34:26 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (06/11/2015 10:24:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (06/11/2015 05:58:27 PM) (Source: volsnap) (EventID: 36) (User: )
Description: ‏‏עותקי הצל של אמצעי האחסון C: בוטלו מאחר שהגדלת מקום האחסון של עותקי הצל לא הצליחה עקב מגבלה שנאכפה על-ידי המשתמש.

Error: (06/11/2015 03:11:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 15:11:01 on ‎11/‎06/‎2015 was unexpected.

Error: (06/11/2015 08:10:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (06/11/2015 08:10:43 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (06/11/2015 06:59:17 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לתגובת טרנזקציה משירות defragsvc.

Error: (06/10/2015 10:52:02 PM) (Source: volsnap) (EventID: 36) (User: )
Description: ‏‏עותקי הצל של אמצעי האחסון C: בוטלו מאחר שהגדלת מקום האחסון של עותקי הצל לא הצליחה עקב מגבלה שנאכפה על-ידי המשתמש.

Error: (06/10/2015 03:07:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 15:06:16 on ‎10/‎06/‎2015 was unexpected.

Microsoft Office:
=========================
Error: (06/12/2015 00:19:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-3267004705-2935073521-300055254-1000.bak)0x80070539, ‏‏המבנה של מזהה האבטחה אינו חוקי.

פעולה:
אירוע OnIdentify
אוסף נתוני כותב

הקשר:
הקשר ביצוע: Shadow Copy Optimization Writer
מזהה מחלקה של כותב: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
שם כותב: Shadow Copy Optimization Writer
מזהה מופע של כותב: {8db3dabd-56c2-4676-903e-e504eea490fc}

Error: (06/12/2015 00:17:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-3267004705-2935073521-300055254-1000.bak)0x80070539, ‏‏המבנה של מזהה האבטחה אינו חוקי.

פעולה:
אירוע OnIdentify
אוסף נתוני כותב

הקשר:
הקשר ביצוע: Shadow Copy Optimization Writer
מזהה מחלקה של כותב: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
שם כותב: Shadow Copy Optimization Writer
מזהה מופע של כותב: {8db3dabd-56c2-4676-903e-e504eea490fc}

Error: (06/12/2015 11:25:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Steam.exe2.81.34.6170801d0a4e0bd913d6e1165C:\Program Files\Steam\Steam.exe

Error: (06/12/2015 11:25:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TERA-Launcher.exe3.5.3.277c01d0a4e2d0e8a52285C:\Program Files\Steam\steamapps\common\TERA\TERA-Launcher.exe

Error: (06/12/2015 11:24:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TERA.exe2.0.1.1c1c01d0a4e594ffd8cf3788C:\Program Files\Steam\steamapps\common\TERA\Client\Binaries\TERA.exe

Error: (06/12/2015 09:25:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TERA-Launcher.exe3.5.3.25236e244TERA-Launcher.exe3.5.3.25236e244c00000050002066fa1c01d0a4d89009946fC:\Program Files\Steam\steamapps\common\TERA\TERA-Launcher.exeC:\Program Files\Steam\steamapps\common\TERA\TERA-Launcher.exee14a382c-10cb-11e5-8bb0-50e5491a6f0c

Error: (06/11/2015 09:55:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fm.exe15.1.3.0545f6b97libcef.dll3.1916.1749.053ac3ad7800000030011e7e05bc01d0a47838b1de0fC:\Users\NirH\Downloads\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exeC:\Users\NirH\Downloads\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\libcef.dll79563fe8-106b-11e5-805d-50e5491a6f0c

Error: (06/11/2015 09:55:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fm.exe15.1.3.0545f6b97libcef.dll3.1916.1749.053ac3ad7800000030011e7e04bc01d0a4782c11b7ecC:\Users\NirH\Downloads\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exeC:\Users\NirH\Downloads\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\libcef.dll7327d29d-106b-11e5-805d-50e5491a6f0c

Error: (06/11/2015 09:33:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-3267004705-2935073521-300055254-1000.bak)0x80070539, ‏‏המבנה של מזהה האבטחה אינו חוקי.

פעולה:
אירוע OnIdentify
אוסף נתוני כותב

הקשר:
הקשר ביצוע: Shadow Copy Optimization Writer
מזהה מחלקה של כותב: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
שם כותב: Shadow Copy Optimization Writer
מזהה מופע של כותב: {bee714bc-2dc6-4d2e-8c9b-08bad14afff0}

Error: (06/11/2015 08:13:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fm.exe15.1.3.0545f6b97fm.exe15.1.3.0545f6b97c000000500e86606165401d0a44efb0f32d4C:\Users\NirH\Downloads\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exeC:\Users\NirH\Downloads\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exe25e2d327-105d-11e5-805d-50e5491a6f0c

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G850 @ 2.90GHz
Percentage of memory in use: 58%
Total physical RAM: 1935.72 MB
Available physical RAM: 812.64 MB
Total Pagefile: 4265.45 MB
Available Pagefile: 2672.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:317.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0FCE0FCD)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of log ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-06-12 15:21:46
-----------------------------
15:21:46.784 OS Version: Windows 6.1.7601 Service Pack 1
15:21:46.784 Number of processors: 2 586 0x2A07
15:21:46.786 ComputerName: NIRH-PC UserName: NirH
15:21:47.562 Initialize success
15:21:47.565 VM: initialized successfully
15:21:47.566 VM: Intel CPU supported virtualizedSuspended
15:21:55.358 VM: disk I/O atapi.sys
15:29:47.625 AVAST engine defs: 15061200
15:30:50.247 The log file has been saved successfully to "C:\Users\NirH\Desktop\aswMBR.txt

Juliet

2015-06-14, 14:34

Please download Malwarebytes Anti-Malware (http://downloads.malwarebytes.org/file/mbam) and save it to your desktop.

Double-click on the setup file (mbam-setup.exe), then click on Run to install.
Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
Click on Update Now to download the current database definitions, then click the Scan Now >> button.
If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
You will be prompted to update Malwarebytes...click on the Update Now button.
The THREAT SCAN will automatically begin.
When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
After rebooting the computer, copy and paste the mbam.log in your next reply.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

Open Malwarebytes Anti-Malware.
Click the History Tab at the top and select Application Logs.
Select (check) the box next to Scan Log. Choose the most current scan.
Click the View button.
Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

~~~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

**
please post
Malwarebytes Anti-Malware
C:\AdwCleaner.txt
JRT.txt

heyehuda

2015-06-16, 19:26

Hi and thanks for the reply,

Please see below logs requested.
------------------------------------------

# AdwCleaner v4.206 - Logfile created 15/06/2015 at 21:30:12
# Updated 01/06/2015 by Xplode
# Database : 2015-06-14.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : NirH - NIRH-PC
# Running from : C:\Users\NirH\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater18.5.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Avg_Update_0215tb
Folder Deleted : C:\ProgramData\Avg_Update_0814tb
Folder Deleted : C:\ProgramData\Avg_Update_1114tb
Folder Deleted : C:\ProgramData\Avg_Update_1214tb
Folder Deleted : C:\ProgramData\{20daa1f7-95d9-387e-20da-aa1f795d87de}
Folder Deleted : C:\ProgramData\{2fb49b13-1bdf-9176-2fb4-49b131bd6c4c}
Folder Deleted : C:\ProgramData\{34a662a7-9677-af26-34a6-662a79678a9e}
Folder Deleted : C:\ProgramData\{35640e94-cf8c-3d9f-3564-40e94cf83a53}
Folder Deleted : C:\ProgramData\{46acb4bc-1eb6-2ffc-46ac-cb4bc1ebd2f0}
Folder Deleted : C:\ProgramData\{969a4def-5afe-cdb7-969a-a4def5af37bd}
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\AVG Security Toolbar
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\NirH\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\NirH\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\NirH\AppData\LocalLow\Conduit
File Deleted : C:\END
File Deleted : C:\Users\NirH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\NirH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : 0615tbUpdateInfo

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [6264 bytes] - [15/06/2015 21:25:46]
AdwCleaner[S0].txt - [6343 bytes] - [15/06/2015 21:30:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6402 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.7 (06.15.2015:1)
OS: Windows 7 Ultimate x86
Ran by NirH on Mon 06/15/2015 at 21:50:22.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3267004705-2935073521-300055254-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

~~~ Files

Successfully deleted: [File] C:\Users\NirH\appdata\local\google\chrome\user data\default\local storage\hxxps_static.olark.com_0.localstorage
Successfully deleted: [File] C:\Users\NirH\appdata\local\google\chrome\user data\default\local storage\hxxps_static.olark.com_0.localstorage-journal

~~~ Folders

~~~ Chrome

[C:\Users\NirH\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\NirH\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\NirH\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\NirH\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/15/2015 at 21:52:31.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

heyehuda

2015-06-16, 19:29

Hi,

Unfortunately Malwarebytes was installed with Hebrew language and the report includes quite few Hebrew works. I tried to upload it several times but got an empty white page in response. Anything I can do to overcome the problem?

Thanks again for the assistance!

Yehuda.

Juliet

2015-06-16, 20:33

May have to skip that for now.
When you downloaded, did you select English version?

How is your computer now?

~~~~~~~~~~~~~~~~~~~~~~

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please run a free online scan with the ESET Online Scanner

US Link: http://www.eset.com/us/online-scanner/
EU Link: http://www.eset.eu/online-scanner/

Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.

Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Under "Current Scan Targets" > click "change" and ensure all your drives are selected
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Attach the log as a reply to your next reply..
Close the ESET online scan, and let me know how things are now.

heyehuda

2015-06-19, 12:49

Hi,

PC seems to be less chewing the HD coninuously but still slow and lots of HD activity with no user activity...

Please see below the ESET log

Thahkns!

Yehuda.

C:\$Recycle.Bin\S-1-5-21-3267004705-2935073521-300055254-1000\$R1KRW7D.rar Win32/HackTool.Crack.CX potentially unsafe application
C:\$Recycle.Bin\S-1-5-21-3267004705-2935073521-300055254-1000\$RU87JAS.exe a variant of Win32/Packed.VMProtect.AAA trojan
C:\Users\NirH\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 Win32/AdWare.1ClickDownload.AT application
C:\Users\NirH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMPY3TT1\checktbexist[1].exe Win32/Toolbar.Conduit.AO potentially unwanted application
C:\Users\NirH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJVRBKQC\Radio_G[1].exe Win32/Conduit.SearchProtect.J potentially unwanted application
C:\Users\NirH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5XXICV0\statisticsstub[1].exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\NirH\AppData\Local\Temp\nsw7F9D.tmp\MainOffer.exe Win32/Toolbar.Conduit.S potentially unwanted application
C:\Users\NirH\AppData\Local\Temp\nsw7F9D.tmp\ProxyInstaller.exe Win32/Toolbar.Conduit.M potentially unwanted application
C:\Users\NirH\AppData\Local\Temp\nsw7F9D.tmp\webapphost.dll a variant of Win32/Toolbar.Conduit.C potentially unwanted application
C:\Users\NirH\Downloads\eTypeSetupF (1).exe a variant of Win32/InstallCore.AG potentially unwanted application
C:\Users\NirH\Downloads\eTypeSetupF.exe a variant of Win32/InstallCore.AG potentially unwanted application
C:\Users\NirH\Downloads\Football.Manager.2014-RELOADED\rld-sfm14.iso a variant of Win32/HackTool.Crack.CS potentially unsafe application
C:\Users\NirH\Downloads\Football.Manager.2014-RELOADED\Crack\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application

Dakeyras

2015-06-19, 23:39

Hi. :)

I will assisting you for the time being as Juliet is currently unavailable. We will deal with the results of the Eset online scan in due course, in the mean time could you please post a new set of Farbar Recovery Scan Tool (FRST) logs for my review.

We will then go from there, thank you.

heyehuda

2015-06-22, 21:50

Hi and thanks a lot for jumping in to assist.

Please see below FRST logs.

Yehuda.

-------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2015 01
Ran by NirH (administrator) on NIRH-PC on 22-06-2015 21:44:36
Running from C:\Users\NirH\Desktop
Loaded Profiles: NirH (Available Profiles: NirH)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: עברית (ישראל)‏
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\NirH\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\NirH\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\NirH\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11483752 2011-11-18] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKU\S-1-5-21-3267004705-2935073521-300055254-1000\...\Run: [Google Update] => C:\Users\NirH\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-22] (Google Inc.)
HKU\S-1-5-21-3267004705-2935073521-300055254-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3267004705-2935073521-300055254-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3267004705-2935073521-300055254-1000\...\Run: [KSS] => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3267004705-2935073521-300055254-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3267004705-2935073521-300055254-1000 -> {DEC9CEA8-0859-4c41-B97C-66C153CA3A69} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKU\S-1-5-21-3267004705-2935073521-300055254-1000 -> {E934D7F7-AAF2-43e6-BD3F-308FA802A7AE} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 80.179.52.100 80.179.55.100

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3267004705-2935073521-300055254-1000: @tools.google.com/Google Update;version=3 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-3267004705-2935073521-300055254-1000: @tools.google.com/Google Update;version=9 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\NirH\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\NirH\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06]
CHR Extension: (Google Wallet) - C:\Users\NirH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
StartMenuInternet: Google Chrome.UYUOKSC7EDNIDHGA2N3LT4J7CM - C:\Users\NirH\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-03-19] (Intel Corporation)
S3 fussvc; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [133632 2012-07-25] (Microsoft Corporation) [File not signed]
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1848168 2015-03-30] (LogMeIn Inc.)
S4 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2015-03-30] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Te.Service; C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [94208 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
S3 eapihdrv; C:\Users\NirH\AppData\Local\Temp\ehdrv.sys [135760 2015-06-18] (ESET)
S3 etdrv; C:\Windows\etdrv.sys [17488 2013-05-25] (Windows (R) 2000 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [17488 2013-05-27] (Windows (R) 2000 DDK provider)
S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2013-05-26] ()
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2015-03-30] (LogMeIn, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.)
S3 VSPerfDrv110; C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [55416 2012-07-13] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 21:43 - 2015-06-22 21:43 - 00000000 ____D C:\Users\NirH\Desktop\FRST-OlderVersion
2015-06-18 21:29 - 2015-06-18 21:29 - 00000000 ____D C:\Program Files\ESET
2015-06-18 21:25 - 2015-06-18 21:25 - 02870984 _____ (ESET) C:\Users\NirH\Desktop\esetsmartinstaller_enu.exe
2015-06-15 21:52 - 2015-06-15 21:52 - 00002225 _____ C:\Users\NirH\Desktop\JRT.txt
2015-06-15 21:37 - 2015-06-15 21:37 - 02945429 _____ (Thisisu) C:\Users\NirH\Desktop\JRT.exe
2015-06-15 21:34 - 2015-06-15 21:34 - 00006482 _____ C:\Users\NirH\Desktop\AdwCleaner[S0].txt
2015-06-15 21:25 - 2015-06-15 21:30 - 00000000 ____D C:\AdwCleaner
2015-06-15 21:23 - 2015-06-15 21:23 - 02231296 _____ C:\Users\NirH\Desktop\AdwCleaner.exe
2015-06-15 20:40 - 2015-06-22 21:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-15 20:38 - 2015-06-15 21:06 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-15 20:38 - 2015-06-15 20:38 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-15 20:38 - 2015-06-15 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-15 20:38 - 2015-06-15 20:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-15 20:38 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-15 20:38 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-15 20:38 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-15 20:35 - 2015-06-15 20:37 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\NirH\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-12 15:13 - 2015-06-12 15:30 - 00001135 _____ C:\Users\NirH\Desktop\aswMBR.txt
2015-06-12 12:43 - 2015-06-12 12:44 - 05198336 _____ (AVAST Software) C:\Users\NirH\Desktop\aswMBR.exe
2015-06-12 12:38 - 2015-06-22 21:45 - 00014177 _____ C:\Users\NirH\Desktop\FRST.txt
2015-06-12 12:38 - 2015-06-12 12:39 - 00052246 _____ C:\Users\NirH\Desktop\Addition.txt
2015-06-12 12:33 - 2015-06-22 21:44 - 00000000 ____D C:\FRST
2015-06-12 12:32 - 2015-06-22 21:43 - 01148928 _____ (Farbar) C:\Users\NirH\Desktop\FRST.exe
2015-06-12 12:18 - 2015-06-12 12:18 - 00000207 _____ C:\Windows\tweaking.com-regbackup-NIRH-PC-Windows-7-Ultimate-(32-bit).dat
2015-06-12 12:16 - 2015-06-12 12:16 - 00002181 _____ C:\Users\NirH\Desktop\Tweaking.com - Registry Backup.lnk
2015-06-12 12:16 - 2015-06-12 12:16 - 00000000 ____D C:\Users\NirH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-06-12 12:16 - 2015-06-12 12:16 - 00000000 ____D C:\RegBackup
2015-06-12 12:16 - 2015-06-12 12:16 - 00000000 ____D C:\Program Files\Tweaking.com
2015-06-12 12:14 - 2015-06-12 12:15 - 04720448 _____ C:\Users\NirH\Downloads\tweaking.com_registry_backup_setup.exe
2015-06-12 12:07 - 2015-06-12 12:07 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-06-12 11:44 - 2015-06-12 11:45 - 01988928 _____ (Kaspersky Lab) C:\Users\NirH\Downloads\kss15.0.0.737en_ru_de_fr_es_it_zh-hans_pl_tr_nl_cs_7691.exe
2015-06-12 11:11 - 2015-06-12 11:11 - 00000000 ____D C:\Users\NirH\AppData\Roaming\Tera_Awesomium
2015-06-10 16:25 - 2015-06-10 16:25 - 00000216 _____ C:\Users\NirH\Desktop\TERA.url
2015-06-10 09:38 - 2015-06-02 22:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 09:38 - 2015-05-27 17:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 09:38 - 2015-05-25 20:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 09:38 - 2015-05-23 06:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 09:38 - 2015-05-23 06:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 09:38 - 2015-05-23 06:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 09:38 - 2015-05-23 06:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 09:38 - 2015-05-23 06:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 09:38 - 2015-05-23 06:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 09:38 - 2015-05-23 06:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 09:38 - 2015-05-23 06:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 09:38 - 2015-05-23 06:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 09:38 - 2015-05-23 06:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 09:38 - 2015-05-23 06:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 09:38 - 2015-05-23 06:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 09:38 - 2015-05-23 06:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 09:38 - 2015-05-23 06:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 09:38 - 2015-05-23 06:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 09:38 - 2015-05-23 06:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 09:38 - 2015-05-23 05:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 09:38 - 2015-05-23 05:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 09:38 - 2015-05-23 05:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 09:38 - 2015-05-23 05:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 09:38 - 2015-05-23 05:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 09:38 - 2015-05-23 05:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 09:38 - 2015-05-23 05:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 09:38 - 2015-05-23 05:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 09:38 - 2015-05-23 05:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 09:38 - 2015-05-23 05:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 09:38 - 2015-05-23 05:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 09:38 - 2015-05-23 05:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 09:38 - 2015-05-23 05:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 09:38 - 2015-05-23 05:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 09:38 - 2015-05-22 21:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 09:38 - 2015-05-22 21:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 09:38 - 2015-05-22 21:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 09:38 - 2015-05-22 21:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 09:38 - 2015-05-22 21:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 09:38 - 2015-05-22 21:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 09:38 - 2015-05-22 20:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 09:38 - 2015-05-21 16:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 09:38 - 2015-04-11 06:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 09:37 - 2015-05-25 21:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-10 09:37 - 2015-05-25 21:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 09:37 - 2015-05-25 21:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 09:37 - 2015-05-25 21:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 09:37 - 2015-05-25 21:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 09:37 - 2015-05-25 21:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 09:37 - 2015-05-25 21:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 09:37 - 2015-05-25 21:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 09:37 - 2015-05-25 21:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 09:37 - 2015-05-25 21:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 09:37 - 2015-05-25 21:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 09:37 - 2015-05-25 21:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 09:37 - 2015-05-25 21:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 09:37 - 2015-05-25 21:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 09:37 - 2015-05-25 21:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 09:37 - 2015-05-25 20:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 09:37 - 2015-05-25 20:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 09:37 - 2015-05-25 20:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 09:37 - 2015-05-25 20:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 09:37 - 2015-05-25 19:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 09:37 - 2015-04-29 21:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 09:37 - 2015-04-29 21:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 09:37 - 2015-04-29 21:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 09:37 - 2015-04-29 21:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 09:37 - 2015-04-29 21:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 09:36 - 2015-05-09 06:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 09:36 - 2015-05-09 06:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 09:36 - 2015-05-09 06:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 09:36 - 2015-05-09 06:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 09:36 - 2015-05-09 06:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 04:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 04:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:36 - 2015-05-09 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:35 - 2015-04-24 20:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-08 16:02 - 2015-06-08 20:16 - 00817184 _____ C:\Users\NirH\Documents\מצגת לנאום- נעה.pptx
2015-06-07 20:56 - 2015-06-07 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-06-07 20:56 - 2015-06-07 20:56 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2015-06-07 20:52 - 2015-06-07 20:54 - 08552448 _____ C:\Users\NirH\Downloads\hamachi (1).msi
2015-06-05 19:42 - 2015-06-05 19:42 - 00007665 _____ C:\Users\NirH\AppData\Local\Resmon.ResmonCfg
2015-06-05 14:11 - 2015-03-30 15:25 - 00026176 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-06-05 13:58 - 2015-06-22 13:31 - 00000000 ____D C:\Users\NirH\AppData\Local\LogMeIn Hamachi
2015-06-05 13:58 - 2015-06-05 13:58 - 00000000 ____D C:\Users\NirH\AppData\Local\LogMeIn
2015-06-05 13:58 - 2015-06-05 13:58 - 00000000 ____D C:\ProgramData\LogMeIn
2015-06-05 13:51 - 2015-06-05 13:55 - 08552448 _____ C:\Users\NirH\Downloads\hamachi.msi
2015-06-05 11:42 - 2015-06-05 11:42 - 00288864 _____ C:\Users\NirH\Downloads\CP JAVA 114 05-2012-yehuda.dwg
2015-06-04 20:33 - 2015-06-04 20:33 - 00000214 _____ C:\Users\NirH\Desktop\Garry's Mod.url
2015-06-04 16:37 - 2015-06-04 16:37 - 00000000 ____D C:\Users\NirH\AppData\Local\Steam
2015-06-04 15:58 - 2015-06-04 15:58 - 00002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-04 15:31 - 2015-06-04 15:31 - 00000000 ____D C:\Users\NirH\AppData\Local\GWX
2015-06-02 16:28 - 2015-06-12 10:26 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-02 16:28 - 2015-06-02 16:28 - 00000000 ____D C:\Users\NirH\AppData\Local\TERA
2015-06-01 20:37 - 2015-06-01 20:56 - 00106296 _____ C:\Users\NirH\Downloads\קשרים לוגים.pptx
2015-05-16 10:23 - 2015-06-14 16:35 - 00000000 ____D C:\Users\NirH\Documents\נעה
2015-05-15 18:51 - 2015-05-15 18:51 - 00002248 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk
2015-05-15 18:51 - 2015-05-15 18:51 - 00001180 _____ C:\Users\Public\Desktop\רכישת חומרים מתכלים - HP Officejet 6500 E710n-z.lnk
2015-05-15 18:51 - 2015-05-15 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-05-15 18:51 - 2012-10-17 04:04 - 00580712 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5412.dll
2015-05-15 18:50 - 2015-05-15 18:50 - 00000057 _____ C:\ProgramData\Ament.ini
2015-05-15 18:50 - 2015-05-15 18:50 - 00000000 ____D C:\ProgramData\HP
2015-05-15 18:49 - 2015-05-15 18:58 - 00000000 ____D C:\Users\NirH\AppData\Local\HP
2015-05-15 18:42 - 2015-05-15 18:42 - 00000000 ____D C:\Users\NirH\AppData\Local\Hewlett-Packard
2015-05-15 18:20 - 2015-05-15 18:50 - 00000000 ____D C:\Program Files\Hp
2015-05-15 18:20 - 2015-05-15 18:20 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-05-15 18:18 - 2015-05-15 18:18 - 05197824 _____ C:\Users\NirH\Downloads\HPSupportSolutionsFramework-11.51.0049.msi
2015-05-13 23:14 - 2015-05-01 16:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 15:40 - 2015-01-29 06:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 15:39 - 2015-04-20 05:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 15:39 - 2015-04-20 05:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 15:39 - 2015-04-18 05:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 15:39 - 2015-04-13 06:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 15:38 - 2015-04-08 06:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 15:38 - 2015-04-08 06:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 15:38 - 2015-03-04 07:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 15:38 - 2015-03-04 07:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 15:38 - 2015-03-04 07:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 15:38 - 2015-03-04 07:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 15:38 - 2015-02-18 10:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-11 07:45 - 2015-05-11 07:45 - 00703341 _____ C:\Users\NirH\Downloads\FW%3a_פריסות_חדרי_רחצה.zip
2015-05-11 07:42 - 2015-05-11 07:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-11 07:42 - 2015-05-11 07:42 - 00002017 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-05-11 07:42 - 2015-05-11 07:42 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-05-11 07:42 - 2015-05-11 07:42 - 00000000 ____D C:\Program Files\Adobe
2015-05-11 07:41 - 2015-05-11 07:46 - 00000000 ____D C:\ProgramData\Adobe
2015-05-11 07:40 - 2015-05-11 07:44 - 00000000 ____D C:\Users\NirH\AppData\Local\Adobe
2015-05-11 07:32 - 2015-05-11 07:32 - 01550490 _____ C:\Users\NirH\Downloads\תוכניות_מעודכנות_סופיות_+מכרז.zip
2015-04-27 22:00 - 2015-04-27 22:01 - 05514979 _____ C:\Users\NirH\Downloads\הקודח.wma
2015-04-26 19:10 - 2015-04-26 19:10 - 02088448 _____ C:\Users\NirH\Downloads\קשרים_לת.ppt
2015-04-15 18:14 - 2015-04-15 18:14 - 01044480 _____ C:\Users\NirH\Downloads\5b83e967-06ca-428b-b404-b5081f007189.ppt
2015-04-15 18:02 - 2015-03-05 07:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 18:01 - 2015-03-04 07:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 18:01 - 2015-03-04 07:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 18:00 - 2015-03-10 06:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 18:00 - 2015-03-10 06:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 22:20 - 2015-03-25 06:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 22:20 - 2015-03-25 06:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 22:20 - 2015-03-25 06:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 22:20 - 2015-03-25 06:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 22:20 - 2015-03-25 06:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 22:20 - 2015-03-25 06:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 22:20 - 2015-03-25 06:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 22:20 - 2015-03-25 06:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 22:20 - 2015-03-25 06:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 22:20 - 2015-03-25 06:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 22:20 - 2015-03-25 06:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 22:19 - 2015-02-25 06:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 03:38 - 2015-04-14 03:38 - 01217192 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2015-04-09 15:50 - 2015-04-09 15:51 - 23315064 _____ (Popcorn Official) C:\Users\NirH\Downloads\Popcorn-Time-0.3.7.2-Setup.exe
2015-04-05 03:02 - 2015-05-20 21:44 - 00000000 ___SD C:\Windows\system32\GWX
2015-03-30 15:25 - 2015-03-30 15:25 - 00026176 ____H (LogMeIn, Inc.) C:\Windows\system32\Drivers\hamachi.sys

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 21:44 - 2012-08-22 18:39 - 00000000 ____D C:\ProgramData\MFAData
2015-06-22 21:41 - 2015-02-05 22:12 - 00000000 ____D C:\Users\NirH\AppData\Roaming\Skype
2015-06-22 21:41 - 2012-08-22 18:40 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3267004705-2935073521-300055254-1000UA.job
2015-06-22 21:41 - 2012-08-22 18:05 - 02000610 _____ C:\Windows\WindowsUpdate.log
2015-06-22 21:40 - 2012-10-19 21:00 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-22 15:34 - 2013-01-05 23:29 - 00000000 ____D C:\Users\NirH\AppData\Local\Microsoft Help
2015-06-22 15:17 - 2012-08-22 18:40 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3267004705-2935073521-300055254-1000Core.job
2015-06-22 14:36 - 2012-10-19 21:00 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-22 13:46 - 2009-07-14 07:34 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-22 13:46 - 2009-07-14 07:34 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-22 13:31 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-22 13:31 - 2009-07-14 07:39 - 00093793 _____ C:\Windows\setupact.log
2015-06-19 20:41 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\NDF
2015-06-19 14:24 - 2015-03-02 18:11 - 00000000 __SHD C:\Users\NirH\AppData\Local\EmieBrowserModeList
2015-06-19 14:24 - 2014-06-04 10:26 - 00000000 __SHD C:\Users\NirH\AppData\Local\EmieUserList
2015-06-19 14:24 - 2014-06-04 10:26 - 00000000 __SHD C:\Users\NirH\AppData\Local\EmieSiteList
2015-06-17 13:07 - 2012-08-22 18:17 - 01248282 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-15 21:32 - 2012-09-01 11:15 - 00388850 _____ C:\Windows\PFRO.log
2015-06-15 21:09 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\security
2015-06-12 11:55 - 2015-02-05 22:12 - 00000000 ____D C:\ProgramData\Skype
2015-06-12 11:54 - 2015-02-05 22:12 - 00002693 _____ C:\Users\Public\Desktop\Skype.lnk
2015-06-12 11:54 - 2015-02-05 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-12 10:32 - 2014-03-08 14:04 - 00000000 ____D C:\Program Files\Steam
2015-06-10 21:52 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\rescache
2015-06-10 16:25 - 2014-03-08 14:13 - 00000000 ____D C:\Users\NirH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-10 15:35 - 2009-07-14 07:33 - 00448096 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 15:33 - 2014-12-11 16:40 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 15:33 - 2014-05-02 03:17 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 15:33 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\he-IL
2015-06-10 15:32 - 2013-01-05 23:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 15:27 - 2013-07-31 00:22 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 15:27 - 2009-07-14 05:04 - 00000478 _____ C:\Windows\win.ini
2015-06-10 15:20 - 2012-08-22 19:22 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 08:22 - 2012-08-22 18:50 - 00002352 _____ C:\Users\NirH\Desktop\Google Chrome.lnk
2015-06-08 22:26 - 2013-01-01 22:22 - 00114688 ___SH C:\Users\NirH\Documents\Thumbs.db
2015-06-08 16:34 - 2013-05-25 21:02 - 00000000 ____D C:\Windows\system32\appmgmt
2015-06-05 14:15 - 2014-03-08 14:04 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-06-05 13:46 - 2009-07-14 07:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-04 15:57 - 2012-10-19 21:00 - 00000000 ____D C:\Program Files\Google
2015-05-27 22:49 - 2015-02-05 22:12 - 00000000 ___RD C:\Program Files\Skype

==================== Files in the root of some directories =======

2015-06-05 19:42 - 2015-06-05 19:42 - 0007665 _____ () C:\Users\NirH\AppData\Local\Resmon.ResmonCfg
2015-05-15 18:50 - 2015-05-15 18:50 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\NirH\AppData\Local\Temp\AutoRun.exe
C:\Users\NirH\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\NirH\AppData\Local\Temp\drm_dyndata_7320010.dll
C:\Users\NirH\AppData\Local\Temp\eauninstall.exe
C:\Users\NirH\AppData\Local\Temp\EBU4711.EXE
C:\Users\NirH\AppData\Local\Temp\OutlookConnector.exe
C:\Users\NirH\AppData\Local\Temp\Quarantine.exe
C:\Users\NirH\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe
C:\Users\NirH\AppData\Local\Temp\SkypeSetup.exe
C:\Users\NirH\AppData\Local\Temp\sqlite3.dll
C:\Users\NirH\AppData\Local\Temp\VP6Install.exe
C:\Users\NirH\AppData\Local\Temp\VP6VFW.dll
C:\Users\NirH\AppData\Local\Temp\_is316B.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-13 16:33

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-06-2015 01
Ran by NirH at 2015-06-22 21:45:46
Running from C:\Users\NirH\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3267004705-2935073521-300055254-500 - Administrator - Disabled)
Guest (S-1-5-21-3267004705-2935073521-300055254-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3267004705-2935073521-300055254-1002 - Limited - Enabled)
NirH (S-1-5-21-3267004705-2935073521-300055254-1000 - Administrator - Enabled) => C:\Users\NirH

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.20 - GIGABYTE)
µTorrent (HKU\S-1-5-21-3267004705-2935073521-300055254-1000\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4365 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
BioShock (HKLM\...\Steam App 7670) (Version: - 2K Boston)
Blend for Visual Studio 2012 (Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM\...\Steam App 8980) (Version: - Gearbox Software)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dotfuscator and Analytics Community Edition (Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Easy Tune 6 B11.1206.1 (HKLM\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.1206.1 (Version: 1.00.0000 - GIGABYTE) Hidden
Entity Framework Designer for Visual Studio 2012 - enu (HKLM\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKU\S-1-5-21-3267004705-2935073521-300055254-1000\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
IIS 8.0 Express (HKLM\...\{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LocalESPC (Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (Version: 8.59.25584 - Microsoft) Hidden
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware גירסה 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-040D-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3267004705-2935073521-300055254-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{D9DA2981-3298-4F1A-9192-F2CF5BD91145}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{79B49428-E9B0-4479-A0FA-3EFF8AFA9F07}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{CD920828-2B95-49A4-8BFD-1D34BCBF5A27}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Professional 2012 (HKLM\...\{17c2e197-cf26-443b-8beb-53151940df3f}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{1F4DF099-EA5C-482D-9901-C0A8B539B417}) (Version: 4.0.1622 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
ON_OFF Charge B11.1102.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
PreEmptive Analytics Visual Studio Components (Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
rayman2 (HKLM\...\rayman2) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6511 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
TERA (HKLM\...\Steam App 323370) (Version: - En Masse Entertainment)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update for (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Virtua Tennis 4™ (HKLM\...\GFWL_{53450FA2-E900-456E-9715-501000008200}) (Version: 1.0.0000.130 - SEGA)
Virtua Tennis 4™ (Version: 1.0.0000.130 - SEGA) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WCF Data Services 5.0 (for OData v3) Primary Components (Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
X-COM: Apocalypse (HKLM\...\Steam App 7660) (Version: - MicroProse Software, Inc)
X-COM: Enforcer (HKLM\...\Steam App 7770) (Version: - MicroProse Software, Inc)
X-COM: Interceptor (HKLM\...\Steam App 7730) (Version: - MicroProse Software, Inc)
X-COM: Terror from the Deep (HKLM\...\Steam App 7650) (Version: - MicroProse Software, Inc)
X-COM: UFO Defense (HKLM\...\Steam App 7760) (Version: - MicroProse Software, Inc)
YELEDPELE GAMES (HKLM\...\YELEDPELE GAMES) (Version: - )
גלריית התמונות (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
יש לי סוד אני קורא - מתחילים (HKLM\...\יש לי סוד אני קורא - מתחילים) (Version: 5.2 Tasswin:1.72.00 - )
ערכת שפה של Microsoft Visual Studio 2010 Tools for Office Runtime (x86)‎ - ‏HEB (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - HEB) (Version: 10.0.50903 - Microsoft Corporation)
תוכנת התקן בסיסי מסוג ‎HP Officejet 6500 E710n-z (HKLM\...\{ECF95597-4929-4C8C-A4F7-27AAF029AA81}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\NirH\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\NirH\AppData\Local\Google\Chrome\Application\43.0.2357.124\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\NirH\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\NirH\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\NirH\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\NirH\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\NirH\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\NirH\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\NirH\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3267004705-2935073521-300055254-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\NirH\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

18-06-2015 18:13:36 נקודת ביקורת מתוזמנת

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:04 - 2009-06-11 00:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {055BB66D-1CF5-4DAE-9344-43A9F8F8F24C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-08] (Microsoft Corporation)
Task: {0A07D0CB-52D9-49C1-B6C8-46906A97F7D9} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.com/almost-done?pid=safeguard&lang=en
Task: {128084A6-9F2F-412C-AF15-DFD3AC86A24A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-19] (Google Inc.)
Task: {12DDD347-A814-4AE2-96DC-8DB5B59D12AA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {1FAC6E1B-D0D7-479B-AFA3-B16F0086883E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {29B3697F-24FE-4793-9DFD-E691CB6A137B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2C4322C7-AF0B-4C54-BD95-75B0ADAC10B4} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {47217321-744E-4B8F-B4EA-4DE40076FB06} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3267004705-2935073521-300055254-1000UA => C:\Users\NirH\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22] (Google Inc.)
Task: {4FF92966-11F8-4AA9-9490-A18F30FFE45E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-19] (Google Inc.)
Task: {53C30401-D9C7-4A5C-B6D8-0DE5DCC89317} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {76221B1F-2541-45A9-B318-FAED288FAE3E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {798BB750-5B9B-4B0F-86B4-80BFB0D81025} - System32\Tasks\{EBF6F85A-3B93-4D50-82F7-E21B9F4DDE82} => pcalua.exe -a C:\Windows\UbiSoft\SetupUbi.exe -d C:\Windows\UbiSoft -c -play rayman2
Task: {8B2BF129-BB73-4AF6-A51E-3DFC729B654B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3267004705-2935073521-300055254-1000Core => C:\Users\NirH\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22] (Google Inc.)
Task: {A294BBAE-11C5-4600-B68A-18984E6BE8F2} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-18] ()
Task: {B09CDFE1-C47D-409C-81F8-0973C10BBB1C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3267004705-2935073521-300055254-1000Core.job => C:\Users\NirH\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3267004705-2935073521-300055254-1000UA.job => C:\Users\NirH\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => C:\Users\NirH\AppData\Local\Google\Chrome\Application\chrome.exeF--new-window http:/toolbar.avg.com/
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-22 18:18 - 2011-10-21 19:49 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-06-10 08:21 - 2015-06-05 21:22 - 01281864 _____ () C:\Users\NirH\AppData\Local\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-10 08:21 - 2015-06-05 21:22 - 00080712 _____ () C:\Users\NirH\AppData\Local\Google\Chrome\Application\43.0.2357.124\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3267004705-2935073521-300055254-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\NirH\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 80.179.52.100 - 80.179.55.100

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: SCBackService => 2
MSCONFIG\Services: WCUService_STC_FF => 2
MSCONFIG\Services: WCUService_STC_IE => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HP Officejet 6500 E710n-z (NET) => "C:\Program Files\Hp\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe" -deviceID "CN199346SF05JW:NW" -scfn "HP Officejet 6500 E710n-z (NET)" -AutoStart 1
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: ZyngaGamesAgent => "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F0F50C2D-1707-4048-9EC5-FB059919200E}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{C1AA0F51-9133-415B-9C66-EE76E94F3199}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{7B7DF4DA-AF6E-46C5-BDE1-DC8616863ECE}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{BC29322B-2192-40D2-AC5F-F59C36C23F2E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{63D83583-A7A1-4957-BFDD-27E80EFBE02D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E78A4091-A5E7-41E9-8344-FF917A82AEE4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D972589F-D517-4514-9B34-EC3576D12664}] => (Allow) C:\Users\NirH\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{DA060309-535A-4DB9-A239-DE52F3167A94}] => (Allow) C:\Program Files\Sega\Virtua Tennis 4\VT4.exe
FirewallRules: [{B23CA778-98D2-4294-8F04-ED5C1540683D}] => (Allow) C:\Program Files\Sega\Virtua Tennis 4\VT4.exe
FirewallRules: [{58E55DA7-E8ED-46D3-A0AB-B80AB1741693}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{85C95AF7-B720-4046-8412-1E2FDF860B76}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{7BE528E5-21AB-4E04-9A38-3D6EAA8932BF}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{9E970F29-E13E-4727-80EB-1404AA429D08}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{D89C3811-6E12-4462-8C51-EA0EA02A5C3F}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{26A92579-48D7-4548-817C-4F2AB4616341}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{F8F10C19-AB9C-4602-981C-955654D271B4}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{DB25EC5D-57A1-44CA-AAD9-FEFEB432EA50}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{B13A3A33-3E87-468C-BC4F-DB8D3C5161B7}] => (Allow) C:\Users\NirH\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AAC9214D-ED44-46F2-9385-AA525B9B5B6C}] => (Allow) C:\Users\NirH\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D9CCC96C-447B-49F1-B041-CEECC877DF8D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{826AD85D-4B37-4725-BE43-122931040EAD}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{CA5DF680-BACD-4019-B931-02B30741F27B}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{8720ABB6-1106-4AE0-BD3A-6F2C3F1D8AEF}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom Enforcer\System\XCom.exe
FirewallRules: [{002351D9-ABD1-4E7A-B31D-3727DE59B067}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom Enforcer\System\XCom.exe
FirewallRules: [{CDA702B3-1BD3-486D-9D8D-3091E5857173}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom UFO Defense\dosbox.exe
FirewallRules: [{C5827318-0404-490B-9301-CA95F8A441F5}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom UFO Defense\dosbox.exe
FirewallRules: [{EA3C1735-7008-4032-8C6B-0AF6D98C2FD2}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom UFO Defense\XCOM\UFO Defense_Patched.exe
FirewallRules: [{98F2DC2A-52F4-407D-93EB-E0EDF11125E0}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom UFO Defense\XCOM\UFO Defense_Patched.exe
FirewallRules: [{FCFA7CDB-582B-445F-9DB3-3E73425C3129}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom Interceptor\Interceptor.exe
FirewallRules: [{ADC1073C-8E0B-434A-B3AC-64B82B69D51A}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom Interceptor\Interceptor.exe
FirewallRules: [{1E011C30-255D-4FF5-AA10-665A1E2FA5AA}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom Apocalypse\dosbox.exe
FirewallRules: [{CD333890-9543-4928-8430-980030EAEF5F}] => (Allow) C:\Program Files\Steam\SteamApps\common\XCom Apocalypse\dosbox.exe
FirewallRules: [{BFB4E634-1131-4628-8DD1-894B3B2122BA}] => (Allow) C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{C5986590-B416-4217-A9BC-4D56187DACE4}] => (Allow) C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{CCAD8451-F87A-4791-9161-C15B2EE480A2}] => (Allow) C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe
FirewallRules: [{010D5600-3993-46C3-B091-DC34FF678936}] => (Allow) C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe
FirewallRules: [{536DF3E7-44ED-44CF-85CA-8780493243A1}] => (Allow) C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe
FirewallRules: [{B4892608-1C5A-4B0E-A631-CCF5534B7E65}] => (Allow) C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe
FirewallRules: [{040596B3-9424-4090-8645-C7F41418D807}] => (Allow) C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV\Civilization4.exe
FirewallRules: [{ACF03918-6A5A-4D7D-993E-D742882F12F2}] => (Allow) C:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization IV\Civilization4.exe
FirewallRules: [{99430E3E-0853-49E2-B0D1-20AC8A3C0065}] => (Allow) C:\Program Files\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{A616EB7C-0E0C-4348-A4D1-89F96C887E03}] => (Allow) C:\Program Files\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{A8BA4CDF-8023-461B-A249-4C56DC1C29F2}] => (Allow) C:\Program Files\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe
FirewallRules: [{A8E726DC-A465-4F27-ABD4-E53552ED0442}] => (Allow) C:\Program Files\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe
FirewallRules: [{2D51D3A1-E56D-4EBD-ABFC-E45F4C28A442}] => (Allow) C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{32EB533A-D90D-4238-9578-837C2CC3A138}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A77FA96A-96B3-4030-8425-4D628B482621}] => (Allow) LPort=2869
FirewallRules: [{2C6FE1E1-22D7-46CA-AA0C-7DCA388AA1EE}] => (Allow) LPort=1900
FirewallRules: [{BCBF90CC-D61F-4F5A-8978-331E81A204B7}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{96F1206E-BB73-4651-9159-3196197AA9D8}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{9755FBF5-1365-4C38-8E47-7C2CC1B665E0}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{608FEE9E-C6F2-419E-B5AE-35C0EFA94FCC}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{21EFAFAC-C007-48DD-A7FE-6DF52FC57BC8}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{708FD5A5-B44C-43F1-BC82-044B8768D0DA}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{FE5AE5A0-20FB-46B4-B300-CDCF04A1908E}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{E221B3BA-8872-4D79-9655-9FDE307D64AA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{3F4B9421-1119-42B5-AC67-EE96E46475D3}C:\users\nirh\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Block) C:\users\nirh\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{D0E0B157-A491-4E55-8114-BBE16FCE32B5}C:\users\nirh\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Block) C:\users\nirh\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{3C79370B-737A-4867-9CBA-3B13634E6F20}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\FaxApplications.exe
FirewallRules: [{5A95FA5B-0D65-4337-816C-E86FCE141092}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\DigitalWizards.exe
FirewallRules: [{ACEC11BF-8E13-4614-B1B4-5B44541B9A93}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\SendAFax.exe
FirewallRules: [{E227D3C0-4CDB-4CB9-A503-4B046D12EFCC}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{C2F3EB44-5E58-469E-8358-619BE870AC20}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{337A4958-7D77-44D9-8348-2872BDDA2F6F}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E36181B6-43D4-4F69-85F3-7EEB6DA54ADE}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{F556AF25-4A7F-4A72-8D0B-62F469A6A2B3}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{5B7C6448-F332-4F0E-9EBD-55DBDC65324D}] => (Allow) C:\Program Files\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{01EC6080-45F6-43FE-BFAB-7C6935C78814}] => (Allow) C:\Program Files\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{206F68F2-78DA-4DCB-9909-4896EAF1A4C3}] => (Allow) C:\Program Files\Steam\SteamApps\common\TERA\TERA-Launcher.exe
FirewallRules: [{5AFD65F8-0EFC-4365-8BF2-3759A5F788BF}] => (Allow) C:\Program Files\Steam\SteamApps\common\TERA\TERA-Launcher.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2015 02:33:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: ‏‏יצירת הקשר הפעלה נכשלה עבור ''Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1''.
לא היתה אפשרות למצוא את ההרכבה התלויה Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
נא השתמש ב- sxstrace.exe לצורך אבחון מפורט.

Error: (06/22/2015 02:32:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: ‏‏יצירת הקשר הפעלה נכשלה עבור ''Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1''.
לא היתה אפשרות למצוא את ההרכבה התלויה Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
נא השתמש ב- sxstrace.exe לצורך אבחון מפורט.

Error: (06/22/2015 02:32:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: ‏‏יצירת הקשר הפעלה נכשלה עבור ''Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1''.
לא היתה אפשרות למצוא את ההרכבה התלויה Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
נא השתמש ב- sxstrace.exe לצורך אבחון מפורט.

Error: (06/22/2015 02:32:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: ‏‏יצירת הקשר הפעלה נכשלה עבור ''Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1''.
לא היתה אפשרות למצוא את ההרכבה התלויה Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
נא השתמש ב- sxstrace.exe לצורך אבחון מפורט.

Error: (06/22/2015 02:32:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: ‏‏יצירת הקשר הפעלה נכשלה עבור ''Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1''.
לא היתה אפשרות למצוא את ההרכבה התלויה Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
נא השתמש ב- sxstrace.exe לצורך אבחון מפורט.

Error: (06/22/2015 02:32:13 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: ‏‏יצירת הקשר הפעלה נכשלה עבור ''assemblyIdentity1''. שגיאה בקובץ המניפסט או המדיניות ''assemblyIdentity2'' בשורה assemblyIdentity3.
הערך ''*'' של התכונה ''language'' ברכיב ''assemblyIdentity'' אינו חוקי.

Error: (06/22/2015 02:04:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: ‏‏יצירת הקשר הפעלה נכשלה עבור ''Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1''.
לא היתה אפשרות למצוא את ההרכבה התלויה Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
נא השתמש ב- sxstrace.exe לצורך אבחון מפורט.

Error: (06/22/2015 02:03:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: ‏‏יצירת הקשר הפעלה נכשלה עבור ''Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1''.
לא היתה אפשרות למצוא את ההרכבה התלויה Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
נא השתמש ב- sxstrace.exe לצורך אבחון מפורט.

Error: (06/22/2015 02:03:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: ‏‏יצירת הקשר הפעלה נכשלה עבור ''Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1''.
לא היתה אפשרות למצוא את ההרכבה התלויה Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
נא השתמש ב- sxstrace.exe לצורך אבחון מפורט.

Error: (06/22/2015 02:03:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: ‏‏יצירת הקשר הפעלה נכשלה עבור ''Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1''.
לא היתה אפשרות למצוא את ההרכבה התלויה Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
נא השתמש ב- sxstrace.exe לצורך אבחון מפורט.

System errors:
=============
Error: (06/21/2015 04:10:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (06/21/2015 02:02:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לתגובת טרנזקציה משירות ShellHWDetection.

Error: (06/21/2015 07:07:57 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לתגובת טרנזקציה משירות MBAMScheduler.

Error: (06/20/2015 11:23:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לתגובת טרנזקציה משירות Wlansvc.

Error: (06/19/2015 11:59:07 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (06/19/2015 00:43:50 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{95B591CD-FA71-4906-A14B-00895003A8E6} because another computer on the network has the same name. The server could not start.

Error: (06/16/2015 06:48:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 18:48:01 on ‎16/‎06/‎2015 was unexpected.

Error: (06/16/2015 06:20:04 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{95B591CD-FA71-4906-A14B-00895003A8E6} because another computer on the network has the same name. The server could not start.

Error: (06/16/2015 06:19:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לתגובת טרנזקציה משירות ShellHWDetection.

Error: (06/15/2015 10:26:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Microsoft Office:
=========================
Error: (06/22/2015 02:33:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Hp\HP Officejet 6500 E710n-z\DriverStore\Pipeline\amd64\hpinkins5412.exe

Error: (06/22/2015 02:32:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe

Error: (06/22/2015 02:32:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Windows Kits\8.0\bin\x64\filetypeverifier.exe

Error: (06/22/2015 02:32:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Windows Kits\8.0\bin\x64\oleview.exe

Error: (06/22/2015 02:32:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Microsoft Visual Studio 11.0\VC\redist\1033\vcredist_arm.exe

Error: (06/22/2015 02:32:13 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files\spybot - search & destroy\DelZip179.dllc:\program files\spybot - search & destroy\DelZip179.dll8

Error: (06/22/2015 02:04:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Hp\HP Officejet 6500 E710n-z\DriverStore\Pipeline\amd64\hpinkins5412.exe

Error: (06/22/2015 02:03:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe

Error: (06/22/2015 02:03:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Windows Kits\8.0\bin\x64\filetypeverifier.exe

Error: (06/22/2015 02:03:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Windows Kits\8.0\bin\x64\oleview.exe

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G850 @ 2.90GHz
Percentage of memory in use: 59%
Total physical RAM: 1935.72 MB
Available physical RAM: 788.95 MB
Total Pagefile: 3871.45 MB
Available Pagefile: 1882.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:323.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0FCE0FCD)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of log ============================

Dakeyras

2015-06-23, 16:30

Hi. :)

thanks a lot for jumping in to assist
You're welcome, lets proceed as follows shall we...

Are you aware µTorrent is currently installed ? Please remove/uninstall the software per the forum guidelines (https://forums.spybot.info/showthread.php?282-File-Sharing-otherwise-known-as-Peer-To-Peer-(P2P)), thank you.

I see you have Easy Tune 6 presently installed, to be honest such software rarely improves overall performance and can in some instances actually worsen a situation. My friendly advise would be consider uninstalling and then checking if you machine can support any upgraded system memory modules via:-

Crucial (http://www.crucial.com) as they have a small scanner(CrucialScan.exe)which is perfectly safe to download and run.

Temp' Disable TeaTimer:

This is so it will not hinder the custom FRST script, you may re-enable when I give the all clear.

How to do so can be read here (http://forums.spybot.info/showpost.php?p=1150&postcount=2), scroll down to:-

When Spybot-S&D version 1.6.2 is installed

TeaTimer needs to be disabled so that its protection does not interfere with fixes.

Custom FRST Script:

Please download the attached fixlist.txt(see below) and save to the desktop.

12244

Now right-click on FRST.exe and select Run as Administrator to start FRST.
After the tool has checked for any updates and The tool is ready to use is denoted:-

Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
Your machine should now automatically reboot itself.
Post the contents of the newly created Fixlog in your next reply.

Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.

Next:

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
Fixlog from the Custom FRST Script.

heyehuda

2015-06-24, 21:04

Hi,

My PC does seem to work better now, but I can still hear and see the red HD lamp blinking constantly even without user activity. What is this endless HD activity?

Please see below FRST log

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-06-2015 01
Ran by NirH at 2015-06-24 20:35:55 Run:1
Running from C:\Users\NirH\Desktop
Loaded Profiles: NirH (Available Profiles: NirH)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3267004705-2935073521-300055254-1000\...\Run: [KSS] => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3267004705-2935073521-300055254-1000 -> {DEC9CEA8-0859-4c41-B97C-66C153CA3A69} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
2015-04-09 15:50 - 2015-04-09 15:51 - 23315064 _____ (Popcorn Official) C:\Users\NirH\Downloads\Popcorn-Time-0.3.7.2-Setup.exe
C:\$Recycle.Bin\S-1-5-21-3267004705-2935073521-300055254-1000\$R1KRW7D.rar
C:\$Recycle.Bin\S-1-5-21-3267004705-2935073521-300055254-1000\$RU87JAS.exe
C:\Users\NirH\Downloads\eTypeSetupF (1).exe
C:\Users\NirH\Downloads\eTypeSetupF.exe
C:\Users\NirH\Downloads\Football.Manager.2014-RELOADED
Task: {0A07D0CB-52D9-49C1-B6C8-46906A97F7D9} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.com/almost-done?p...rd&lang=en
Task: {798BB750-5B9B-4B0F-86B4-80BFB0D81025} - System32\Tasks\{EBF6F85A-3B93-4D50-82F7-E21B9F4DDE82} => pcalua.exe -a C:\Windows\UbiSoft\SetupUbi.exe -d C:\Windows\UbiSoft -c -play rayman2
Task: {A294BBAE-11C5-4600-B68A-18984E6BE8F2} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-18] ()
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Hosts:
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3267004705-2935073521-300055254-1000\Software\Microsoft\Windows\CurrentVersion\Run\\KSS => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-3267004705-2935073521-300055254-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DEC9CEA8-0859-4c41-B97C-66C153CA3A69}" => key removed successfully.
HKCR\CLSID\{DEC9CEA8-0859-4c41-B97C-66C153CA3A69} => key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => key removed successfully.
C:\Users\NirH\Downloads\Popcorn-Time-0.3.7.2-Setup.exe => moved successfully.
C:\$Recycle.Bin\S-1-5-21-3267004705-2935073521-300055254-1000\$R1KRW7D.rar => moved successfully.
C:\$Recycle.Bin\S-1-5-21-3267004705-2935073521-300055254-1000\$RU87JAS.exe => moved successfully.
C:\Users\NirH\Downloads\eTypeSetupF (1).exe => moved successfully.
C:\Users\NirH\Downloads\eTypeSetupF.exe => moved successfully.
C:\Users\NirH\Downloads\Football.Manager.2014-RELOADED => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A07D0CB-52D9-49C1-B6C8-46906A97F7D9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A07D0CB-52D9-49C1-B6C8-46906A97F7D9}" => key removed successfully.
C:\Windows\System32\Tasks\Open Chrome => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open Chrome" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{798BB750-5B9B-4B0F-86B4-80BFB0D81025}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{798BB750-5B9B-4B0F-86B4-80BFB0D81025}" => key removed successfully.
C:\Windows\System32\Tasks\{EBF6F85A-3B93-4D50-82F7-E21B9F4DDE82} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EBF6F85A-3B93-4D50-82F7-E21B9F4DDE82}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A294BBAE-11C5-4600-B68A-18984E6BE8F2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A294BBAE-11C5-4600-B68A-18984E6BE8F2}" => key removed successfully.
C:\Windows\System32\Tasks\ROC_REG_JAN_DELETE => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ROC_REG_JAN_DELETE" => key removed successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========

The operation completed successfully.

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========

The operation completed successfully.

========= End of Reg: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 3.3 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 20:38:46 ====

Dakeyras

2015-06-24, 23:25

Hi. :)

My PC does seem to work better now
Good.

I can still hear and see the red HD lamp blinking constantly even without user activity. What is this endless HD activity?
Could be due to a myriad of possibilities all told and not necessarily malware related. Ok we will try something proactive and one benign scan also and go from there.

StartUpLite:

Please download this small application from here (http://www.malwarebytes.org/startuplite.php) and save to your Desktop.

It is very simple to use and quite effective and will advise about any unnecessary system startups that can be safely removed.

If you remove anything via the application reboot your machine afterwards if not advised to do so.

Check Hard Disk For Errors:

Open Notepad.
Copy and Paste everything from the Code Box below into Notepad:

@echo off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0
Go to File >> Save As
Save File name as Dakeyras.bat
Change Save as Type to All Files and save the file to your Desktop.
It should look similar to this: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/vista-rh.gif

Now right-click on the desktop Dakeyras.bat and select Run as Administrator to run the batch file. A blank command window will open on your desktop, then close in a few minutes. This is normal and the batch file itself will self-delete when completed.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file in your next reply.

heyehuda

2015-06-26, 17:42

Here it is:

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
1016 large file records processed.

0 bad file records processed.

2 EA records processed.

68 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
44493 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

488375968 KB total disk space.
149095856 KB in 261959 files.
135348 KB in 44494 indexes.
0 KB in bad sectors.
446232 KB in use by the system.
65536 KB occupied by the log file.
338698532 KB available on disk.

4096 bytes in each allocation unit.
122093992 total allocation units on disk.
84674633 allocation units available on disk.

Dakeyras

2015-06-26, 20:55

Hi. :)

Looks like the hard-drive is in need of some in-depth system maintenance. After completing the below let myself know please if this has resolved the issues you mentioned prior.

Flush Temp Files:

Click Start(Windows 7 Orb) >> Run..(or the Windows key and R together) to bring up the Run box.
Cut and paste in cleanmgr into the Run box and click on OK >> OK
Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
You can choose to check other boxes if you wish but they are not required.
Click on OK then Delete Files.

Hard-Drive Maintenance/Repair:

Click on Start(Windows 7 Orb).
Click on All Programs >> Accessories
Right click on Command Prompt and select Run as Administrator.
Click on Continue at the UAC prompt.
At the Command Prompt C:\Windows\System32> type in the following exactly:
CD C:\
Then depress the Enter/Return key, then type in the following exactly:
Now type in DEFRAG C: -F
A Analysis report will be displayed and then Windows will start the Defragmentation run automatically.
This may take some time, when completed the Command Prompt C:\ > will appear.
Now type in CHKDSK C: /R and depress the Enter/Return key.
When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N) Depress the Y key then at the Command Prompt C:\ >
Type in EXIT and depress the Enter/Return key.
Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

http://i223.photobucket.com/albums/dd202/Dakeyras_album/Windows7CHKDSK.jpg

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

Dakeyras

2015-06-30, 13:33

Due to the lack of feedback this Topic is closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of both awsMBR and FRST logs plus a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.