anyway did it so :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-11-2015
Ran by Idan (administrator) on IDAN-PC (22-11-2015 17:53:56)
Running from C:\Users\Idan\Desktop
Loaded Profiles: Idan (Available Profiles: Idan & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLEDService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLED.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Idan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(ArcSoft, Inc.) C:\Users\Idan\HITACHI\arcsoft\uBBMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Users\Idan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Idan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Idan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Idan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Idan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Idan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Idan\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-23] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [2598280 2010-02-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231264 2009-09-02] (Lenovo.)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4400064 2009-12-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-26] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2569616 2015-10-05] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\Run: [Dropbox Update] => C:\Users\Idan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-19] (Dropbox, Inc.)
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\MountPoints2: {98e8c78f-3241-11e1-ab52-f07bcbde0ae5} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\...\MountPoints2: {dfbebc7a-b55d-11e0-b86f-a3c90d25e841} - E:\autorun.exe
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Idan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-05-28]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk [2011-04-27]
ShortcutTarget: TotalMedia Backup Monitor.lnk -> C:\Users\Idan\HITACHI\arcsoft\uBBMonitor.exe (ArcSoft, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 80.179.52.100 80.179.55.100
Tcpip\..\Interfaces\{B72D62AF-EA28-4399-9C8A-FD32BEC3CEF7}: [DhcpNameServer] 80.179.52.100 80.179.55.100
Tcpip\..\Interfaces\{EACC8061-2EFA-49E1-9466-8464DAABB7BE}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-85820212-1267379632-1251349074-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.walla.co.il/
URLSearchHook: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={A29C3F15-3333-4742-8D5C-4FF06085CD6C}&mid=982657a7d75d47d699ed21328d3ae316-325d026aa9ebb2d49db438ba10021cddd1d72988&lang=us&ds=AVG&pr=fr&d=2011-12-11 22:06:50&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={A29C3F15-3333-4742-8D5C-4FF06085CD6C}&mid=982657a7d75d47d699ed21328d3ae316-325d026aa9ebb2d49db438ba10021cddd1d72988&lang=us&ds=AVG&pr=fr&d=2011-12-11 22:06:50&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: IEPwdBankBHO Class -> {56CBB761-DA41-4E31-B270-B13B4B0A61D0} -> C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll [2010-01-25] (Egis Technology Inc. )
BHO-x32: AGFormHelperObj Class -> {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} -> C:\Program Files (x86)\agat\AGForm\AGFormsHelper.dll [2013-07-24] (Agat software solutions)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-31] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.9.0.230\AVG Secure Search_toolbar.dll [2015-10-05] (AVG Secure Search)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-31] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.9.0.230\AVG Secure Search_toolbar.dll [2015-10-05] (AVG Secure Search)
Toolbar: HKLM-x32 - Agat.AGForms.Toolbar.AGFormsToolbar - {8fe28f46-37ad-47b2-8258-34c128636ace} - C:\windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-85820212-1267379632-1251349074-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.9.0\ViProtocol.dll [2015-10-05] (AVG Secure Search)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Idan\AppData\Roaming\Mozilla\Firefox\Profiles\1bg2zy70.default
FF Homepage: hxxp://www.walla.co.il/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.9.0\\npsitesafety.dll [No File]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> d:\media\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> d:\media\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> d:\media\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> d:\media\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-85820212-1267379632-1251349074-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Idan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-85820212-1267379632-1251349074-1000: @talk.google.com/O1DPlugin -> C:\Users\Idan\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-85820212-1267379632-1251349074-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Idan\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-85820212-1267379632-1251349074-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Idan\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF user.js: detected! => C:\Users\Idan\AppData\Roaming\Mozilla\Firefox\Profiles\1bg2zy70.default\user.js [2015-04-28]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-12-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-12-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-12-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-12-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-12-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\cgpcfg.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\CgpCore.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\confmgr.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\ctxlogging.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\ctxmui.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\icafile.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\icalogon.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\msvcm80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\msvcp80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\msvcr80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\npicaN.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\sslsdk_b.dll [2008-06-05] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Idan\AppData\Roaming\mozilla\plugins\TcpPServ.dll [2008-08-16] (Citrix Systems, Inc.)
FF Extension: No Name - C:\ProgramData\AVG Secure Search\FireFoxExt\18.9.0.230 [2015-11-22] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-09-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.9.0.230
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Native Client) - C:\Users\Idan\AppData\Local\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Idan\AppData\Local\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Idan\AppData\Local\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Idan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Idan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Idan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Idan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (VLC Multimedia Plug-in) - d:\media\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Profile: C:\Users\Idan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Idan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx <not found>
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1563664 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [873248 2010-02-18] (Broadcom Corporation.)
R2 EgisTec Data Security Service; C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe [313200 2010-01-25] (Egis Technology Inc. )
R2 EgisTec Service Help; c:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [319344 2010-01-28] (Egis Technology Inc. )
R2 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-02-05] (Realtek Semiconductor Corp.) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2973400 2015-08-04] (AVG Technologies)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies)
R2 UxTuneUp; C:\windows\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies)
R2 vToolbarUpdater18.9.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\ToolbarUpdater.exe [1862032 2015-10-05] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [77760 2015-07-09] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [118016 2009-08-27] (TCT International Mobile Ltd)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [214912 2010-01-27] (Vimicro Corporation)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-22 17:53 - 2015-11-22 17:56 - 00031939 _____ C:\Users\Idan\Desktop\FRST.txt
2015-11-22 17:53 - 2015-11-22 17:53 - 00000000 ____D C:\FRST
2015-11-22 17:51 - 2015-11-22 17:52 - 02345984 _____ (Farbar) C:\Users\Idan\Desktop\FRST64.exe
2015-11-21 21:00 - 2015-11-22 08:22 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-21 20:40 - 2015-11-22 08:22 - 00000000 ____D C:\Users\Idan\Downloads\SmitfraudFix
2015-11-21 19:58 - 2015-11-22 08:22 - 00000000 ____D C:\Program Files\HitmanPro
2015-11-21 19:58 - 2015-11-21 20:23 - 00000000 ____D C:\ProgramData\HitmanPro
2015-11-21 18:39 - 2015-11-21 18:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-21 17:15 - 2015-11-21 18:31 - 00000000 ____D C:\AdwCleaner
2015-11-21 17:14 - 2015-11-21 17:14 - 00000051 _____ C:\Users\Idan\Desktop\webvi.txt
2015-11-11 05:46 - 2015-11-22 08:22 - 00000000 ____D C:\Users\Idan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-07 09:26 - 2015-11-22 08:22 - 00000000 ____D C:\Intel
2015-11-02 19:04 - 2015-11-02 19:04 - 00000000 _____ C:\windows\setuperr.log
2015-10-25 23:27 - 2015-10-25 23:38 - 00052916 _____ C:\Users\Idan\Desktop\מצגת מזוקקת-טיוטא3.pptx
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-22 17:50 - 2010-05-28 12:40 - 03325952 _____ C:\windows\system32\TPAPSLOG.LOG
2015-11-22 17:49 - 2012-08-01 22:11 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-22 17:47 - 2010-10-26 23:01 - 00000000 ____D C:\ProgramData\MFAData
2015-11-22 17:42 - 2015-09-19 09:37 - 00000914 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000UA.job
2015-11-22 17:33 - 2010-05-28 12:40 - 03234432 _____ C:\windows\system32\TPHDLOG0.LOG
2015-11-22 17:29 - 2009-07-14 06:45 - 00013632 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-22 17:29 - 2009-07-14 06:45 - 00013632 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-22 17:23 - 2013-01-24 18:11 - 00000354 _____ C:\windows\Tasks\ROC_JAN2013_TB_rmv.job
2015-11-22 17:13 - 2010-09-16 21:42 - 00000934 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000UA.job
2015-11-22 10:55 - 2010-05-28 11:41 - 02053682 _____ C:\windows\WindowsUpdate.log
2015-11-22 10:42 - 2015-09-19 09:37 - 00000862 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000Core.job
2015-11-22 08:32 - 2015-10-10 23:17 - 00001512 _____ C:\windows\setupact.log
2015-11-22 08:32 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-22 08:24 - 2015-04-07 02:01 - 00000000 ___SD C:\windows\system32\GWX
2015-11-22 08:24 - 2010-11-29 19:41 - 00000000 ____D C:\Users\Guest
2015-11-22 08:24 - 2010-08-21 07:45 - 00000000 ____D C:\Users\Idan
2015-11-22 08:24 - 2009-07-29 09:23 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-22 08:24 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-11-22 08:24 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-11-22 08:23 - 2011-11-13 21:11 - 00000000 ____D C:\windows\system32\Macromed
2015-11-22 08:23 - 2010-08-21 13:57 - 00000000 ____D C:\windows\SysWOW64\Macromed
2015-11-22 08:22 - 2015-04-23 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-11-22 08:22 - 2014-12-13 00:18 - 00000000 ____D C:\Users\Idan\Desktop\Tor Browser
2015-11-22 08:22 - 2014-08-29 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-22 08:22 - 2014-04-28 00:24 - 00000000 ____D C:\ProgramData\AVG Secure Search
2015-11-22 08:22 - 2013-10-21 19:07 - 00000000 ____D C:\ProgramData\Oracle
2015-11-22 08:22 - 2012-05-11 20:18 - 00000000 ____D C:\Users\Idan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BS.Player
2015-11-22 08:22 - 2011-12-11 22:07 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2015-11-22 08:22 - 2011-07-15 16:06 - 00000000 ____D C:\Users\Idan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-22 08:22 - 2011-04-27 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Backup
2015-11-22 08:22 - 2011-01-25 22:15 - 00000000 ____D C:\Users\Idan\AppData\Roaming\Dropbox
2015-11-22 08:22 - 2010-10-26 23:16 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-11-22 08:22 - 2010-09-18 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule
2015-11-22 08:22 - 2010-08-21 07:45 - 00000000 ____D C:\Users\Idan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-11-22 08:22 - 2009-07-29 09:23 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-22 08:22 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-11-22 08:20 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration
2015-11-22 08:11 - 2013-08-20 19:11 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-21 11:55 - 2015-08-31 17:31 - 00000000 ____D C:\Users\Idan\.oracle_jre_usage
2015-11-21 03:44 - 2013-07-17 02:01 - 00000000 ____D C:\windows\system32\MRT
2015-11-12 23:13 - 2010-09-16 21:42 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-85820212-1267379632-1251349074-1000Core.job
2015-11-12 18:34 - 2010-08-28 00:03 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{8F7EFE37-AFAB-448D-8C57-4D7D7A2DD129}
2015-11-10 23:49 - 2012-08-01 22:11 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 23:49 - 2012-03-29 23:58 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 23:49 - 2011-05-20 08:45 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-10 19:10 - 2015-04-23 12:24 - 00000965 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-11-05 18:57 - 2009-07-14 07:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-03 19:02 - 2010-05-28 12:52 - 00729826 _____ C:\windows\PFRO.log
2015-10-27 19:29 - 2010-09-03 16:07 - 00000000 ____D C:\Users\Idan\אישי
==================== Files in the root of some directories =======
2013-12-09 12:45 - 2014-06-23 05:09 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2010-09-04 15:37 - 2015-09-27 15:47 - 0008192 _____ () C:\Users\Idan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-07 10:24 - 2012-12-07 10:24 - 0004096 ____H () C:\Users\Idan\AppData\Local\keyfile3.drm
2010-12-01 22:40 - 2010-12-01 22:40 - 0000017 _____ () C:\Users\Idan\AppData\Local\resmon.resmoncfg
2013-11-02 21:35 - 2013-11-02 21:37 - 0002216 _____ () C:\Users\Idan\AppData\Local\WiDiSetupLog.20131102.213526.txt
2013-11-02 21:37 - 2013-11-02 21:37 - 0002218 _____ () C:\Users\Idan\AppData\Local\WiDiSetupLog.20131102.213728.txt
2010-08-27 22:15 - 2010-08-27 22:15 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-20 22:51
==================== End of FRST.txt ============================