Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I7 working very slow [Closed]

Started by tal5 , Feb 23 2019 04:37 PM

This topic is locked

#1
tal5

Posted 23 February 2019 - 04:37 PM

Member

Member
46 posts

Hello, I used this forum I think 3-4 years ago and it was super with your help.

My computer is with me since 2014, it was very good to use, until half a year ago, dont know what happend.

Its very slow from the startup of windows( using windows 10 home- maybe the updates is what making the big problem?) and also when Im using the net, slow performance at Youtube for example, and I have 40 mb internet, also very high ping when im playing online... something wrong and i am not sure what it is, especially in this last two weeks.

I think its need some good clean, I'll very appriciate your help!!

Edited by tal5, 26 February 2019 - 04:29 PM.

#2
iMacg3

Posted 25 February 2019 - 09:20 AM

GeekU PowerPC G3

GeekU Moderator
1,921 posts

Welcome to the Geeks to Go Malware Removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:

Do not run any fixes or tools on your system unless I request that you do so.
Please read all instructions carefully, and complete them in the order listed.
If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
If you have pirated or illegal software on your computer, uninstall it now before proceeding.
If you don't respond to your topic in 4 days, it will be closed. You can have it reopened by contacting me or any staff member by pm with the address of the thread.
If you have questions about anything, please ask.

--------------------

Download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
If you receive a SmartScreen pop-up, click More Info, then Run Anyway.
When the tool opens, click Yes to the disclaimer.
Press the Scan button.
When finished, two log files will open - FRST.txt and Addition.txt.
Copy and paste the contents of FRST.txt and Addition.txt into your next reply.

Note - FRST.txt and Addition.txt are saved to the same location as FRST/FRST64.

#3
tal5

Posted 26 February 2019 - 04:23 PM

Member

Topic Starter
Member
46 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.02.2019 01

Ran by Tal Oren (administrator) on TALPC (27-02-2019 00:11:27)

Running from C:\Users\Tal Oren\Desktop

Loaded Profiles: Tal Oren (Available Profiles: Tal Oren)

Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: ‏‏עברית (ישראל)

Default browser: Chrome

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe

(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe

(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe

(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe

(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe

(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe

(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe

(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe

(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe

(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe

(Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe

(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe

(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe

(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe

(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\NisSrv.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe

(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeApp.exe

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe

(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe

(Cambridge Silicon Radio Ltd. -> ) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe

(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe

(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe

(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe

(Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\ScanToPCActivationApp.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPNetworkCommunicatorCom.exe

(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe

(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe

(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe

(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe

(Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe

(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe

() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\OpenWith.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Fortemedia Inc. -> ) C:\Program Files\Realtek\Audio\HDA\FMAPP.exe

(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)

HKLM\...\Run: [CsrHCRPServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe [1134288 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)

HKLM\...\Run: [CsrAudioguiCtrl] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe [511696 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)

HKLM\...\Run: [CsrSyncMLServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe [244944 2012-03-22] (Cambridge Silicon Radio Ltd. -> )

HKLM\...\Run: [vksts] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [25792 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)

HKLM\...\Run: [HarmonyUserStartup] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [39128 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)

HKLM\...\Run: [CSRHarmonySkypePlugin] => C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe [146656 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)

HKLM\...\Run: [TrayApplication] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe [529616 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)

HKLM-x32\...\Run: [Nero BackItUp] => C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\BackItUp.exe [1164664 2017-09-12] (Nero AG -> Nero AG)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)

HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)

HKU\S-1-5-21-4065107873-1078513731-456442432-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-10] (Valve -> Valve Corporation)

HKU\S-1-5-21-4065107873-1078513731-456442432-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5230784 2017-12-15] (Disc Soft Ltd -> Disc Soft Ltd)

HKU\S-1-5-21-4065107873-1078513731-456442432-1001\...\Run: [HP OfficeJet Pro 8720 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\ScanToPCActivationApp.exe [3770504 2018-04-06] (Hewlett Packard -> HP Inc.)

HKU\S-1-5-21-4065107873-1078513731-456442432-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2018-04-12] (Microsoft Windows -> Microsoft Corporation)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-26] (Google LLC -> Google Inc.)

HKLM\Software\...\Authentication\Credential Providers: [{5355DA8C-FE32-49b4-A567-A67535C86592}] -> C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BLEtokenCredentialProvider.dll [2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.60.0.1

Tcpip\..\Interfaces\{2ca00fbf-afd7-44e0-93c6-1466603501b2}: [DhcpNameServer] 10.0.0.138

Tcpip\..\Interfaces\{f9a1362a-e065-47ea-a177-decdf7c64baf}: [DhcpNameServer] 10.60.0.1

Internet Explorer:

==================

SearchScopes: HKU\S-1-5-21-4065107873-1078513731-456442432-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-01-19] (Skype Technologies SA -> Skype Technologies)

FireFox:

========

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-07-30] (NVIDIA Corporation -> NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-07-30] (NVIDIA Corporation -> NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-21] (Google Inc -> Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-21] (Google Inc -> Google Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:

=======

CHR Profile: C:\Users\Tal Oren\AppData\Local\Google\Chrome\User Data\Default [2019-02-27]

CHR Extension: (Slides) - C:\Users\Tal Oren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]

CHR Extension: (Docs) - C:\Users\Tal Oren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]

CHR Extension: (כונן Google) - C:\Users\Tal Oren\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-06]

CHR Extension: (YouTube) - C:\Users\Tal Oren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-06]

CHR Extension: (Sheets) - C:\Users\Tal Oren\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]

CHR Extension: (Google Docs במצב לא מקוון) - C:\Users\Tal Oren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]

CHR Extension: (AdBlock) - C:\Users\Tal Oren\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-25]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Tal Oren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]

CHR Extension: (Gmail) - C:\Users\Tal Oren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-06]

CHR Extension: (Chrome Media Router) - C:\Users\Tal Oren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)

R2 BtSwitcherService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)

R2 CSRBtAudioService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)

R2 CsrBtOBEXService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)

R2 CsrBtService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3128000 2017-12-15] (Disc Soft Ltd -> Disc Soft Ltd)

R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)

S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2017-09-12] (FUTUREMARK INC -> Futuremark)

R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [183480 2017-08-10] (Intel® Wireless Connectivity Solutions -> Intel Corporation)

R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2017-04-23] (Intel® pGFX -> Intel Corporation)

S4 NeroBackItUpBackgroundService2018; C:\Program Files (x86)\Nero\Nero 2018\Nero BackItUp\NBService.exe [287096 2017-09-12] (Nero AG -> Nero AG)

R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764456 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)

S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764456 2018-07-19] (NVIDIA Corporation -> NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2298688 2019-01-23] (Electronic Arts, Inc. -> Electronic Arts)

R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3171144 2019-01-23] (Electronic Arts, Inc. -> Electronic Arts)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-24] (Microsoft Corporation -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-24] (Microsoft Corporation -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CsrBtPort; C:\WINDOWS\system32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)

R3 csrpan; C:\WINDOWS\System32\drivers\csrpan.sys [39616 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)

R3 csrserial; C:\WINDOWS\system32\DRIVERS\csrserial.sys [61128 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)

R3 csrusb; C:\WINDOWS\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)

R3 csrusbfilter; C:\WINDOWS\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-12-30] (Disc Soft Ltd -> Disc Soft Ltd)

R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-12-30] (Disc Soft Ltd -> Disc Soft Ltd)

R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [232976 2017-08-10] (Intel® Wireless Connectivity Solutions -> Intel Corporation)

R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2018-04-12] (Microsoft Windows -> Intel Corporation)

R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_4ac467e10bf8b71c\nvlddmkm.sys [17211376 2018-08-01] (NVIDIA Corporation -> NVIDIA Corporation)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30656 2018-07-12] (NVIDIA Corporation -> NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation -> NVIDIA Corporation)

R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [65792 2018-04-24] (NVIDIA Corporation -> NVIDIA Corporation)

R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Microsoft Windows -> Realtek )

R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [759552 2016-06-16] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)

S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-02-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [333792 2019-02-24] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-24] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-27 00:09 - 2019-02-27 00:10 - 002433536 _____ (Farbar) C:\Users\Tal Oren\Desktop\FRST64.exe

2019-02-24 09:44 - 2019-02-24 09:44 - 000000000 ____D C:\Users\Tal Oren\Documents\תבניות מותאמות אישית של Office

2019-02-24 00:18 - 2019-02-24 00:19 - 007657592 _____ (ESET spol. s r.o.) C:\Users\Tal Oren\Downloads\esetonlinescanner_enu (2).exe

2019-02-24 00:14 - 2019-02-24 00:15 - 007316688 _____ (Malwarebytes) C:\Users\Tal Oren\Desktop\adwcleaner_7.2.7.0.exe

2019-02-15 19:09 - 2019-02-15 19:09 - 000000173 _____ C:\Users\Tal Oren\Downloads\play_chord.mid

2019-02-12 21:09 - 2019-02-06 09:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe

2019-02-12 21:09 - 2019-02-06 09:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2019-02-12 21:09 - 2019-02-06 09:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll

2019-02-12 21:09 - 2019-02-06 09:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2019-02-12 21:09 - 2019-02-06 09:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2019-02-12 21:09 - 2019-02-06 09:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll

2019-02-12 21:09 - 2019-02-06 09:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll

2019-02-12 21:09 - 2019-02-06 09:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2019-02-12 21:09 - 2019-02-06 08:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll

2019-02-12 21:09 - 2019-02-06 08:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2019-02-12 21:09 - 2019-02-06 08:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2019-02-12 21:09 - 2019-02-06 08:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll

2019-02-12 21:09 - 2019-02-06 05:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll

2019-02-12 21:09 - 2019-02-06 05:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2019-02-12 21:09 - 2019-02-06 05:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2019-02-12 21:09 - 2019-02-06 05:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll

2019-02-12 21:09 - 2019-02-06 05:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe

2019-02-12 21:09 - 2019-02-06 05:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll

2019-02-12 21:09 - 2019-02-06 05:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys

2019-02-12 21:09 - 2019-02-06 05:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll

2019-02-12 21:09 - 2019-02-06 05:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2019-02-12 21:09 - 2019-02-06 05:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2019-02-12 21:09 - 2019-02-06 05:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2019-02-12 21:09 - 2019-02-06 05:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2019-02-12 21:09 - 2019-02-06 05:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll

2019-02-12 21:09 - 2019-02-06 05:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2019-02-12 21:09 - 2019-02-06 05:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2019-02-12 21:09 - 2019-02-06 05:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2019-02-12 21:09 - 2019-02-06 05:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll

2019-02-12 21:09 - 2019-02-06 05:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll

2019-02-12 21:09 - 2019-02-06 05:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys

2019-02-12 21:09 - 2019-02-06 05:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll

2019-02-12 21:09 - 2019-02-06 05:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2019-02-12 21:09 - 2019-02-06 05:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys

2019-02-12 21:09 - 2019-02-06 05:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe

2019-02-12 21:09 - 2019-02-06 05:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll

2019-02-12 21:09 - 2019-02-06 04:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys

2019-02-12 21:09 - 2019-02-06 04:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2019-02-12 21:09 - 2019-02-06 04:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2019-02-12 21:09 - 2019-02-06 04:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe

2019-02-12 21:09 - 2019-02-06 04:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2019-02-12 21:09 - 2019-02-06 04:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2019-02-12 21:09 - 2019-02-06 04:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2019-02-12 21:09 - 2019-02-06 04:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2019-02-12 21:09 - 2019-02-06 04:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll

2019-02-12 21:09 - 2019-02-06 04:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2019-02-12 21:09 - 2019-02-06 04:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll

2019-02-12 21:09 - 2019-02-06 04:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll

2019-02-12 21:09 - 2019-02-06 04:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2019-02-12 21:09 - 2019-02-06 04:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2019-02-12 21:09 - 2019-02-06 04:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll

2019-02-12 21:09 - 2019-02-06 04:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2019-02-12 21:09 - 2019-02-06 04:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2019-02-12 21:09 - 2019-02-06 04:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys

2019-02-12 21:09 - 2019-02-06 04:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll

2019-02-12 21:09 - 2019-02-06 04:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll

2019-02-12 21:09 - 2019-02-06 04:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll

2019-02-12 21:09 - 2019-02-06 04:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys

2019-02-12 21:09 - 2019-02-06 04:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys

2019-02-12 21:09 - 2019-02-06 04:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2019-02-12 21:09 - 2019-02-06 04:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2019-02-12 21:09 - 2019-02-06 04:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys

2019-02-12 21:09 - 2019-02-06 04:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll

2019-02-12 21:09 - 2019-02-06 04:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2019-02-12 21:09 - 2019-02-06 04:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

2019-02-12 21:09 - 2019-02-06 04:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll

2019-02-12 21:09 - 2019-02-06 04:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2019-02-12 21:09 - 2019-02-06 04:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2019-02-12 21:09 - 2019-02-06 04:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll

2019-02-12 21:09 - 2019-02-06 04:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll

2019-02-12 21:09 - 2019-02-06 04:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll

2019-02-12 21:09 - 2019-02-06 04:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys

2019-02-12 21:09 - 2019-02-06 03:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim

2019-02-12 21:09 - 2019-01-12 10:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll

2019-02-12 21:09 - 2019-01-12 04:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll

2019-02-12 21:09 - 2019-01-09 20:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2019-02-12 21:09 - 2019-01-09 19:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll

2019-02-12 21:09 - 2019-01-09 19:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll

2019-02-12 21:09 - 2019-01-09 19:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2019-02-12 21:09 - 2019-01-09 19:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll

2019-02-12 21:09 - 2019-01-09 19:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll

2019-02-12 21:09 - 2019-01-09 19:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe

2019-02-12 21:09 - 2019-01-09 19:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2019-02-12 21:09 - 2019-01-09 12:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll

2019-02-12 21:09 - 2019-01-09 11:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2019-02-12 21:09 - 2019-01-09 11:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll

2019-02-12 21:09 - 2019-01-09 10:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2019-02-12 21:09 - 2019-01-09 10:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll

2019-02-12 21:09 - 2019-01-09 07:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

2019-02-12 21:09 - 2019-01-09 07:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll

2019-02-12 21:09 - 2019-01-09 07:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2019-02-12 21:09 - 2019-01-09 07:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2019-02-12 21:09 - 2019-01-09 07:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2019-02-12 21:09 - 2019-01-09 07:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2019-02-12 21:09 - 2019-01-09 07:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2019-02-12 21:09 - 2019-01-09 07:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2019-02-12 21:09 - 2019-01-09 07:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll

2019-02-12 21:09 - 2019-01-09 07:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll

2019-02-12 21:09 - 2019-01-09 07:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll

2019-02-12 21:09 - 2019-01-09 07:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll

2019-02-12 21:09 - 2019-01-09 07:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe

2019-02-12 21:09 - 2019-01-09 07:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe

2019-02-12 21:09 - 2019-01-09 07:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys

2019-02-12 21:09 - 2019-01-09 07:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2019-02-12 21:09 - 2019-01-09 07:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2019-02-12 21:09 - 2019-01-09 07:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys

2019-02-12 21:09 - 2019-01-09 07:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys

2019-02-12 21:09 - 2019-01-09 07:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll

2019-02-12 21:09 - 2019-01-09 07:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2019-02-12 21:09 - 2019-01-09 07:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2019-02-12 21:09 - 2019-01-09 07:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2019-02-12 21:09 - 2019-01-09 07:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2019-02-12 21:09 - 2019-01-09 07:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2019-02-12 21:09 - 2019-01-09 07:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll

2019-02-12 21:09 - 2019-01-09 07:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll

2019-02-12 21:09 - 2019-01-09 07:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2019-02-12 21:09 - 2019-01-09 07:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2019-02-12 21:09 - 2019-01-09 07:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys

2019-02-12 21:09 - 2019-01-09 07:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll

2019-02-12 21:09 - 2019-01-09 07:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe

2019-02-12 21:09 - 2019-01-09 07:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2019-02-12 21:09 - 2019-01-09 07:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2019-02-12 21:09 - 2019-01-09 07:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2019-02-12 21:09 - 2019-01-09 07:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe

2019-02-12 21:09 - 2019-01-09 07:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll

2019-02-12 21:09 - 2019-01-09 07:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll

2019-02-12 21:09 - 2019-01-09 07:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll

2019-02-12 21:09 - 2019-01-09 07:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2019-02-12 21:09 - 2019-01-09 07:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2019-02-12 21:09 - 2019-01-09 07:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll

2019-02-12 21:09 - 2019-01-09 07:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll

2019-02-12 21:09 - 2019-01-09 07:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll

2019-02-12 21:09 - 2019-01-09 07:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll

2019-02-12 21:09 - 2019-01-09 07:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll

2019-02-12 21:09 - 2019-01-09 07:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll

2019-02-12 21:09 - 2019-01-09 07:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll

2019-02-12 21:09 - 2019-01-09 07:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll

2019-02-12 21:09 - 2019-01-09 07:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll

2019-02-12 21:09 - 2019-01-09 07:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2019-02-12 21:09 - 2019-01-09 07:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll

2019-02-12 21:09 - 2019-01-09 07:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll

2019-02-12 21:09 - 2019-01-09 07:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll

2019-02-12 21:09 - 2019-01-09 07:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll

2019-02-12 21:09 - 2019-01-09 07:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2019-02-12 21:09 - 2019-01-09 07:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll

2019-02-12 21:09 - 2019-01-09 07:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll

2019-02-12 21:09 - 2019-01-09 07:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll

2019-02-12 21:09 - 2019-01-09 07:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll

2019-02-12 21:09 - 2019-01-09 07:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll

2019-02-12 21:09 - 2019-01-09 07:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll

2019-02-12 21:09 - 2019-01-09 07:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2019-02-12 21:09 - 2019-01-09 07:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll

2019-02-12 21:09 - 2019-01-09 07:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll

2019-02-12 21:09 - 2019-01-09 07:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2019-02-12 21:09 - 2019-01-09 07:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll

2019-02-12 21:09 - 2019-01-09 07:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll

2019-02-12 21:09 - 2019-01-09 07:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll

2019-02-12 21:09 - 2019-01-09 07:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll

2019-02-12 21:09 - 2019-01-09 07:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll

2019-02-12 21:09 - 2019-01-09 07:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll

2019-02-12 21:09 - 2019-01-09 07:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll

2019-02-12 21:09 - 2019-01-09 07:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll

2019-02-12 21:09 - 2019-01-09 06:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls

2019-02-12 21:09 - 2019-01-09 06:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls

2019-02-12 21:09 - 2019-01-08 11:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll

2019-02-12 21:09 - 2019-01-08 05:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll

2019-02-12 21:09 - 2019-01-08 05:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll

2019-02-12 21:09 - 2019-01-08 05:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin

2019-02-12 21:00 - 2018-09-20 06:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-27 00:12 - 2018-10-22 23:24 - 000026250 _____ C:\Users\Tal Oren\Desktop\FRST.txt

2019-02-27 00:11 - 2018-10-22 23:23 - 000000000 ____D C:\FRST

2019-02-27 00:11 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2019-02-26 23:46 - 2018-05-17 20:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2019-02-26 21:50 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps

2019-02-26 21:50 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness

2019-02-26 20:14 - 2018-05-17 20:53 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5116ED39-7B50-4833-80DF-FBE596FAD4FE}

2019-02-26 13:36 - 2017-10-06 21:52 - 000000000 ____D C:\ProgramData\NVIDIA

2019-02-26 13:34 - 2017-10-06 21:38 - 000002295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2019-02-26 13:34 - 2017-10-06 21:38 - 000002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2019-02-24 16:12 - 2017-12-22 22:36 - 000000000 ____D C:\Users\Tal Oren\AppData\Local\Packages

2019-02-24 10:49 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF

2019-02-24 03:01 - 2017-10-06 22:09 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2019-02-24 03:01 - 2015-02-12 06:57 - 000000000 __SHD C:\Users\Tal Oren\IntelGraphicsProfiles

2019-02-24 00:16 - 2017-10-06 22:19 - 000000000 ____D C:\Users\Tal Oren\AppData\Roaming\Origin

2019-02-24 00:16 - 2017-10-06 22:17 - 000000000 ____D C:\ProgramData\Origin

2019-02-24 00:14 - 2018-02-14 22:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2019-02-20 20:04 - 2018-10-13 22:05 - 000000686 _____ C:\Users\Public\Desktop\FIFA 19.lnk

2019-02-18 20:26 - 2017-10-06 22:35 - 000000000 ____D C:\Program Files (x86)\Origin Games

2019-02-15 19:38 - 2018-07-13 14:02 - 000000000 ____D C:\Users\Public\Ticket

2019-02-15 19:06 - 2018-11-17 18:57 - 000000000 ____D C:\Program Files\rempl

2019-02-13 18:34 - 2018-05-17 20:48 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2019-02-13 18:34 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF

2019-02-13 18:27 - 2018-05-17 20:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2019-02-13 18:26 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI

2019-02-13 14:08 - 2017-10-23 00:07 - 000000000 ____D C:\Program Files (x86)\Steam

2019-02-13 13:43 - 2018-05-17 20:30 - 000449776 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2019-02-12 23:20 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12

2019-02-12 23:20 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\F12

2019-02-12 23:20 - 2018-04-12 01:38 - 000000000 ___RD C:\Program Files\Windows Defender

2019-02-12 23:20 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput

2019-02-12 23:20 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellExperiences

2019-02-12 23:20 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr

2019-02-12 21:20 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp

2019-02-12 21:19 - 2017-10-07 00:39 - 000000000 ____D C:\WINDOWS\system32\MRT

2019-02-12 21:17 - 2017-10-07 00:39 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2019-02-10 20:03 - 2018-05-17 20:53 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4065107873-1078513731-456442432-1001

2019-02-10 20:03 - 2018-05-17 20:37 - 000002332 _____ C:\Users\Tal Oren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2019-02-10 20:03 - 2017-10-06 20:54 - 000000000 ___RD C:\Users\Tal Oren\OneDrive

2019-02-08 14:20 - 2018-06-21 15:00 - 000000000 ____D C:\ProgramData\Packages

2019-02-03 00:53 - 2018-11-16 19:11 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2019-02-03 00:53 - 2018-11-16 19:11 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2019-02-01 18:29 - 2015-02-13 04:43 - 000000000 ____D C:\Users\Tal Oren\Documents\FIFA 15

2019-01-29 21:58 - 2017-10-06 22:18 - 000000000 ____D C:\Program Files (x86)\Origin

==================== Files in the root of some directories =======

2018-09-27 21:33 - 2018-09-27 21:33 - 000000000 _____ () C:\Users\Tal Oren\AppData\Local\oobelibMkey.log

Some files in TEMP:

====================

2019-02-24 02:39 - 2019-01-09 12:14 - 000607744 _____ (Microsoft Corporation) C:\Users\Tal Oren\AppData\Local\Temp\kernel32.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\dllhost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-17 20:30

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.02.2019 01

Ran by Tal Oren (27-02-2019 00:12:41)

Running from C:\Users\Tal Oren\Desktop

Windows 10 Home Version 1803 17134.590 (X64) (2018-05-17 18:54:34)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4065107873-1078513731-456442432-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-4065107873-1078513731-456442432-503 - Limited - Disabled)

Guest (S-1-5-21-4065107873-1078513731-456442432-501 - Limited - Disabled)

Tal Oren (S-1-5-21-4065107873-1078513731-456442432-1001 - Administrator - Enabled) => C:\Users\Tal Oren

WDAGUtilityAccount (S-1-5-21-4065107873-1078513731-456442432-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.5.0.331 - Adobe Systems Incorporated)

Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_1_1) (Version: 12.1.1 - Adobe Systems Incorporated)

Adobe Premiere Pro CC 2018 (HKLM-x32\...\PPRO_12_1_1) (Version: 12.1.1 - Adobe Systems Incorporated)

AmpliTube 3.11.2 (HKLM-x32\...\AMP3112_is1) (Version: - IK Multimedia)

ARIA Engine v1.9.0.1 (HKLM\...\ARIA Engine_is1) (Version: v1.9.0.1 - Plogue Art et Technologie, Inc)

Band-in-a-Box 2018 (Build 516) (HKLM-x32\...\BB_is1) (Version: - PG Music Inc.)

Call of Duty: WWII (HKLM\...\Y2FsbG9mZHV0eXd3aWk_is1) (Version: 1 - )

Command & Conquer Generals 1.08 And Zero Hour 1.04 (HKLM-x32\...\Command & Conquer Generals And Zero Hour_is1) (Version: - HWMasters.com)

CoyoteWT 1.1 (HKLM-x32\...\CoyoteWT_is1) (Version: - Coyote Electronics Inc.)

CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - שם החברה שלכם)

DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.7.0.0333 - Disc Soft Ltd)

DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.82 - NVIDIA Corporation) Hidden

ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)

FIFA 17 (HKLM-x32\...\{8C0DD062-B659-409C-9AB7-8EBD1D64D2EB}) (Version: 1.0.48.30259 - Electronic Arts)

FIFA 18 (HKLM-x32\...\{213CC10A-B8CB-4EBA-B277-6B08B7C22A65}) (Version: 1.0.57.57320 - Electronic Arts)

FIFA 19 (HKLM-x32\...\{3391E07D-8484-4124-817E-FCBDA859FD62}) (Version: 1.0.59.41332 - Electronic Arts)

Futuremark SystemInfo (HKLM-x32\...\{80DAA2DD-18D3-4C18-927E-8D150C112912}) (Version: 5.2.624.0 - Futuremark)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.119 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden

HP Dropbox Plugin (HKLM-x32\...\{AF6E94A6-FE1D-439F-978E-FA9F374AFF56}) (Version: 36.0.41.58587 - HP)

HP Google Drive Plugin (HKLM-x32\...\{0C62E06A-8EE4-4202-B89A-C6C37BF66474}) (Version: 36.0.41.58587 - HP)

HP OfficeJet Pro 8720 עזרה (HKLM-x32\...\{950AFDD5-BD1F-4578-A0B4-07B233FBA1EC}) (Version: 38.0.0 - HP)

I.R.I.S. OCR (HKLM-x32\...\{A206EE44-0799-4AAF-AB54-ED26F93EE251}) (Version: 12.3.7.0 - HP)

IK Multimedia Authorization Manager version 1.0.9 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.9 - IK Multimedia)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)

Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-4065107873-1078513731-456442432-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)

Music Recorder (HKLM-x32\...\{F3949798-3544-433B-B5AB-A61F32F0386F}) (Version: 18.001.2 - Nero AG) Hidden

Nero 2018 (HKLM-x32\...\{5637174D-25C6-4815-93CD-AD18561D4E7C}) (Version: 19.0.07300 - Nero AG)

Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 19.0.1003 - Nero AG)

NVIDIA GeForce Experience 3.14.1.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.1.48 - NVIDIA Corporation)

NVIDIA מנהל ההתקן עבור ‎3D Vision 398.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.82 - NVIDIA Corporation)

NVIDIA מנהל התקן עבור נתונים גרפיים 398.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.82 - NVIDIA Corporation)

NVIDIA תכנת PhysX מערכת 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)

Origin (HKLM-x32\...\Origin) (Version: 10.5.34.21025 - Electronic Arts, Inc.)

Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

PG Music DirectX Plugins 2.0.0.0 (HKLM-x32\...\PG_DX_Plugins_is1) (Version: - PG Music Inc.)

Plogue sforzando v1.901 (HKLM\...\__ARIA_1014___is1) (Version: v1.901 - Plogue)

Prerequisite installer (HKLM-x32\...\{AD240F1A-3102-492E-B657-17969A9D5E9A}) (Version: 19.0.0003 - Nero AG) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.8 - Rockstar Games)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Transcribe! 8.71 (HKLM-x32\...\com.seventhstring.Transcribe_is1) (Version: 8.71 - Seventh String Software)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)

WinRAR 5.50 (64-סיביות) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

כלי ההגהה של Microsoft Office 2016 - עברית (HKLM\...\{90160000-001F-040D-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

לוח הבקרה של NVIDIA 398.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 398.82 - NVIDIA Corporation) Hidden

מחקר לשיפור המוצרים של HP OfficeJet Pro 8720 (HKLM\...\{6DC0C9E7-DF1D-46AB-9139-F512E5006F45}) (Version: 40.12.1161.1896 - HP Inc.)

עדכוני NVIDIA 31.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.2.0.0 - NVIDIA Corporation) Hidden

תוכנת התקן בסיסי מסוג ‎HP OfficeJet Pro 8720 (HKLM\...\{A3C8DC7D-551E-4765-A00B-B3FA20ACD287}) (Version: 40.12.1161.1896 - HP Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4065107873-1078513731-456442432-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-4065107873-1078513731-456442432-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-D1F49EE2D8AE}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-4065107873-1078513731-456442432-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File

ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File

ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2017-12-15] (Disc Soft Ltd -> Disc Soft Ltd)

ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2017-12-15] (Disc Soft Ltd -> Disc Soft Ltd)

ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File

ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-07-30] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )

ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File

ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {016D4E5C-11BC-4EB8-AC41-08CD4384F79E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)

Task: {11FA83EE-1A32-48F9-AC78-C6EFFF8E7400} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)

Task: {20DE251C-A367-49C9-97BC-EE20BC030478} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

Task: {26942CFF-84C2-4DF1-A287-C7ACB7C83505} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)

Task: {2D9FACC7-FEA3-4BA9-AE7F-570956E1208D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)

Task: {3F012AB4-C3DB-479C-A558-DCB1C73525BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

Task: {47524CD0-BC29-4B0F-A864-75BEF0DF4210} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

Task: {4CA43291-AAC7-48B4-825A-E1EF94979DAB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)

Task: {516630CE-D9A6-4974-BAC7-6DC38EB3EDA5} - System32\Tasks\AdobeAAMUpdater-1.0-TalPc-Tal Oren => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)

Task: {544FA718-E1DE-475B-84D8-00D72FB0D536} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)

Task: {55F5B0DC-70AE-405A-886C-64C1BD380551} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)

Task: {685DC2E5-0BBD-4D4B-BC7A-262DCDDEE9FC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)

Task: {78780A0F-4A4E-4751-9679-79366B91DFF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)

Task: {7F298D16-17B7-494D-AE42-30BBDDCD0A39} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)

Task: {92DEDE00-41D9-4B03-94B6-CF1F580248BE} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

Task: {A10190E1-5F10-4DAF-8229-59339E08ED92} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 8720 => C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPCustPartic.exe (Hewlett Packard -> HP Inc.)

Task: {A6B47E34-52A8-4785-B120-C69DE2D098CC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)

Task: {BCE5EC3F-F4C6-4AA3-9758-BBA07A158B12} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)

Task: {C18D390F-C925-4C9F-BD92-F2A42C629C00} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe (Nero AG -> Nero AG)

Task: {E021FB8E-058C-4C92-BD25-0F4DE8568EBB} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)

Task: {E595C4AC-D100-476C-9D47-4B6DB607CDD7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)

Task: {E999DD58-1936-42C6-8DFD-16F9BDEC2DAB} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)

Task: {FB1D447C-EF62-490F-A2A7-0087E89AEE78} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)

Task: {FBCAFB95-2B9D-4CA3-89B7-928488FD2772} - System32\Tasks\AdobeGCInvoker-1.0-TalPc-Tal Oren => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-10-12 12:34 - 2019-01-17 22:40 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll

2018-10-12 12:34 - 2019-01-17 22:40 - 001177600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll

2018-10-12 12:34 - 2019-01-17 22:40 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll

2018-10-12 12:34 - 2019-01-17 22:40 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll

2018-10-12 12:34 - 2019-01-17 22:40 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

2017-10-06 22:18 - 2019-01-17 22:40 - 001548288 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll

2018-10-12 12:34 - 2019-01-17 22:40 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll

2018-10-12 12:34 - 2019-01-17 22:40 - 000395776 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 23:03 - 2017-03-18 23:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4065107873-1078513731-456442432-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tal Oren\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: 10.60.0.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"

HKLM\...\StartupApproved\Run32: => "Nero BackItUp"

HKU\S-1-5-21-4065107873-1078513731-456442432-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

HKU\S-1-5-21-4065107873-1078513731-456442432-1001\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-4065107873-1078513731-456442432-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{0D48131E-B594-4A20-9161-4FB9A469EE47}D:\program files (x86)\cnc generals\zerohour\game.dat] => (Allow) D:\program files (x86)\cnc generals\zerohour\game.dat () [File not signed]

FirewallRules: [TCP Query User{37335B1F-ED7A-41DD-9004-FD5F53D4044D}D:\program files (x86)\cnc generals\zerohour\game.dat] => (Allow) D:\program files (x86)\cnc generals\zerohour\game.dat () [File not signed]

FirewallRules: [{0BD53D21-ADB2-4D1C-B7A9-8051F48BFB9E}] => (Block) %ProgramFiles% (x86)\Nero\Nero 2018\Nero Launcher\NeroLauncher.exe No File

FirewallRules: [{0ED4FFB4-B434-484C-ACF8-45AE87140446}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero Burning ROM\nero.exe (Nero AG -> Nero AG)

FirewallRules: [{0AEDE4BB-60B5-4AAC-963F-9B37E63B2D96}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero MediaHome\MediaHome.exe (Nero AG -> Nero AG)

FirewallRules: [{CB475272-FE5C-4277-9BFC-7554C9B6DB41}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero MediaHome\NMDllHost.exe (Nero AG -> Nero AG)

FirewallRules: [{90CB3556-C9AD-40FE-9A1E-4D7088620836}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\NBService.exe (Nero AG -> Nero AG)

FirewallRules: [{134ED4D1-63BB-4765-BF60-1E541372AAB0}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\BackItUp.exe (Nero AG -> Nero AG)

FirewallRules: [{4E6E8D5A-E03B-4E5A-9B27-09F2A9DBEB25}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero Burning ROM\StartNBR.exe (Nero AG -> Nero AG)

FirewallRules: [{8DCBD0A5-30EA-43CA-BFBB-35BE658D3609}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{53D311BB-7119-4042-8528-8C7CBF8F8695}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{0F6DD2E8-B1BC-47DB-9674-3832343EE272}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{0F61CA10-26A3-40E8-8A20-B55CF455B92E}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{A68456FD-1B69-487E-AED1-3D94CBAD0758}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Disc Soft Ltd -> Disc Soft Ltd)

FirewallRules: [UDP Query User{4ED5D681-EAA4-45D5-AF54-0A05FA734BB8}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)

FirewallRules: [TCP Query User{A3034D49-B995-43BB-9262-71FE5500C70B}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)

FirewallRules: [{39A55A1B-E771-4FA7-8053-4ABD0CDFAEF8}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe (Electronic Arts -> Electronic Arts)

FirewallRules: [{9BD87BD2-799C-4FC3-8E33-8AD3212EA5A4}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe (Electronic Arts -> Electronic Arts)

FirewallRules: [TCP Query User{C86F0DAC-07BA-4497-BFFC-4E68C552089D}C:\program files (x86)\origin games\fifa 17\fifa17.exe] => (Allow) C:\program files (x86)\origin games\fifa 17\fifa17.exe (Electronic Arts -> Electronic Arts)

FirewallRules: [UDP Query User{1E54917F-55BD-43B6-9ADE-C68884ADD2CD}C:\program files (x86)\origin games\fifa 17\fifa17.exe] => (Allow) C:\program files (x86)\origin games\fifa 17\fifa17.exe (Electronic Arts -> Electronic Arts)

FirewallRules: [TCP Query User{4A807FBE-AD9E-4AAE-85D1-081A2336418D}C:\program files (x86)\origin games\fifa 18 demo\fifa18_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 18 demo\fifa18_demo.exe No File

FirewallRules: [UDP Query User{86AD51EA-FD36-4A1D-94C0-7E7C62C1C4AC}C:\program files (x86)\origin games\fifa 18 demo\fifa18_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 18 demo\fifa18_demo.exe No File

FirewallRules: [TCP Query User{DAEE9E68-7311-4839-99C2-597CFCD520D1}C:\program files (x86)\origin games\fifa 18\fifa18.exe] => (Allow) C:\program files (x86)\origin games\fifa 18\fifa18.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [UDP Query User{3634B3F2-5D30-42A1-88B8-2EF830F3BFE3}C:\program files (x86)\origin games\fifa 18\fifa18.exe] => (Allow) C:\program files (x86)\origin games\fifa 18\fifa18.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [TCP Query User{B20044CA-41AA-4A6A-BD83-A509C3016947}C:\program files (x86)\origin games\fifa 18\fifa18.exe] => (Allow) C:\program files (x86)\origin games\fifa 18\fifa18.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [UDP Query User{70FF1A35-E375-4A00-AE78-E71D71EE176B}C:\program files (x86)\origin games\fifa 18\fifa18.exe] => (Allow) C:\program files (x86)\origin games\fifa 18\fifa18.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{63073858-9C0A-4A8E-B654-6B387EA861AB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)

FirewallRules: [{CEFE4B2A-CF10-49E6-AA56-4A633EBA7F54}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)

FirewallRules: [{B3B45430-4C13-4609-A4E6-0F63A3FD10D0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File

FirewallRules: [{50518DDE-531B-40E5-97CB-A24BFF393D3F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File

FirewallRules: [{D45750B4-45B7-4466-A492-67995C7352FE}] => (Allow) D:\SteamLibrary\steamapps\common\Cities_Skylines\Cities.exe () [File not signed]

FirewallRules: [{A5E21F7A-485B-46F0-A2B6-2BD041F6464A}] => (Allow) D:\SteamLibrary\steamapps\common\Cities_Skylines\Cities.exe () [File not signed]

FirewallRules: [{826A76B4-391B-43A3-BFE7-13E82EF10550}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)

FirewallRules: [{9999A2CE-A312-4A71-AFD3-360FECD61F12}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)

FirewallRules: [TCP Query User{4B1FC34A-E962-4B55-9ED4-5B6F41C64EA4}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)

FirewallRules: [UDP Query User{07A59ED3-7CB8-45F6-B358-7ED6593C2C79}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)

FirewallRules: [{55DA9394-B97D-4C9B-911E-D44CC291B7E4}] => (Allow) D:\SteamLibrary\steamapps\common\NBA 2K17\NBA2K17.exe (Take-Two Interactive Software, Inc. -> )

FirewallRules: [{C3ACE2E9-BDAA-48B2-A1D4-0C45AC2350E0}] => (Allow) D:\SteamLibrary\steamapps\common\NBA 2K17\NBA2K17.exe (Take-Two Interactive Software, Inc. -> )

FirewallRules: [{DC26389D-CDB9-4A19-87F8-F50042CAC0EB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{DA71FBED-0D2F-47D4-B9DF-767848B71FA2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{969BE42F-28CE-4F41-A5A8-D846BF898C29}] => (Allow) D:\SteamLibrary\steamapps\common\WormsWorldParty\w2.exe (Team17 Software Ltd) [File not signed]

FirewallRules: [{0E6C60A0-146B-4870-AA3C-B38DF994E041}] => (Allow) D:\SteamLibrary\steamapps\common\WormsWorldParty\w2.exe (Team17 Software Ltd) [File not signed]

FirewallRules: [{AECC52FD-FD3B-4DE0-8480-A366CEC2A249}] => (Allow) C:\Users\Tal Oren\AppData\Local\Temp\7zS1127\HPDiagnosticCoreUI.exe No File

FirewallRules: [{F01FCB82-8307-4E2B-A66D-BB7143C95FA8}] => (Allow) C:\Users\Tal Oren\AppData\Local\Temp\7zS1127\HPDiagnosticCoreUI.exe No File

FirewallRules: [{39F93643-C064-4744-96BA-45207BC7AB77}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxApplications.exe (Hewlett Packard -> HP Inc.)

FirewallRules: [{A6A4AFEC-EDF7-461B-95F3-D2AF35041EDD}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.)

FirewallRules: [{139F3AB0-DF61-4164-85E9-9887A3A81EA3}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\SendAFax.exe (Hewlett Packard -> HP Inc.)

FirewallRules: [{6684228F-BA25-4F17-9366-4070009F3563}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxPrinterUtility.exe (Hewlett Packard -> HP Inc.)

FirewallRules: [{CC7BF701-09F2-4C58-B3C4-CB3C8E168780}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)

FirewallRules: [{FADCE30F-CE14-42D7-93A7-47A1AB8C755F}] => (Allow) LPort=5357

FirewallRules: [{6D1BA6E7-41FC-4B1B-919B-DDD8AE2E368F}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)

FirewallRules: [{E83CC220-78DB-4C04-9139-030E2FCBB0AE}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 18\FIFASetup\fifaconfig.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{787E881E-8788-42B2-8C08-4EF812A462FA}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 18\FIFASetup\fifaconfig.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{55CD455F-AA60-4191-B55A-455223763C83}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 18\FIFASetup\fifaconfig.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{F9A790FC-5798-47E4-A0ED-299E1441F723}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 18\FIFASetup\fifaconfig.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{66939A4C-2914-4467-91A6-D6D6CF01AA66}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{02D78C86-6EA4-45AB-9DD8-E10F7195FA5B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{9C367101-1C2F-44C5-899E-B8FB87CF70A1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{4C847B39-B992-41EA-B42E-F2DB2B1C88A1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [TCP Query User{862F0332-5B00-4AD6-BB5A-210FE79D975E}D:\fifa 19\fifa 19\fifa19.exe] => (Allow) D:\fifa 19\fifa 19\fifa19.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [UDP Query User{AC77CFCE-CC6D-4F41-A176-133C5C5CD13E}D:\fifa 19\fifa 19\fifa19.exe] => (Allow) D:\fifa 19\fifa 19\fifa19.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{C6BEF8E4-419F-46CC-91F6-50F898434CBF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{AEA05770-A952-46A1-ADF0-4316FF15441C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{5B11BF07-3C63-4FA2-BE74-AA7F106149DC}] => (Allow) D:\FIFA 19\FIFA 19\FIFASetup\fifaconfig.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{46EDCB18-7057-4623-8604-CCFB3C5EB7B2}] => (Allow) D:\FIFA 19\FIFA 19\FIFASetup\fifaconfig.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{B5A08DB5-4E14-4D70-B5DC-5A10EF577DEB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

10-02-2019 21:06:46 Scheduled Checkpoint

13-02-2019 14:29:55 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610

20-02-2019 20:02:33 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (02/26/2019 11:47:12 PM) (Source: ESENT) (EventID: 467) (User: )

Description: svchost (4048,D,23) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AutoIncIdIndex of table {5C8CF1C7-7257-4F13-B223-970EF5939312} is corrupted (0).