Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Very slow Windows\IExplorer and Chrome [Solved]

Started by tal5 , Aug 27 2014 02:51 PM

This topic is locked

#1 $Very slow Windows\IExplorer and Chrome [Solved]: post #1$
tal5

Posted 27 August 2014 - 02:51 PM

Member

Member
46 posts

Hello.

It seems that my computer acting very slow since two weeks ago, what I need to do? very slow Google Chrome and IE, and windows browser also acting very heavy.

Any help will be blessed, I trusting you

Thanks in advance!!

#2 $Very slow Windows\IExplorer and Chrome [Solved]: post #2$
tal5

Posted 28 August 2014 - 04:20 PM

Member

Topic Starter
Member
46 posts

Any attention Please??

#3 $Very slow Windows\IExplorer and Chrome [Solved]: post #3$
DanoNH

Posted 29 August 2014 - 10:57 AM

Trusted Helper

Malware Removal
2,155 posts

Hello and welcome to Geeks to Go! :welcome:

My name is Dan, and I'll be helping you with your issues. If someone else is helping you, either here or at another malware removal assistance site, please let me know so that I may direct my efforts to helping another user. ALL staff here at Geeks To Go are volunteers; please keep that in mind if I don’t answer your post as quickly as you’d like. I give what time I can. PLEASE be patient.

I am currently in training, so there will be another person reviewing my work. This may cause a bit of a delay in my responses, but on the positive side, you will have two sets of eyes reviewing your logs instead of one... :cool:

Please note that you should have Administrator rights to perform any fixes. Also note that multiple identity PC’s (family PC’s) can present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.
Before we proceed, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the blue names shown on your screen. Part of the fix may require you to be in Safe Mode, which might not allow you to access the internet, or my instructions.
Please understand that malware removal is a complicated, multi-step process. Therefore please stay with me until I tell you that your system is clean. Attempting malware removal or clean-up yourself will only extend the time it will take to get your system clean. If you get stuck or have questions, please stop and ask so I can help you.
Be sure to back up any personal data files you need to keep (documents, photos, etc.) to a USB flash drive or external hard disk. While every attempt will be made to precisely repair the infections on your computer, due to the complexity and unpredictability of malware clean-up, there is always a risk of data loss.
When posting logs, please Copy & Paste the log file contents into a reply. Use multiple posts if necessary, but please do not attach them or post them on a file hosting site.

OK, now we can get started...

First

As an FYI, replying to or "bumping" your own posts only makes it less likely you will receive help, because we look for posts with no replies. A post with one or more replies appears to have been responded to already... If you haven't received a response after 3 days, you can try posting in The Waiting Room.

This topic gives instructions on how things work here. I will need you to post some logs by following the below steps:

Next

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click on FRST on your Desktop and choose Run as Administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens, if asked, click Yes to disclaimer.
Make sure the Addition.txt check-box is checked.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste the contents of that log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste the contents of that along with the FRST.txt into your reply.

#4 $Very slow Windows\IExplorer and Chrome [Solved]: post #4$
tal5

Posted 30 August 2014 - 02:19 PM

Member

Topic Starter
Member
46 posts

thanks, i will give you my reports later, do not close.

#5 $Very slow Windows\IExplorer and Chrome [Solved]: post #5$
tal5

Posted 30 August 2014 - 06:51 PM

Member

Topic Starter
Member
46 posts

hello and thank you again for the reply- here are my first reports-

the FRST :prop: one-

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-08-2014 01

Ran by Tal (administrator) on TAL-PC on 31-08-2014 03:45:12

Running from C:\Users\Tal\Downloads

Platform: Microsoft Windows 7 Ultimate (X86) OS Language: עברית (ישראל)‏

Internet Explorer Version 8

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(DT Soft Ltd) E:\Program Files\DAEMON Tools Lite\DTLite.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe

(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe

() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe

() C:\Program Files\AVG Secure Search\vprot.exe

(Google Inc.) C:\Users\Tal\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-07-24] (Realtek Semiconductor)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-08-30] ()

HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\...\Run: [Google Update] => C:\Users\Tal\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-22] (Google Inc.)

HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\...\Run: [DAEMON Tools Lite] => E:\Program Files\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)

HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\...\MountPoints2: {0e11ed53-afa4-11e0-8406-001fd0d54707} - H:\AUTORUN.EXE

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = he

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynet.co.il/

SearchScopes: HKCU - DefaultScope {9E9F6E56-2C4C-412A-A8F5-00EF260A2962} URL = http://www.google.co...q={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={EF63917F-8F81-4F45-9527-48631223000E}&mid=a852dbc529c4250ab22dee7d01b77686-11f619284a5c84eca1f1e817de7930dd4e9e0c3b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-08-30 23:22:57&v=18.1.9.786&pid=avg&sg=&sap=dsp&q={searchTerms}

SearchScopes: HKCU - {9E9F6E56-2C4C-412A-A8F5-00EF260A2962} URL = http://www.google.co...q={searchTerms}

BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> E:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)

BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.786\AVG Secure Search_toolbar.dll (AVG Secure Search)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.786\AVG Secure Search_toolbar.dll (AVG Secure Search)

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...r_5.0.127.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://bhome.bezeq....SetupClient.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:

========

FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-04]

FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:

=======

CHR HomePage: Default ->

CHR Plugin: (Shockwave Flash) - C:\Users\Tal\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Tal\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Tal\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File

CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Unity Player) - C:\Users\Tal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll No File

CHR CustomProfile: C:\Users\Tal\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (AdBlock) - C:\Users\Tal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-17]

CHR Extension: (Google Wallet) - C:\Users\Tal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)

S3 BITCOMET_HELPER_SERVICE; E:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)

R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]

R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]

R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]

S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]

R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-30] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-30] (AVG Technologies)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-07-16] (DT Soft Ltd)

S3 etdrv; C:\Windows\etdrv.sys [17488 2011-09-30] (Windows ® 2000 DDK provider)

S3 gdrv; C:\Windows\gdrv.sys [17488 2011-09-30] (Windows ® 2000 DDK provider)

S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)

U5 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2011-09-30] ()

S4 NVHDA; system32\drivers\nvhda32v.sys [X]

S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 03:45 - 2014-08-31 03:45 - 00015751 _____ () C:\Users\Tal\Downloads\FRST.txt

2014-08-31 03:44 - 2014-08-31 03:45 - 00000000 ____D () C:\FRST

2014-08-31 03:43 - 2014-08-31 03:43 - 01095680 _____ (Farbar) C:\Users\Tal\Downloads\FRST.exe

2014-08-30 23:23 - 2014-08-31 03:23 - 00000000 ____D () C:\Users\Tal\AppData\Local\AVG Secure Search

2014-08-30 23:23 - 2014-08-30 23:23 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar

2014-08-30 23:22 - 2014-08-30 23:22 - 00042784 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys

2014-08-30 23:22 - 2014-08-30 23:22 - 00000000 ____D () C:\ProgramData\AVG Secure Search

2014-08-30 23:22 - 2014-08-30 23:22 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search

2014-08-30 23:22 - 2014-08-30 23:22 - 00000000 ____D () C:\Program Files\AVG Secure Search

2014-08-27 01:54 - 2014-08-27 01:54 - 00143216 _____ () C:\Windows\Minidump\082714-28002-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 03:45 - 2014-08-31 03:45 - 00015751 _____ () C:\Users\Tal\Downloads\FRST.txt

2014-08-31 03:45 - 2014-08-31 03:44 - 00000000 ____D () C:\FRST

2014-08-31 03:43 - 2014-08-31 03:43 - 01095680 _____ (Farbar) C:\Users\Tal\Downloads\FRST.exe

2014-08-31 03:40 - 2012-09-23 19:36 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3579686740-1948245414-1388583087-1001UA.job

2014-08-31 03:27 - 2012-04-08 23:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-08-31 03:23 - 2014-08-30 23:23 - 00000000 ____D () C:\Users\Tal\AppData\Local\AVG Secure Search

2014-08-31 03:04 - 2011-10-21 16:18 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-31 02:13 - 2011-01-01 01:49 - 01567204 _____ () C:\Windows\WindowsUpdate.log

2014-08-30 23:23 - 2014-08-30 23:23 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar

2014-08-30 23:22 - 2014-08-30 23:22 - 00042784 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys

2014-08-30 23:22 - 2014-08-30 23:22 - 00000000 ____D () C:\ProgramData\AVG Secure Search

2014-08-30 23:22 - 2014-08-30 23:22 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search

2014-08-30 23:22 - 2014-08-30 23:22 - 00000000 ____D () C:\Program Files\AVG Secure Search

2014-08-30 23:22 - 2012-09-23 19:36 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3579686740-1948245414-1388583087-1001Core.job

2014-08-30 23:22 - 2011-10-21 16:18 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-30 23:21 - 2011-10-17 19:39 - 00000000 ____D () C:\ProgramData\MFAData

2014-08-29 00:22 - 2014-06-17 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-08-29 00:22 - 2013-10-03 16:36 - 00000939 _____ () C:\Users\Public\Desktop\AVG 2014.lnk

2014-08-27 23:32 - 2009-07-14 07:34 - 00014016 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-27 23:32 - 2009-07-14 07:34 - 00014016 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-27 23:24 - 2013-07-31 11:12 - 00021376 _____ () C:\Windows\setupact.log

2014-08-27 23:24 - 2009-07-14 07:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-27 03:01 - 2013-09-27 02:02 - 00000000 ____D () C:\Users\Tal\Documents\FIFA 14

2014-08-27 01:54 - 2014-08-27 01:54 - 00143216 _____ () C:\Windows\Minidump\082714-28002-01.dmp

2014-08-27 01:54 - 2014-01-27 17:41 - 250060783 _____ () C:\Windows\MEMORY.DMP

2014-08-27 01:54 - 2012-06-06 14:20 - 00000000 ____D () C:\Windows\Minidump

2014-08-27 01:38 - 2011-10-01 06:20 - 00000000 ____D () C:\ProgramData\Origin

2014-08-15 23:43 - 2012-09-23 19:37 - 00002354 _____ () C:\Users\Tal\Desktop\Google Chrome.lnk

2014-08-02 18:44 - 2012-05-02 17:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

Some content of TEMP:

====================

C:\Users\Tal\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Tal\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-27 22:56

==================== End Of Log ============================

and the "Addition" -

Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-08-2014 01

Ran by Tal at 2014-08-31 03:45:42

Running from C:\Users\Tal\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden

4500_G510gm_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden

4500G510gm (Version: 000.0.423.000 - Hewlett-Packard) Hidden

4500G510gm_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)

Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Reader X (10.1.3) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)

AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden

AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{3825F8BD-F784-6FBB-A5CD-857559148007}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)

AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden

AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden

AVG 2013 (Version: 13.0.2638 - AVG Technologies) Hidden

AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4745 - AVG Technologies)

AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4577 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4745 - AVG Technologies) Hidden

AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.9.786 - AVG Technologies)

Battlefield Heroes (HKLM\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions)

BitComet 1.35 (HKLM\...\BitComet) (Version: 1.35 - CometNetwork)

BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden

Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Graphics Previews Common (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

ccc-utility (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve)

Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - )

Counter-Strike: Source (HKLM\...\Steam App 240) (Version: - Valve)

Counter-Strike: Source Beta (HKLM\...\Steam App 260) (Version: - )

CPUID HWMonitor 1.24 (HKLM\...\CPUID HWMonitor_is1) (Version: - )

CSS FULL DZ [Oct 15 2007] v18.1 (HKLM\...\CSS FULL DZ [Oct 15 2007]) (Version: v18.1 - GrCs2Ek~)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)

Debugging Tools for Windows (HKLM\...\{F567DC55-F59A-4019-BBC3-9D12C5875487}) (Version: 6.5.3.8 - Microsoft Corporation)

Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden

DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden

DocMgr (Version: 130.0.000.000 - Hewlett-Packard) Hidden

DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden

EA.com Matchup (HKLM\...\{2F173C40-563E-11D4-89C5-0010ADDAAC33}) (Version: - )

EA.com Update (HKLM\...\{9AB97F52-512B-43EF-AAEC-4825C17B32ED}) (Version: - )

Easy Tune 6 B11.0630.1 (HKLM\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)

Easy Tune 6 B11.0630.1 (Version: 1.00.0000 - GIGABYTE) Hidden

Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden

FIFA 13 (HKLM\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.1.0.0 - Electronic Arts)

FIFA 14 (HKLM\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)

Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)

Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden

GPU Temp version 1.0 (HKLM\...\{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1) (Version: 1.0 - gputemp.com)

HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)

HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)

HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)

HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)

HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)

HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)

HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)

HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden

HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden

Image Resizer for Windows (HKLM\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)

Image Resizer for Windows (Version: 3.0.4802.35565 - Brice Lambson) Hidden

Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

join.me (HKCU\...\JoinMe) (Version: 1.14.0.132 - LogMeIn, Inc.)

K-Lite Codec Pack 9.7.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 9.7.0 - )

Malwarebytes Anti-Malware גירסה 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden

Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5 HEB Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden

Microsoft Application Compatibility Toolkit 5.6 (HKLM\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Office Access MUI (Hebrew) 2007 (Version: 12.0.4518.1016 - Microsoft Corporation) Hidden

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (Hebrew) 2007 (Version: 12.0.4518.1016 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Groove Setup Metadata MUI (Hebrew) 2007 (Version: 12.0.4518.1016 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (Hebrew) 2007 (Version: 12.0.4518.1016 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (Hebrew) 2007 (Version: 12.0.4518.1016 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (Hebrew) 2007 (Version: 12.0.4518.1016 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (Hebrew) 2007 (Version: 12.0.4518.1016 - Microsoft Corporation) Hidden

Microsoft Office Proof (Arabic) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (Hebrew) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (Russian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing (Hebrew) 2007 (Version: 12.0.4518.1016 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (Hebrew) 2007 (Version: 12.0.4518.1016 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (Hebrew) 2007 (Version: 12.0.4518.1016 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (Hebrew) 2007 (Version: 12.0.4518.1016 - Microsoft Corporation) Hidden

Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )

Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden

OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)

Origin (HKLM\...\Origin) (Version: 9.0.13.2141 - Electronic Arts, Inc.)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5672 - Realtek Semiconductor Corp.)

Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11033_25 - Samsung Electronics Co., Ltd.)

Samsung Kies (Version: 2.0.0.11033_25 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2300.0 - SAMSUNG Electronics Co., Ltd.)

Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)

SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden

SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden

Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden

Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

System Requirements Lab CYRI (HKLM\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)

Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden

TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden

Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden

Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

גלריית התמונות של Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

ערכת שפה של Microsoft .NET Framework 4.5 HEB (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.5.50709 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Tal\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Tal\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Tal\AppData\Local\Google\Chrome\Application\36.0.1985.143\delegate_execute.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tal\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

20-07-2014 19:55:35 נקודת ביקורת מתוזמנת

30-07-2014 12:39:11 נקודת ביקורת מתוזמנת

30-07-2014 16:05:22 Windows Update

07-08-2014 19:34:10 נקודת ביקורת מתוזמנת

15-08-2014 20:38:39 נקודת ביקורת מתוזמנת

25-08-2014 08:18:28 נקודת ביקורת מתוזמנת

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:04 - 2014-05-12 13:18 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {034512C9-DAB7-4DAD-85FA-261B462887CB} - System32\Tasks\RealCreateProcessScheduledTask592623321S-1-5-21-3579686740-1948245414-1388583087-1001 => C:\Program Files\Real\RealPlayer\update\realsched.exe

Task: {066AF6D1-10B3-47B0-9377-8AC2B9324C8B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3579686740-1948245414-1388583087-1001UA => C:\Users\Tal\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-22] (Google Inc.)

Task: {12D5E9F1-F36A-4A6E-87BE-AFA2A07BD35E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-21] (Google Inc.)

Task: {130B5DED-1960-4DB5-B2D4-A511F0D98C98} - System32\Tasks\{61255D31-CEDF-40D1-87E0-412897187C17} => E:\Program Files\EA SPORTS\FIFA 2002\fifa2002.exe

Task: {3005F8EC-CF0A-4975-8CA0-35B010CF5BBE} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3579686740-1948245414-1388583087-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe

Task: {428F2437-5796-420E-84D9-F5A67DDF9E66} - System32\Tasks\{43EC1AD6-6AD1-4EDA-8775-97BB3CBA0E4F} => E:\keen\keen1\keen1\KEEN1.EXE [1998-10-17] ()

Task: {6887D8C4-FD0E-4F03-93A7-79BE694393B8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3579686740-1948245414-1388583087-1001Core => C:\Users\Tal\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-22] (Google Inc.)

Task: {BC83CB1D-80DE-4760-BA9C-3207A31833AA} - System32\Tasks\{42323D30-C6FC-47E6-9476-4E1610D7FC7C} => E:\keen\keen1\keen1\KEEN1.EXE [1998-10-17] ()

Task: {D989273E-B6CA-4DAC-B8F5-EFAA2E0A126C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-21] (Google Inc.)

Task: {DF2ACAF7-B6A4-46B7-9219-A65ABBDEECBA} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3579686740-1948245414-1388583087-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe

Task: {E223D02C-23D6-4923-88E5-868992CE70FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3579686740-1948245414-1388583087-1001Core.job => C:\Users\Tal\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3579686740-1948245414-1388583087-1001UA.job => C:\Users\Tal\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-01-03 19:53 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll

2014-08-30 23:22 - 2014-08-30 23:22 - 01654296 _____ () C:\Program Files\AVG Secure Search\TBAPI.dll

2014-08-30 23:22 - 2014-08-30 23:22 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe

2014-08-30 23:22 - 2014-08-30 23:22 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll

2014-08-30 23:22 - 2014-08-30 23:22 - 02640408 _____ () C:\Program Files\AVG Secure Search\vprot.exe

2014-08-15 23:43 - 2014-08-07 06:20 - 00718152 _____ () C:\Users\Tal\AppData\Local\Google\Chrome\Application\36.0.1985.143\libglesv2.dll

2014-08-15 23:43 - 2014-08-07 06:20 - 00126280 _____ () C:\Users\Tal\AppData\Local\Google\Chrome\Application\36.0.1985.143\libegl.dll

2014-08-15 23:43 - 2014-08-07 06:20 - 08537928 _____ () C:\Users\Tal\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll

2014-08-15 23:43 - 2014-08-07 06:20 - 00353096 _____ () C:\Users\Tal\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll

2014-08-15 23:43 - 2014-08-07 06:20 - 01732936 _____ () C:\Users\Tal\AppData\Local\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Tal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FIFA 11 Registration.lnk => C:\Windows\pss\FIFA 11 Registration.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml

MSCONFIG\startupreg: BitComet => "E:\Program Files\BitComet\BitComet.exe" /tray

MSCONFIG\startupreg: DAEMON Tools Lite => "E:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

MSCONFIG\startupreg: EasyTune => "C:\Program Files\GIGABYTE\ET6\ETCall.exe"

MSCONFIG\startupreg: Google Update => "C:\Users\Tal\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: KiesHelper => C:\Program Files\Samsung\Kies\KiesHelper.exe /s

MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

MSCONFIG\startupreg: Steam => "D:\Program Files\Steam\steam.exe" -silent

MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (08/30/2014 11:22:25 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: ‏‏יישום שחלות בו תקלות: GoogleUpdate.exe, גירסה: 1.2.183.21, חותמת זמן: 0x4b95e661

שם מודול שחלות בו תקלות: ntdll.dll, גירסה: 6.1.7600.16385, חותמת זמן: 0x4a5bdadb

קוד חריגה: 0xc0000005

היסט תקלה: 0x00034190

מזהה תהליך שחלות בו תקלות: 0xac4

שעת ההפעלה של היישום שחלות בו תקלות: 0xGoogleUpdate.exe0

נתיב היישום שחלות בו תקלות: GoogleUpdate.exe1

נתיב המודול שחלות בו תקלות: GoogleUpdate.exe2

מזהה דוח: GoogleUpdate.exe3

Error: (08/30/2014 11:22:01 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: ‏‏יישום שחלות בו תקלות: GoogleUpdate.exe, גירסה: 1.3.21.103, חותמת זמן: 0x4f3c6d6c

שם מודול שחלות בו תקלות: ntdll.dll, גירסה: 6.1.7600.16385, חותמת זמן: 0x4a5bdadb

קוד חריגה: 0xc0000005

היסט תקלה: 0x00034190

מזהה תהליך שחלות בו תקלות: 0x1734

שעת ההפעלה של היישום שחלות בו תקלות: 0xGoogleUpdate.exe0

נתיב היישום שחלות בו תקלות: GoogleUpdate.exe1

נתיב המודול שחלות בו תקלות: GoogleUpdate.exe2

מזהה דוח: GoogleUpdate.exe3

Error: (08/29/2014 00:29:46 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: ‏‏יישום שחלות בו תקלות: GoogleUpdate.exe, גירסה: 1.3.21.103, חותמת זמן: 0x4f3c6d6c

שם מודול שחלות בו תקלות: ntdll.dll, גירסה: 6.1.7600.16385, חותמת זמן: 0x4a5bdadb

קוד חריגה: 0xc0000005

היסט תקלה: 0x00034190

מזהה תהליך שחלות בו תקלות: 0x15e4

שעת ההפעלה של היישום שחלות בו תקלות: 0xGoogleUpdate.exe0

נתיב היישום שחלות בו תקלות: GoogleUpdate.exe1

נתיב המודול שחלות בו תקלות: GoogleUpdate.exe2

מזהה דוח: GoogleUpdate.exe3

Error: (08/29/2014 00:27:20 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: ‏‏יישום שחלות בו תקלות: GoogleUpdate.exe, גירסה: 1.2.183.21, חותמת זמן: 0x4b95e661

שם מודול שחלות בו תקלות: ntdll.dll, גירסה: 6.1.7600.16385, חותמת זמן: 0x4a5bdadb

קוד חריגה: 0xc0000005

היסט תקלה: 0x00034190

מזהה תהליך שחלות בו תקלות: 0x13e4

שעת ההפעלה של היישום שחלות בו תקלות: 0xGoogleUpdate.exe0

נתיב היישום שחלות בו תקלות: GoogleUpdate.exe1

נתיב המודול שחלות בו תקלות: GoogleUpdate.exe2

מזהה דוח: GoogleUpdate.exe3

Error: (08/27/2014 10:19:33 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: ‏‏יישום שחלות בו תקלות: GoogleUpdate.exe, גירסה: 1.2.183.21, חותמת זמן: 0x4b95e661

שם מודול שחלות בו תקלות: ntdll.dll, גירסה: 6.1.7600.16385, חותמת זמן: 0x4a5bdadb

קוד חריגה: 0xc0000005

היסט תקלה: 0x00034190

מזהה תהליך שחלות בו תקלות: 0x6f0

שעת ההפעלה של היישום שחלות בו תקלות: 0xGoogleUpdate.exe0

נתיב היישום שחלות בו תקלות: GoogleUpdate.exe1

נתיב המודול שחלות בו תקלות: GoogleUpdate.exe2

מזהה דוח: GoogleUpdate.exe3

Error: (08/25/2014 10:46:37 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: ‏‏יישום שחלות בו תקלות: GoogleUpdate.exe, גירסה: 1.3.21.103, חותמת זמן: 0x4f3c6d6c

שם מודול שחלות בו תקלות: ntdll.dll, גירסה: 6.1.7600.16385, חותמת זמן: 0x4a5bdadb

קוד חריגה: 0xc0000005

היסט תקלה: 0x00034190

מזהה תהליך שחלות בו תקלות: 0xc8c

שעת ההפעלה של היישום שחלות בו תקלות: 0xGoogleUpdate.exe0

נתיב היישום שחלות בו תקלות: GoogleUpdate.exe1

נתיב המודול שחלות בו תקלות: GoogleUpdate.exe2

מזהה דוח: GoogleUpdate.exe3

Error: (08/24/2014 01:54:12 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: ‏‏יישום שחלות בו תקלות: GoogleUpdate.exe, גירסה: 1.3.21.103, חותמת זמן: 0x4f3c6d6c

שם מודול שחלות בו תקלות: ntdll.dll, גירסה: 6.1.7600.16385, חותמת זמן: 0x4a5bdadb

קוד חריגה: 0xc0000005

היסט תקלה: 0x00034190

מזהה תהליך שחלות בו תקלות: 0xc4c

שעת ההפעלה של היישום שחלות בו תקלות: 0xGoogleUpdate.exe0

נתיב היישום שחלות בו תקלות: GoogleUpdate.exe1

נתיב המודול שחלות בו תקלות: GoogleUpdate.exe2

מזהה דוח: GoogleUpdate.exe3

Error: (08/22/2014 08:06:41 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: ‏‏יישום שחלות בו תקלות: GoogleUpdate.exe, גירסה: 1.3.21.103, חותמת זמן: 0x4f3c6d6c

שם מודול שחלות בו תקלות: ntdll.dll, גירסה: 6.1.7600.16385, חותמת זמן: 0x4a5bdadb

קוד חריגה: 0xc0000005

היסט תקלה: 0x00034190

מזהה תהליך שחלות בו תקלות: 0x1668

שעת ההפעלה של היישום שחלות בו תקלות: 0xGoogleUpdate.exe0

נתיב היישום שחלות בו תקלות: GoogleUpdate.exe1

נתיב המודול שחלות בו תקלות: GoogleUpdate.exe2

מזהה דוח: GoogleUpdate.exe3

Error: (08/22/2014 08:04:38 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: ‏‏יישום שחלות בו תקלות: GoogleUpdate.exe, גירסה: 1.2.183.21, חותמת זמן: 0x4b95e661

שם מודול שחלות בו תקלות: ntdll.dll, גירסה: 6.1.7600.16385, חותמת זמן: 0x4a5bdadb

קוד חריגה: 0xc0000005

היסט תקלה: 0x00034190

מזהה תהליך שחלות בו תקלות: 0x484

שעת ההפעלה של היישום שחלות בו תקלות: 0xGoogleUpdate.exe0

נתיב היישום שחלות בו תקלות: GoogleUpdate.exe1

נתיב המודול שחלות בו תקלות: GoogleUpdate.exe2

מזהה דוח: GoogleUpdate.exe3

Error: (08/17/2014 01:35:54 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: ‏‏יישום שחלות בו תקלות: GoogleUpdate.exe, גירסה: 1.2.183.21, חותמת זמן: 0x4b95e661

שם מודול שחלות בו תקלות: ntdll.dll, גירסה: 6.1.7600.16385, חותמת זמן: 0x4a5bdadb

קוד חריגה: 0xc0000005

היסט תקלה: 0x0005ea89

מזהה תהליך שחלות בו תקלות: 0x1054

שעת ההפעלה של היישום שחלות בו תקלות: 0xGoogleUpdate.exe0

נתיב היישום שחלות בו תקלות: GoogleUpdate.exe1

נתיב המודול שחלות בו תקלות: GoogleUpdate.exe2

מזהה דוח: GoogleUpdate.exe3

System errors:

=============

Error: (08/27/2014 10:12:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לתגובת טרנזקציה משירות Netman.

Error: (08/27/2014 01:54:23 AM) (Source: BugCheck) (EventID: 1001) (User: )

Description: 0x0000000a (0x00000028, 0x00000002, 0x00000001, 0x832681b9)C:\Windows\MEMORY.DMP082714-28002-01

Error: (08/27/2014 01:54:11 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 01:52:11 on ‎27/‎08/‎2014 was unexpected.

Error: (08/27/2014 00:16:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לתגובת טרנזקציה משירות Netman.

Error: (08/26/2014 08:53:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לתגובת טרנזקציה משירות ShellHWDetection.

Error: (08/20/2014 06:19:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לתגובת טרנזקציה משירות Netman.

Error: (08/17/2014 01:25:45 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לתגובת טרנזקציה משירות Netman.

Error: (08/14/2014 03:12:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לתגובת טרנזקציה משירות ShellHWDetection.

Error: (08/13/2014 01:57:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לתגובת טרנזקציה משירות Netman.

Error: (08/12/2014 00:24:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לתגובת טרנזקציה משירות Netman.

Microsoft Office Sessions:

=========================

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7400 @ 2.80GHz

Percentage of memory in use: 36%

Total physical RAM: 3326.49 MB

Available physical RAM: 2096.18 MB

Total Pagefile: 6651.26 MB

Available Pagefile: 4747.65 MB

Total Virtual: 2047.88 MB

Available Virtual: 1888.54 MB

==================== Drives ================================

Drive c: (Vol1) (Fixed) (Total:175.78 GB) (Free:132.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (Vol2) (Fixed) (Total:195.31 GB) (Free:168.54 GB) NTFS

Drive e: (Vol3) (Fixed) (Total:225.07 GB) (Free:178.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 4A894A89)

Partition 1: (Active) - (Size=175.8 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=420.4 GB) - (Type=OF Extended)

==================== End Of Log ============================

can you please explain what that reports mean?

Edited by tal5, 30 August 2014 - 06:58 PM.

#6 $Very slow Windows\IExplorer and Chrome [Solved]: post #6$
tal5

Posted 31 August 2014 - 03:29 PM

Member

Topic Starter
Member
46 posts

bump again...

#7 $Very slow Windows\IExplorer and Chrome [Solved]: post #7$
DanoNH

Posted 01 September 2014 - 01:20 AM

Trusted Helper

Malware Removal
2,155 posts

Hi tal5. Please allow a couple of days for a response.

I have seen that you posted logs and need some time to properly research your situation and get approval before posting back here.

Please be patient. :whistling:

#8 $Very slow Windows\IExplorer and Chrome [Solved]: post #8$
DanoNH

Posted 01 September 2014 - 08:00 AM

Trusted Helper

Malware Removal
2,155 posts

Hello tal5, and thanks for your patience.

First

Please answer the following question for me:

Do you know why there are two Program Files folder locations (C:\Program Files and E:\Program Files) on your system? Did you install software this way?

Step 2

Please uninstall the following programs from your system:

MyFreeCodec
Java 7 Update 45

Step 3

Remove DAEMON Tools:

DAEMON Tools can demonstrate rootkit behavior, and interfere with malware cleanup. Please download the SPTD standalone installer from Duplex Secure:

32-bit: http://www.duplexsec...st-v186-x86.exe

Run it and choose Uninstall. If you want to resume using it after we're done, you can easily reinstall it, but please keep from using it until we're all done here.

Step 4

You have BitComet P2P Software installed and running. While this software may have been intentionally installed on the system, and the program itself may be safe, the files shared with these programs often carry an unknown malware payload.

Besides installing malware, the use of these programs can expose sensitive information beloning to you or your employer to the Internet, make your system vulnerable to unwanted attacks by exploiting known security issues, block your Internet access, and can possibly subject you to copyright infringement prosecution.

If you do decice to keep any P2P programs, please uninstall them until after we've finished and your system is declared clean.

You can read more about the risks of using P2P software at these links:

Step 5

You have traces of 5 different AVG versions on your system. Let's clean that up, and try a different Anti-Virus program to see if that is less resource-intensive on your system.

First, download the Avast! Anti-Virus install program from here, but don't run it just yet.

Then, please download and run the following AVG Uninstallers and run them in this order. If prompted to reboot, please do this and resume the steps afterwards:

Step 6

Install Avast! Anti-Virus from the installer you downloaded earlier.

Finally

Please download a new copy of the Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click on FRST on your Desktop and choose Run as Administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens, if asked, click Yes to disclaimer.
Download attached fixlist.txt file and save it to your Desktop.

fixlist.txt 4.22KB 226 downloads

(NOTE. It's important that both files, FRST/FRST64 and fixlist.txt, are in the same location or the fix will not work.)

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt).

Please post the contents of that log file to your next reply.

#9 $Very slow Windows\IExplorer and Chrome [Solved]: post #9$
tal5

Posted 01 September 2014 - 03:37 PM

Member

Topic Starter
Member
46 posts

First-

The others program files folders are because I created them, not because something else

Step 2

Please uninstall the following programs from your system:

MyFreeCodec- Done
Java 7 Update 45- At the ending there was an DLL error- what thats mean???

Step 3

Remove DAEMON Tools:

DAEMON Tools can demonstrate rootkit behavior, and interfere with malware cleanup. Please download the SPTD standalone installer from Duplex Secure:

32-bit: http://www.duplexsec...st-v186-x86.exe

Run it and choose Uninstall. - This option was disable. I removed it via Control panel.

and- the report-

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-08-2014 02

Ran by Tal at 2014-09-02 00:07:03 Run:1

Running from C:\Users\Tal\Downloads\FRST

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\...\MountPoints2: {0e11ed53-afa4-11e0-8406-001fd0d54707} - H:\AUTORUN.EXE

BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> E:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)

BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File

S4 NVHDA; system32\drivers\nvhda32v.sys [X]

S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

C:\Windows\system32\Drivers\nvhda32v.sys

C:\Windows\system32\Drivers\nvlddmkm.sys

2014-08-27 23:32 - 2009-07-14 07:34 - 00014016 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-27 23:32 - 2009-07-14 07:34 - 00014016 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

Task: {12D5E9F1-F36A-4A6E-87BE-AFA2A07BD35E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-21] (Google Inc.)

Task: {130B5DED-1960-4DB5-B2D4-A511F0D98C98} - System32\Tasks\{61255D31-CEDF-40D1-87E0-412897187C17} => E:\Program Files\EA SPORTS\FIFA 2002\fifa2002.exe

Task: {428F2437-5796-420E-84D9-F5A67DDF9E66} - System32\Tasks\{43EC1AD6-6AD1-4EDA-8775-97BB3CBA0E4F} => E:\keen\keen1\keen1\KEEN1.EXE [1998-10-17] ()

Task: {BC83CB1D-80DE-4760-BA9C-3207A31833AA} - System32\Tasks\{42323D30-C6FC-47E6-9476-4E1610D7FC7C} => E:\keen\keen1\keen1\KEEN1.EXE [1998-10-17] ()

Task: {D989273E-B6CA-4DAC-B8F5-EFAA2E0A126C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-21] (Google Inc.)

EmptyTemp:

*****************

"HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e11ed53-afa4-11e0-8406-001fd0d54707}" => Key deleted successfully.

"HKCR\CLSID\{0e11ed53-afa4-11e0-8406-001fd0d54707}" => Key not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}" => Key not found.

"HKCR\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}" => Key not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully.

"HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.

"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key deleted successfully.

"HKCR\PROTOCOLS\Handler\linkscanner" => Key not found.

"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key not found.

NVHDA => Service deleted successfully.

nvlddmkm => Service deleted successfully.

"C:\Windows\system32\Drivers\nvhda32v.sys" => File/Directory not found.

"C:\Windows\system32\Drivers\nvlddmkm.sys" => File/Directory not found.

C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 => Moved successfully.

C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 => Moved successfully.

"HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.

"HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.

"HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.

"HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.

"HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.

"HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.

"HKU\S-1-5-21-3579686740-1948245414-1388583087-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{034512C9-DAB7-4DAD-85FA-261B462887CB}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{034512C9-DAB7-4DAD-85FA-261B462887CB}" => Key deleted successfully.

C:\Windows\System32\Tasks\RealCreateProcessScheduledTask592623321S-1-5-21-3579686740-1948245414-1388583087-1001 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealCreateProcessScheduledTask592623321S-1-5-21-3579686740-1948245414-1388583087-1001" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{066AF6D1-10B3-47B0-9377-8AC2B9324C8B}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{066AF6D1-10B3-47B0-9377-8AC2B9324C8B}" => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3579686740-1948245414-1388583087-1001UA => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3579686740-1948245414-1388583087-1001UA" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12D5E9F1-F36A-4A6E-87BE-AFA2A07BD35E}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12D5E9F1-F36A-4A6E-87BE-AFA2A07BD35E}" => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{130B5DED-1960-4DB5-B2D4-A511F0D98C98}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{130B5DED-1960-4DB5-B2D4-A511F0D98C98}" => Key deleted successfully.

C:\Windows\System32\Tasks\{61255D31-CEDF-40D1-87E0-412897187C17} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{61255D31-CEDF-40D1-87E0-412897187C17}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3005F8EC-CF0A-4975-8CA0-35B010CF5BBE}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3005F8EC-CF0A-4975-8CA0-35B010CF5BBE}" => Key deleted successfully.

C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3579686740-1948245414-1388583087-1001 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3579686740-1948245414-1388583087-1001" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{428F2437-5796-420E-84D9-F5A67DDF9E66}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{428F2437-5796-420E-84D9-F5A67DDF9E66}" => Key deleted successfully.

C:\Windows\System32\Tasks\{43EC1AD6-6AD1-4EDA-8775-97BB3CBA0E4F} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{43EC1AD6-6AD1-4EDA-8775-97BB3CBA0E4F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6887D8C4-FD0E-4F03-93A7-79BE694393B8}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6887D8C4-FD0E-4F03-93A7-79BE694393B8}" => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3579686740-1948245414-1388583087-1001Core => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3579686740-1948245414-1388583087-1001Core" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC83CB1D-80DE-4760-BA9C-3207A31833AA}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC83CB1D-80DE-4760-BA9C-3207A31833AA}" => Key deleted successfully.

C:\Windows\System32\Tasks\{42323D30-C6FC-47E6-9476-4E1610D7FC7C} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{42323D30-C6FC-47E6-9476-4E1610D7FC7C}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D989273E-B6CA-4DAC-B8F5-EFAA2E0A126C}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D989273E-B6CA-4DAC-B8F5-EFAA2E0A126C}" => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DF2ACAF7-B6A4-46B7-9219-A65ABBDEECBA}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF2ACAF7-B6A4-46B7-9219-A65ABBDEECBA}" => Key deleted successfully.

C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3579686740-1948245414-1388583087-1001 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3579686740-1948245414-1388583087-1001" => Key deleted successfully.

EmptyTemp: => Removed 609.5 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#10 $Very slow Windows\IExplorer and Chrome [Solved]: post #10$
DanoNH

Posted 01 September 2014 - 06:47 PM

Trusted Helper

Malware Removal
2,155 posts

Thank you.

Run it and choose Uninstall. - This option was disable. I removed it via Control panel.

What happened to Steps 4 and 5? Those are important. Did you have any questions about the instructions I posted?

If BitComet or other P2P programs (Step 4) are running, I'm afraid I may not be allowed to continue to help you.

The AVG cleanup step (Step 5) is required because there are components present on your system from different versions. There are also a LOT of background processes and activity present with AVG, and I've heard that there have been an increasing number of complaints about system slow-downs with AVG lately. I'd like you to try Avast! FREE Anti-Virus instead to see if that improves your system slowdown issues.

#11 $Very slow Windows\IExplorer and Chrome [Solved]: post #11$
tal5

Posted 02 September 2014 - 07:30 AM

Member

Topic Starter
Member
46 posts

Step 4

BitComet P2P Software - Removed before I upload my log, I dunno why It still working...

Step 5

AVG Remover(32bit) 2014- I tried to delete it but as you said- many resets...
AVG Remover(32bit) 2013- removed...

I dont know why you still see the process from those programs..

Maybe there is another solution??

#12 $Very slow Windows\IExplorer and Chrome [Solved]: post #12$
DanoNH

Posted 02 September 2014 - 12:38 PM

Trusted Helper

Malware Removal
2,155 posts

Hi tal5,

I haven't seen a new log yet to tell me whether or not BitComet and AVG were removed. Those entries were in the initial log you posted above in Post # 5. I was just asking about those steps since it seemed like you might have missed them.

A few more questions for you:

So you were successful in uninstalling BitComet and AVG?
Have you installed Avast and updated it? If you haven't installed it yet, here's a direct download link for Avast Free Anti-Virus. Please try installing it, but only if AVG has been completely uninstalled..
How is the system running now?

#13 $Very slow Windows\IExplorer and Chrome [Solved]: post #13$
tal5

Posted 02 September 2014 - 02:17 PM

Member

Topic Starter
Member
46 posts

Hi tal5,

I haven't seen a new log yet to tell me whether or not BitComet and AVG were removed. Those entries were in the initial log you posted above in Post # 5. I was just asking about those steps since it seemed like you might have missed them.

A few more questions for you:

So you were successful in uninstalling BitComet and AVG? YES, there is no AVG on Add\Remove programs

Have you installed Avast and updated it? YES

Let me check how my computer works now, I'll give you my report later.

Thank you very much until now!!! :spoton:

Edited by tal5, 02 September 2014 - 02:27 PM.

#14 $Very slow Windows\IExplorer and Chrome [Solved]: post #14$
DanoNH

Posted 02 September 2014 - 03:51 PM

Trusted Helper

Malware Removal
2,155 posts

Thank you for the feedback. I'd like to get a new set of logs please:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click on FRST on your Desktop and choose Run as Administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens, if asked, click Yes to disclaimer.
Make sure the Addition.txt check-box is checked.
Press Scan button.
It will produce two logs called FRST.txt and Addition.txt in the same directory the tool is run from.
Please copy and paste the contents of both of those logs back here.

#15 $Very slow Windows\IExplorer and Chrome [Solved]: post #15$
tal5

Posted 03 September 2014 - 07:43 AM

Member

Topic Starter
Member
46 posts

FRST log-

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2014

Ran by Tal (administrator) on TAL-PC on 03-09-2014 16:12:15

Running from C:\Users\Tal\Downloads

Platform: Microsoft Windows 7 Ultimate (X86) OS Language: עברית (ישראל)‏

Internet Explorer Version 8

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Google Inc.) C:\Users\Tal\AppData\Local\Google\Update\GoogleUpdate.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Google Inc.) C:\Users\Tal\AppData\Local\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Tal\Downloads\FRST (1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-07-24] (Realtek Semiconductor)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [vProt] => "C:\Program Files\AVG Secure Search\vprot.exe"

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-01] (AVAST Software)

HKU\S-1-5-21-3579686740-1948245414-1388583087-1001\...\Run: [Google Update] => C:\Users\Tal\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-22] (Google Inc.)

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = he

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynet.co.il/

SearchScopes: HKCU - DefaultScope {9E9F6E56-2C4C-412A-A8F5-00EF260A2962} URL = http://www.google.co...q={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {9E9F6E56-2C4C-412A-A8F5-00EF260A2962} URL = http://www.google.co...q={searchTerms}

BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File

BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...r_5.0.127.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://bhome.bezeq....SetupClient.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:

========

FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File

FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File