PDA

View Full Version : Cannot get rid of SelectionLinks Malware



yehonatans
2013-05-07, 22:27
Hi, i read this thread:
http://malwaretips.com/blogs/remove-selectionlinks-ads/
And did what it said, all my antivirus is up to date.
My Spybot reported that it solved 2 out of 8 SelectionLinks problems and told me to restart to get rid of the rest, 2 restarts later, spybot still cannot find any problem.

Anyway, I am hoping you can help me.

Thank you.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
Run by owner at 22:21:32 on 2013-05-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1037.18.4079.2301 [GMT 3:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\vsnp2std.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
D:\Program Files (x86)\steam\Steam.exe
D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
D:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\CleanMem\Mini_Monitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
c:\program files (x86)\avira\antivir desktop\avscan.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\CCleaner\CCleaner64.exe
D:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.il/
uProxyOverride = 127.0.0.1:9421;*.local
mWinlogon: Userinit = userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: SelectionLinks: {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Steam] "D:\Program Files (x86)\steam\steam.exe" -silent
uRun: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - D:\Program Files\Logitech\SetPoint\SetPoint.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{3267CDE9-0AFF-4F78-9B40-998F67A56B08} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{3267CDE9-0AFF-4F78-9B40-998F67A56B08}\A41636F62637 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{3267CDE9-0AFF-4F78-9B40-998F67A56B08}\C6F6E67686F627E637 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{89D6E89B-E882-4251-B8D4-830B933164DF} : DHCPNameServer = 10.0.0.138
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: igfxcui - <no file>
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [snp2std] C:\Windows\vsnp2std.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat"
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - <orphaned>
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\6w8cv86h.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Privitize VPN
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\owner\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
FF - ExtSQL: 2013-04-28 12:42; {7AC261D0-B949-47CA-B9E8-477013A15A6E}; C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\6w8cv86h.default\extensions\{7AC261D0-B949-47CA-B9E8-477013A15A6E}
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-10-27 21104]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
R2 AcuWVSSchedulerv8;Acunetix WVS Scheduler v8;D:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe [2012-6-30 1009840]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-16 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-16 110816]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 100712]
R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-12-3 1847296]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-7 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-27 412264]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-1-11 34304]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2011-10-5 729152]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-8 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-8 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-8 30208]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-07 18:57:19 -------- d-----w- C:\ProgramData\RegCure
2013-05-07 18:29:52 -------- d-----w- C:\ProgramData\HitmanPro
2013-05-07 18:28:44 -------- d-----w- C:\Users\owner\AppData\Roaming\Malwarebytes
2013-05-07 18:28:31 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-07 18:28:30 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-07 18:28:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-07 12:04:43 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{628FFB0B-FDA3-497F-90D1-816378F2D1F2}\mpengine.dll
2013-05-07 11:54:25 83160 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-04-26 09:47:01 -------- d-----w- C:\Users\owner\AppData\Roaming\LOVE
2013-04-25 12:40:52 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-18 19:16:46 563488 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-04-18 19:01:42 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-10 16:49:58 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-10 16:49:56 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 16:49:56 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-10 16:49:55 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-10 16:49:55 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-10 16:49:55 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 16:49:55 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 16:49:55 112640 ----a-w- C:\Windows\System32\smss.exe
.
==================== Find3M ====================
.
2013-05-01 23:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-19 02:46:06 6488352 ----a-w- C:\Windows\System32\nvcpl.dll
2013-04-19 02:46:06 3511072 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-04-19 02:46:01 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-04-19 02:46:01 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-04-19 02:46:01 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-04-19 02:46:01 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-04-17 17:30:28 3122645 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-04-05 13:34:57 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-04-05 13:34:49 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-04-05 13:34:49 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-04-05 13:33:00 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-03-30 19:29:25 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-03-30 19:29:25 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-03-15 11:28:44 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-15 11:28:44 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-15 05:53:06 1807136 ----a-w- C:\Windows\System32\nvdispco6431422.dll
2013-03-15 05:53:06 1510176 ----a-w- C:\Windows\System32\nvdispgenco6431422.dll
2013-03-14 11:43:34 1807136 ----a-w- C:\Windows\System32\nvdispco6431421.dll
2013-03-14 11:43:34 1510176 ----a-w- C:\Windows\System32\nvdispgenco6431421.dll
2013-02-25 05:27:52 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-02-25 05:27:45 194848 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-15 14:44:15 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-02-10 03:25:27 1807136 ----a-w- C:\Windows\System32\nvdispco6420294.dll
2013-02-10 03:25:27 1510176 ----a-w- C:\Windows\System32\nvdispgenco6420162.dll
.
============= FINISH: 22:23:38.86 ===============

Satchfan
2013-05-08, 12:36
Hello yehonatans and welcome to the Safer Networking Forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:


please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your logs now and will reply with instructions shortly.

Satchfan

Satchfan
2013-05-08, 13:51
Hello again yehonatans

A couple of things before we start cleaning your computer.

P2P - I see you have P2P software, (uTorrent ), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

It almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/305923-perils-p2p-file-sharing.html).

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

Registry cleaners

I see you are using a “Registry Cleaner”, RegCure. It's not a good idea to use registry cleaners/boosters.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results". Unless you have a particular problem that requires a registry edit to correct it, (and you are expert in the registry), I would suggest you leave the registry alone.

I strongly advise you to get rid of RegCure and any other cleaner/optimizer/booster/tuneup/tweak type utilities that you have on this or any other computer.

One of the malware experts, miekiemoes, has an excellent write-up here (http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html)
Another excellent article by Bill Castner is located here (http://aumha.net/viewtopic.php?t=28099)

===================================================

That said, let’s start cleaning up.

Disable Spybot’s TeaTimer and Windows Defender

Spybot’s TeaTimer and Windows Defender can sometimes prevent some things from being fixed.

Please disable TeaTimer and Windows Defender for now: they can be re-activated once your log is clean.


open Spybot Search & Destroy
in the Mode menu click "Advanced mode" if not already selected
choose "Yes" at the Warning prompt
expand the "Tools" menu
click "Resident"
uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box
in the File menu click "Exit" to exit Spybot Search & Destroy.

To disable Windows Defender:


open Windows Defender
click on Tools, General Settings
scroll down and uncheck Turn on real-time protection (recommended)
after you uncheck this, click on the Save button and close Windows Defender.

===================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.

Download one of these to your desktop:


for a 32-bt system download this (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) version.
for 64-bit use this (http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe) one
.

close all running programs
for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
when the pre-scan is finished, click on Scan
click on Report and copy/paste the content in your next post
NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

Satchfan

yehonatans
2013-05-08, 18:24
Thank you for your help.
What is word wrap?

Satchfan
2013-05-08, 19:15
Thanks for the log.


What is word wrap? Word Wrap makes sure that the log is readable by setting it between defined margins and stopping each line becoming endlessly long.

In your case it is already on and OK>

Download and run OTL


download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
click Scan all users.
under Custom Scan paste this in


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
DRIVES
CREATERESTOREPOINT

click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
you may need two posts to fit them both in.

===================================================

Run aswMBR


download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.
double click the aswMBR.exe to run it
if asked, accept the AVAST virus definition download
click the "Scan" button to start scan
on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet.

Logs to include with next post:

OTL.txt
Extras.txt
aswMBR log

Please do not attach them: copy/paste them into the post.

Thanks

Satchfan

yehonatans
2013-05-08, 21:11
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-08 20:32:56
-----------------------------
20:32:56.943 OS Version: Windows x64 6.1.7601 Service Pack 1
20:32:56.943 Number of processors: 4 586 0x2A07
20:32:56.944 ComputerName: YEHONATANST-PC UserName: owner
20:32:58.253 Initialize success
20:33:06.198 AVAST engine defs: 13050800
20:33:14.117 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:33:14.118 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 3
20:33:14.286 Disk 0 MBR read successfully
20:33:14.287 Disk 0 MBR scan
20:33:14.291 Disk 0 Windows 7 default MBR code
20:33:14.297 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:33:14.310 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 102499 MB offset 206848
20:33:14.332 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 374339 MB offset 210124800
20:33:14.470 Disk 0 scanning C:\Windows\system32\drivers
20:33:27.036 Service scanning
20:33:46.794 Modules scanning
20:33:46.795 Disk 0 trace - called modules:
20:33:46.811 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:33:46.813 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800471f060]
20:33:46.814 3 CLASSPNP.SYS[fffff880018d343f] -> nt!IofCallDriver -> [0xfffffa800411bd10]
20:33:46.814 5 ACPI.sys[fffff88000f957a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80044b3060]
20:33:47.953 AVAST engine scan C:\Windows
20:33:52.462 AVAST engine scan C:\Windows\system32
20:36:10.118 AVAST engine scan C:\Windows\system32\drivers
20:36:19.522 AVAST engine scan C:\Users\owner
20:51:58.882 AVAST engine scan C:\ProgramData
20:59:15.076 Scan finished successfully
21:09:26.829 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
21:09:26.835 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"

OTL Extras logfile created on: 5/8/2013 7:57:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: ארצות הברית | Language: ENU | Date Format: M/d/yyyy

3.98 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.76% Memory free
7.97 Gb Paging File | 4.97 Gb Available in Paging File | 62.46% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.10 Gb Total Space | 26.70 Gb Free Space | 26.68% Space Free | Partition Type: NTFS
Drive D: | 365.57 Gb Total Space | 175.91 Gb Free Space | 48.12% Space Free | Partition Type: NTFS
Drive E: | 4.99 Gb Total Space | 1.01 Gb Free Space | 20.31% Space Free | Partition Type: FAT32

Computer Name: YEHONATANST-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Cheat-Defender\Cheat-Defender.exe" = C:\Program Files (x86)\Cheat-Defender\Cheat-Defender.exe:*:Enabled:Cheat-Defender: Anti-Cheat
"C:\Program Files (x86)\Cheat-Defender\Cheat-Defender.exe" = C:\Program Files (x86)\Cheat-Defender\Cheat-Defender.exe:*:Enabled:Cheat-Defender: Anti-Cheat


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094B3983-AC0B-42E1-A31A-B7E1E921A032}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0AFE94AE-9D1E-426B-9A24-2D86B6ED5BBB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3CC687C4-A14D-4C6A-A382-121E879718F9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3D72FCB8-0793-495E-B588-F57555727FA6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3F973B6E-991E-47EC-969E-02CD41376E94}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{471AA7C2-71E1-443D-A739-47F7FA36BD9A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E3DD34E-1BB2-4F02-87AD-37EF4AB3956A}" = lport=137 | protocol=17 | dir=in | app=system |
"{612ABE99-6C53-43A2-A29D-892409CB97D2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6C456652-16C8-4245-B8C0-AAEFF238583D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{806274A0-B2CB-4881-B544-169B4389ED27}" = lport=139 | protocol=6 | dir=in | app=system |
"{81058533-343B-42E3-8B9F-6C2A175FB0A2}" = rport=137 | protocol=17 | dir=out | app=system |
"{811D633B-0DF8-4535-AF42-9BD456751E8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87F5C463-EB55-420D-9EFE-699C3AB51BD8}" = lport=138 | protocol=17 | dir=in | app=system |
"{9CDE8DB2-BEB1-44BE-AD94-A0D191968B1C}" = lport=445 | protocol=6 | dir=in | app=system |
"{A19EF0E5-91E6-4615-9429-2BE55C25F6BB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{A33B52B3-BE06-4220-B312-269B2F039963}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AABFA6A2-8BCD-486C-B6A1-87FC35B46BEF}" = rport=138 | protocol=17 | dir=out | app=system |
"{B2F19675-6603-4212-88B6-0052C8D0C38D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4CEB7D8-313F-4DB3-B47F-CA271B24CEF8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D2BC5B9F-4FCA-4730-840E-EE5A9C7F7CA1}" = rport=445 | protocol=6 | dir=out | app=system |
"{EF133D65-CE1F-412A-B1F4-B6BC835E0B99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EFEAFA21-4C82-4014-975E-A7B5AD2625F9}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CBBEA6-F284-4BAB-97BB-36558B758DE1}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
"{0212F790-C4DE-49BD-A6B7-D82C6BCC7587}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07EF7189-2189-4472-A646-F3B7EE2BDDA0}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{09BFBF0C-C07E-40D3-9569-39127BD8DBEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0B98A312-7D45-4757-BCBC-80504E1C33A3}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{0EBD603A-45C5-4B6C-8B24-416B3CB19E02}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{10AA3080-2FEE-4588-AAB5-45AE09561BEC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F04DCC3-3CE4-42BA-A3FF-AF6015C7B5E7}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{21C01E42-C729-42FE-874D-9C5FFB53CC3D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21F56922-AF5D-494E-B499-1B8F3C7C887A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{24116037-9281-428D-A995-DE4D35AF373B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{253B2344-7F92-4B3B-94AD-D002B5EEDB5C}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{26EDA201-C302-43D6-BE0A-28C5D0BAF75F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{277BF56B-3295-471A-BCEE-486BD540174B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2C44A955-62F0-45B7-BFA3-817BA4BAF076}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2EC55810-F2CE-460D-8C1B-96459E09906E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
"{335103F2-813F-4D6A-9F79-CE471E22B144}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{37E05528-C36B-414A-B953-89B9A46FCFC5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{37F1F95E-6458-4923-BCBB-9BD51D8027B6}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\war of the roses\run_game.exe |
"{3DE0047D-0241-4146-A929-A8615AB0A9F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3DF5B150-D092-4FCA-831A-4A5263379CD4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{45387353-B15C-48D3-B166-1F9C3F8F563D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A195E93-C32E-4883-80F7-04982A3A535B}" = dir=in | app=c:\users\owner\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{4AF040B3-342E-4787-8AA7-528EB5D386F8}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\firaxis games\sid meier's civilization 4\civilization4.exe |
"{4B2E0974-1956-4320-968A-A0410968C16B}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{4CD80FE7-61EE-4DA1-90DB-F7C9ED932068}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{4EB7E903-F094-4779-8C61-34B505ABD452}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4EBB3164-97E2-471F-9CAF-FB33CB6B1070}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\power of two test app\start.exe |
"{503C5D9C-84CB-4545-A611-006078BE0846}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{51A7014E-F9F1-472C-B355-C6CFE9DC358E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{539DD6F4-D5FC-4E73-AB8C-5509E01D9B25}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{55701726-936A-4A4A-866A-DBF6BC160633}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{631975F9-615B-4D3F-8DEC-2D7886F91508}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{64D542DD-C2C3-4AD6-8C79-DCCA9B618F3E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{65AF1C55-3EC2-417E-A0D9-257FA3D44A62}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{6C05FD18-BB91-446F-97DF-2D210744E3C1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{6D90CC97-59AF-4996-A399-C49A3F91B78E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{711618FF-650E-4378-9303-EF25620BFD92}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{74293AC4-5D2F-4083-BB36-174FA191328D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{74B0BFAA-3A38-4021-9216-EF1BA1456A18}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
"{75DB080C-70CE-4F38-8CFD-0494EF064567}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{79D7B217-5236-4C0E-B397-D435BB8A4C47}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{7D182833-8CF3-4424-9CD5-2CA97ADBD961}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{7DB4DCA1-D53F-4EFE-8234-54D67D0A8B0C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7EB9E28C-B390-49D6-86F9-937003C176E5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{83E59150-101F-4C58-8EFE-FB9D953CCD5D}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\firaxis games\sid meier's civilization 4\civilization4.exe |
"{8495B17E-FF2D-46FA-8323-02D6BAE29203}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{84B7B376-B641-47E8-8FEA-026D6366BFA9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{8B71F08F-7D32-49B6-9E02-864981D1A130}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\power of two test app\start.exe |
"{8DA0CE55-B86C-4560-B970-943C0ABEA29C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{92D09F94-72CD-4570-B8F0-64E071EE3B14}" = protocol=17 | dir=in | app=d:\origin games\battlefield 3\bf3.exe |
"{953F4703-6139-4A07-A912-21C8BEF63BD2}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{95C7176B-ACCE-4ED1-8163-2FC10DE4DB7D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9608E8EE-77DA-4BE4-BD64-CDEE2E196F14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{98100A95-EA3E-4AB0-9380-ABAC2FABBF37}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{9D5D45A0-32A0-42FC-BE93-E1B9335F5403}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{9F2B766E-CD82-47B5-84C8-99AF8EEF27FF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A9D78906-F3AA-4A6A-BFDA-28753E71A6F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AD694EF6-828D-4FA3-9EF7-31AEFE9AE865}" = protocol=6 | dir=out | app=system |
"{B49BA2D0-0757-4460-A912-E9E6D6F78B82}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
"{BA9FF125-F1AB-4614-8F2C-2425E4A9EB08}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BECE41B0-310F-4761-AC77-E7DAC98BA978}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{C3C61AB8-68B7-4910-9201-E23A70F9492D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{C459B455-DB22-48B6-8157-785182B32E67}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe |
"{C7D62F17-BB57-40B5-BC4E-5ED4C717E0F7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{CBE424D1-F742-48C4-A672-094F450836FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD60342B-74C9-4A64-A1F3-C9908C431FC6}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{CD9AC28C-FD10-4D72-A081-A2DAD2964BF8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{CF28FE0E-53C2-4745-962B-BE65DCB0951B}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{D9977842-BD50-4247-B33D-40C480152D2F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E1A514E8-8768-40FB-A2FF-84F868E572A6}" = protocol=6 | dir=in | app=d:\origin games\battlefield 3\bf3.exe |
"{E57BA0BC-D372-405F-B1C1-0B5479EEE900}" = dir=in | app=c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe |
"{E7F2BFA0-6F15-4AC8-B5E2-E7BCDBD0E9FD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EC87F043-0534-4D08-99BD-5577B5B13950}" = dir=in | app=d:\program files (x86)\microsoft games\microsoft flight\flight.exe |
"{F477B0B3-1488-4227-8101-4C2D03D332B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F573ECA7-01F7-469F-9095-C609EDAECE55}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{F83DAE9A-5A9E-4B07-90F1-30E741A0059F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\war of the roses\run_game.exe |
"TCP Query User{2687DB61-3837-4CC2-A1D8-DD64DE4F857D}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{329BB28A-D51D-4513-873C-C2FB26065029}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{390B7210-6374-4F25-A503-EF2717112607}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{48B45DDA-308F-47AB-B70F-8A38FD862B64}D:\program files\muzzy lane software\making history gold\bin\makehist.exe" = protocol=6 | dir=in | app=d:\program files\muzzy lane software\making history gold\bin\makehist.exe |
"TCP Query User{7E05C4E9-C369-4F77-B8A4-865C7F0F6063}D:\program files (x86)\condition zero\hl.exe" = protocol=6 | dir=in | app=d:\program files (x86)\condition zero\hl.exe |
"TCP Query User{7E933383-96AB-440E-B963-689AF00D2EF6}D:\darkcomet\darkcomet.exe" = protocol=6 | dir=in | app=d:\darkcomet\darkcomet.exe |
"TCP Query User{86D4DC1F-E654-4A55-B47E-21B70FC0E65F}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{97B78B60-DC09-4684-ADF4-7ADD06979D82}D:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=d:\program files (x86)\bitcoin\bitcoin-qt.exe |
"TCP Query User{9B8A9784-BCFB-4144-B3C4-0635A3751102}C:\program files (x86)\bitcoin\bitcoin.exe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin.exe.exe |
"TCP Query User{A9CC8B6D-00B9-4D7F-B7FA-3D38F3A38026}D:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=d:\program files (x86)\bitcoin\bitcoin-qt.exe |
"TCP Query User{B7CB6436-2D62-4647-B484-36BFD5720EA3}C:\users\owner\downloads\nw.1.20130225d.1.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\nw.1.20130225d.1.exe |
"TCP Query User{C54A7EBC-9A26-45C7-916E-7505C65F4FD6}C:\users\owner\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{C7CBC2C0-DD4D-41C7-B521-C68081E183A6}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C8BADBD3-D36A-4A33-B148-05ACC47407DC}C:\users\owner\downloads\mining_proxy_1.2.0.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\mining_proxy_1.2.0.exe |
"TCP Query User{D61EA8EC-B8AA-4968-B611-C12D6D860359}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{E91F5DD4-B3CD-41A6-862D-C24AEBBC7410}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{EB3AA562-06F0-4891-8B94-6754B76803FF}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
"TCP Query User{ECCC578B-662C-4D46-892B-43C7730EEBE7}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{00528B85-6CAF-4241-A82E-CDCB52F47B4F}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{02CF9E43-7D23-4F15-B24E-F428124F0A56}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
"UDP Query User{0526D660-4DA7-4956-AC00-A2733F92535B}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
"UDP Query User{08A95BA4-5A37-426C-8174-396660445F3C}C:\program files (x86)\bitcoin\bitcoin.exe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin.exe.exe |
"UDP Query User{0932C9D9-01D2-4575-AA63-4EA42E96A141}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{15839CA2-538E-4B47-862F-C2037110246C}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{2CFD309A-6598-4C88-8770-B6BE8C59F416}D:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=d:\program files (x86)\bitcoin\bitcoin-qt.exe |
"UDP Query User{3F639829-BE25-4369-A5B5-88B3DA26CB83}D:\program files\muzzy lane software\making history gold\bin\makehist.exe" = protocol=17 | dir=in | app=d:\program files\muzzy lane software\making history gold\bin\makehist.exe |
"UDP Query User{6DAA5AFE-A9E7-4ACE-B03D-1EA085296F0F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{721AD087-E3B2-49A7-95ED-CA82C977956B}C:\users\owner\downloads\mining_proxy_1.2.0.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\mining_proxy_1.2.0.exe |
"UDP Query User{76D20B8A-F2C6-4B39-A968-8884564EA529}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{7E0D4F7A-BAD3-49C7-AB3E-04701173DBAA}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"UDP Query User{8B0C071B-3A36-4221-A7A2-803FAD6932F1}D:\program files (x86)\condition zero\hl.exe" = protocol=17 | dir=in | app=d:\program files (x86)\condition zero\hl.exe |
"UDP Query User{AF9CC29D-2FCB-4BAF-838C-E2084D8025A4}D:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=d:\program files (x86)\bitcoin\bitcoin-qt.exe |
"UDP Query User{CFB1242C-4F8F-4A3E-98E7-479A2506E7B7}D:\darkcomet\darkcomet.exe" = protocol=17 | dir=in | app=d:\darkcomet\darkcomet.exe |
"UDP Query User{EB8A52AB-52BC-409B-A6B4-6B01BA331C2F}C:\users\owner\downloads\nw.1.20130225d.1.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\nw.1.20130225d.1.exe |
"UDP Query User{F3DF052E-DB7A-40FD-AF26-109BE2AC28E8}C:\users\owner\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{FDC43C8A-9D54-4100-B939-F92AA9FDD303}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1AB648D7-5FDE-321E-825A-4FE93A0890F5}" = Microsoft .NET Framework 4 Extended HEB Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA מנהל ההתקן עבור ‎3D Vision 320.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = לוח הבקרה של NVIDIA 320.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA מנהל התקן עבור נתונים גרפיים 320.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA מנהל ההתקן של בקר ‎3D Vision 320.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA תכנת PhysX מערכת 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = עדכוני NVIDIA 3.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA מנהל ההתקן עבור שמע בתקן HD 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CB457D7C-D242-31CB-83C7-DDCF16418360}" = Microsoft .NET Framework 4 Client Profile HEB Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile HEB Language Pack" = Microsoft .NET Framework 4 Client Profile HEB Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended HEB Language Pack" = Microsoft .NET Framework 4 Extended HEB Language Pack
"Recuva" = Recuva
"Speccy" = Speccy
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1A01191E-7750-4D43-AA86-64DDDA437070}" = Responsa CD18
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D5308D2-DC8E-4658-A37C-351000048100}" = Microsoft Flight
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{CB92C58B-7BDF-48E3-92E3-51768DCCA585}_is1" = EVGA OC Scanner X 2.1.2
"{DBD76811-6CF0-4A15-9436-B779C3A36929}_is1" = Acunetix Web Vulnerability Scanner 8.0
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E7A8BC75-50A9-32F2-8DFB-C499D21881B7}" = Google Talk Plugin
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BSPlayerf" = BS.Player FREE
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"CleanMem" = CleanMem
"Condition Zero" = Condition Zero
"DarkComet RAT Remover_is1" = DarkComet RAT Remover version 1.0
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESN Sonar-0.70.4" = ESN Sonar
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.21.1212
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"FreeFileViewer_is1" = Free File Viewer 2012
"GFWL_{4D5308D2-DC8E-4658-A37C-351000048100}" = Microsoft Flight
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"MakingHistoryGold" = Making History Gold
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetsparkerCommunityEdition" = Netsparker [Community Edition] - Web Application Security Scanner
"NoIPDUC" = No-IP DUC
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Picasa 3" = Picasa 3
"Simple Port Forwarding" = Simple Port Forwarding
"Steam App 10500" = Empire: Total War
"Steam App 229690" = Gauntlet Quest
"Steam App 400" = Portal
"Steam App 42160" = War of the Roses
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 570" = Dota 2
"Steam App 57690" = Tropico 4
"Steam App 620" = Portal 2
"TeamViewer 8" = TeamViewer 8
"TrueCrypt" = TrueCrypt
"Trusted Software Assistant_is1" = File Type Assistant
"Uplink" = Uplink (remove only)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.0
"webmmf" = WebM Media Foundation Components

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"Akamai" = Akamai NetSession Interface
"Bitcoin" = Bitcoin
"Google Chrome" = Google Chrome
"SOE-C:/Users/owner/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/7/2013 2:22:16 PM | Computer Name = Yehonatanst-pc | Source = WinMgmt | ID = 10
Description =

Error - 5/7/2013 3:04:34 PM | Computer Name = Yehonatanst-pc | Source = VSS | ID = 12310
Description =

Error - 5/7/2013 3:04:34 PM | Computer Name = Yehonatanst-pc | Source = VSS | ID = 12298
Description =

Error - 5/7/2013 3:32:03 PM | Computer Name = Yehonatanst-pc | Source = Application Hang | ID = 1002
Description = ????????? avscan.exe ?????? 13.6.0.1262 ?????? ????? ?????????? ??
Windows ??????. ??? ????? ?? ?? ???? ???? ???? ????? ?????, ???? ?? ????????? ?????
???? ????? ?? ???? ???????. ???? ?????: 1274 ??? ?????: 01ce4b52a0b86ca6 ??? ????:
60000 ???? ?????: c:\program files (x86)\avira\antivir desktop\avscan.exe ???? ???:
9c051129-b74c-11e2-bfa6-50e54927f33f

Error - 5/7/2013 3:52:22 PM | Computer Name = Yehonatanst-pc | Source = WinMgmt | ID = 10
Description =

Error - 5/7/2013 4:26:01 PM | Computer Name = Yehonatanst-pc | Source = SideBySide | ID = 16842815
Description = ??????? ???? ????? ????? ???? ''d:\program files (x86)\spybot - search
& destroy\DelZip179.dll''. ????? ????? ??????? ?? ???????? ''d:\program files (x86)\spybot
- search & destroy\DelZip179.dll'' ????? 8. ???? ''*'' ?? ?????? ''language'' ?????
''assemblyIdentity'' ???? ????.

Error - 5/7/2013 4:52:22 PM | Computer Name = Yehonatanst-pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/7/2013 4:52:22 PM | Computer Name = Yehonatanst-pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15584

Error - 5/7/2013 4:52:22 PM | Computer Name = Yehonatanst-pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15584

Error - 5/8/2013 11:06:15 AM | Computer Name = Yehonatanst-pc | Source = Application Hang | ID = 1002
Description = ????????? avconfig.exe ?????? 13.6.0.1246 ?????? ????? ??????????
?? Windows ??????. ??? ????? ?? ?? ???? ???? ???? ????? ?????, ???? ?? ?????????
????? ???? ????? ?? ???? ???????. ???? ?????: ca0 ??? ?????: 01ce4bfd570ef106 ???
????: 60000 ???? ?????: C:\program files (x86)\avira\antivir desktop\avconfig.exe

????
???: a86a8882-b7f0-11e2-a1c8-50e54927f33f

[ System Events ]
Error - 5/4/2013 1:11:36 PM | Computer Name = Yehonatanst-pc | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = ??????? ????? ????? ?????? ?? WLAN ?????. ???? ?????: C:\Windows\system32\athExt.dll
???
?????: 126

Error - 5/4/2013 1:13:21 PM | Computer Name = Yehonatanst-pc | Source = Service Control Manager | ID = 7009
Description = ???????? ????? ???? ??? ???? (30000 ?????? ????) ????? ????? ??????
?? ????? Steam Client Service.

Error - 5/4/2013 1:13:21 PM | Computer Name = Yehonatanst-pc | Source = Service Control Manager | ID = 7000
Description = ??????? ?????? Steam Client Service ????? ??? ?????? ????: %%1053

Error - 5/4/2013 4:36:53 PM | Computer Name = Yehonatanst-pc | Source = volsnap | ID = 393252
Description = ??????? ??? ?? ????? ?????? C: ????? ???? ?????? ???? ?????? ?? ?????
??? ?? ?????? ??? ????? ?????? ??-??? ??????.

Error - 5/5/2013 2:23:05 AM | Computer Name = Yehonatanst-pc | Source = Service Control Manager | ID = 7011
Description = ???????? ????? ???? ??? ???? (30000 ?????? ????) ????? ????? ??????
???????? ?????? Netman.

Error - 5/7/2013 1:25:15 PM | Computer Name = Yehonatanst-pc | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = ??????? ????? ????? ?????? ?? WLAN ?????. ???? ?????: C:\Windows\system32\athExt.dll
???
?????: 126

Error - 5/7/2013 2:21:49 PM | Computer Name = Yehonatanst-pc | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = ??????? ????? ????? ?????? ?? WLAN ?????. ???? ?????: C:\Windows\system32\athExt.dll
???
?????: 126

Error - 5/7/2013 2:24:21 PM | Computer Name = Yehonatanst-pc | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/7/2013 3:50:49 PM | Computer Name = Yehonatanst-pc | Source = DCOM | ID = 10010
Description =

Error - 5/7/2013 3:51:57 PM | Computer Name = Yehonatanst-pc | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = ??????? ????? ????? ?????? ?? WLAN ?????. ???? ?????: C:\Windows\system32\athExt.dll
???
?????: 126


< End of report >

yehonatans
2013-05-08, 21:15
OTL logfile created on: 5/8/2013 7:57:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: ארצות הברית | Language: ENU | Date Format: M/d/yyyy

3.98 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.76% Memory free
7.97 Gb Paging File | 4.97 Gb Available in Paging File | 62.46% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.10 Gb Total Space | 26.70 Gb Free Space | 26.68% Space Free | Partition Type: NTFS
Drive D: | 365.57 Gb Total Space | 175.91 Gb Free Space | 48.12% Space Free | Partition Type: NTFS
Drive E: | 4.99 Gb Total Space | 1.01 Gb Free Space | 20.31% Space Free | Partition Type: FAT32

Computer Name: YEHONATANST-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/08 19:57:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
PRC - [2013/05/07 14:53:26 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/05/04 02:35:30 | 001,635,752 | ---- | M] (Valve Corporation) -- D:\Program Files (x86)\steam\Steam.exe
PRC - [2013/05/04 02:35:30 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/04/23 10:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/04/22 17:52:56 | 000,079,384 | ---- | M] (Google) -- C:\Users\owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/04/18 22:15:42 | 000,412,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/04/16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/04/05 16:34:57 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/30 22:29:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/03/30 22:28:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/03/24 11:46:23 | 000,976,672 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/03/24 11:41:08 | 001,927,968 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/03/24 11:40:57 | 001,074,976 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
PRC - [2013/02/15 17:44:15 | 001,516,496 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2013/02/14 04:01:17 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012/12/18 17:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/13 16:16:04 | 001,009,840 | ---- | M] () -- D:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe
PRC - [2010/11/21 06:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/10/05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/01/30 02:08:40 | 000,077,824 | ---- | M] () -- D:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2006/09/15 14:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe
PRC - [2005/07/16 00:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/08 18:04:08 | 001,175,040 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\wx._core_.pyd
MOD - [2013/05/08 18:04:08 | 001,153,024 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\_ssl.pyd
MOD - [2013/05/08 18:04:08 | 001,062,400 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\wx._controls_.pyd
MOD - [2013/05/08 18:04:08 | 001,022,416 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\windows._cacheinvalidation.pyd
MOD - [2013/05/08 18:04:08 | 000,811,008 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\wx._windows_.pyd
MOD - [2013/05/08 18:04:08 | 000,805,888 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\wx._gdi_.pyd
MOD - [2013/05/08 18:04:08 | 000,735,232 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\wx._misc_.pyd
MOD - [2013/05/08 18:04:08 | 000,711,680 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\_hashlib.pyd
MOD - [2013/05/08 18:04:08 | 000,686,080 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\unicodedata.pyd
MOD - [2013/05/08 18:04:08 | 000,557,056 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\pysqlite2._sqlite.pyd
MOD - [2013/05/08 18:04:08 | 000,364,544 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\pythoncom27.dll
MOD - [2013/05/08 18:04:08 | 000,320,512 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32com.shell.shell.pyd
MOD - [2013/05/08 18:04:08 | 000,128,512 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\_elementtree.pyd
MOD - [2013/05/08 18:04:08 | 000,127,488 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\pyexpat.pyd
MOD - [2013/05/08 18:04:08 | 000,122,368 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\wx._wizard.pyd
MOD - [2013/05/08 18:04:08 | 000,119,808 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32file.pyd
MOD - [2013/05/08 18:04:08 | 000,110,080 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\pywintypes27.dll
MOD - [2013/05/08 18:04:08 | 000,108,544 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32security.pyd
MOD - [2013/05/08 18:04:08 | 000,098,816 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32api.pyd
MOD - [2013/05/08 18:04:08 | 000,087,040 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\_ctypes.pyd
MOD - [2013/05/08 18:04:08 | 000,070,656 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\wx._html2.pyd
MOD - [2013/05/08 18:04:08 | 000,044,032 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\_socket.pyd
MOD - [2013/05/08 18:04:08 | 000,038,912 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32inet.pyd
MOD - [2013/05/08 18:04:08 | 000,035,840 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32process.pyd
MOD - [2013/05/08 18:04:08 | 000,026,624 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\_multiprocessing.pyd
MOD - [2013/05/08 18:04:08 | 000,025,600 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32pdh.pyd
MOD - [2013/05/08 18:04:08 | 000,022,528 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32ts.pyd
MOD - [2013/05/08 18:04:08 | 000,018,432 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32event.pyd
MOD - [2013/05/08 18:04:08 | 000,017,408 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32profile.pyd
MOD - [2013/05/08 18:04:08 | 000,011,264 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32crypt.pyd
MOD - [2013/05/08 18:04:08 | 000,010,240 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\select.pyd
MOD - [2013/05/04 02:35:30 | 001,114,536 | ---- | M] () -- D:\Program Files (x86)\steam\bin\chromehtml.dll
MOD - [2013/04/24 05:30:08 | 000,652,800 | ---- | M] () -- D:\Program Files (x86)\steam\SDL2.dll
MOD - [2013/04/09 11:57:07 | 000,390,096 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
MOD - [2013/04/09 11:57:06 | 013,130,704 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 11:57:05 | 004,050,896 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 11:56:15 | 000,598,480 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 11:56:14 | 000,124,368 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 11:56:13 | 001,606,096 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/03/27 03:16:40 | 020,341,672 | ---- | M] () -- D:\Program Files (x86)\steam\bin\libcef.dll
MOD - [2012/12/11 20:51:10 | 001,100,800 | ---- | M] () -- D:\Program Files (x86)\steam\bin\avcodec-53.dll
MOD - [2012/12/11 20:51:10 | 000,192,000 | ---- | M] () -- D:\Program Files (x86)\steam\bin\avformat-53.dll
MOD - [2012/12/11 20:51:10 | 000,124,416 | ---- | M] () -- D:\Program Files (x86)\steam\bin\avutil-51.dll
MOD - [2012/12/04 19:02:33 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2007/01/30 02:08:40 | 000,077,824 | ---- | M] () -- D:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Services (SafeList) ==========

SRV:[b]64bit: - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/04 02:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/04/23 10:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/18 22:15:42 | 000,412,960 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/04/05 16:34:57 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/30 22:29:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/03/30 22:28:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/03/24 11:41:08 | 001,927,968 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 17:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/04 19:02:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/29 11:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 03:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/06/13 16:16:04 | 001,009,840 | ---- | M] () [Auto | Running] -- D:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe -- (AcuWVSSchedulerv8)
SRV - [2010/10/05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/30 22:29:25 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/03/30 22:29:25 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/03/30 22:29:25 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/02/25 08:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/02/15 17:44:15 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/10 03:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/23 17:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 17:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 17:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/11 09:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/10/05 10:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/10 19:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/12/24 10:32:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/01/05 20:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 03:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/01/23 15:48:00 | 000,136,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2007/01/23 15:47:00 | 000,112,400 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2007/01/23 15:47:00 | 000,035,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2006/11/08 15:58:30 | 012,296,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/11/08 15:57:50 | 012,006,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?rd=1&ucc=IL&dcc=IL&opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 50 06 02 2D B1 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{77453DE9-748C-4165-AE42-941B70D4840E}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKCU\..\SearchScopes\{7AF8ED95-13ED-498a-88AF-E8AEF88A364F}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKCU\..\SearchScopes\{AAFDF7C2-4043-4118-BA5A-3E879506BE40}: "URL" = http://isearch.avg.com/search?cid={43F39CBB-458C-4555-9809-00AE1B0AC486}&mid=fe25f96646f647d19b6081ac0fc31acc-599363268f4c5dfb44aa55eea572ac49793f7bca&lang=en&ds=AVG&pr=fr&d=2012-05-13 16:19:48&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{F9DE3B5C-D14A-45f2-90F5-9641C660CA0B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..extensions.enabledAddons: demautoscout%40ud-malton.info:1.25.2
FF - prefs.js..extensions.enabledAddons: %7B24cea704-946d-11da-a72b-0800200c9a66%7D:1.5.1
FF - prefs.js..extensions.enabledAddons: proxytool%40proxylist.co:1.19
FF - prefs.js..extensions.enabledAddons: client%40anonymox.net:1.0.1
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.3
FF - prefs.js..extensions.enabledAddons: %7B7AC261D0-B949-47CA-B9E8-477013A15A6E%7D:1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: demautoscout@ud-malton.info:1.25.2
FF - prefs.js..extensions.enabledItems: {24cea704-946d-11da-a72b-0800200c9a66}:1.5.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\owner\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\owner\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2013/03/28 00:32:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins

[2012/12/10 10:37:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2013/05/07 21:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\6w8cv86h.default\extensions
[2012/12/10 10:38:00 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\6w8cv86h.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}
[2013/04/28 12:42:13 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\6w8cv86h.default\extensions\{7AC261D0-B949-47CA-B9E8-477013A15A6E}
[2012/12/10 10:38:00 | 000,000,000 | ---D | M] ("DEM AutoScout") -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\6w8cv86h.default\extensions\demautoscout@ud-malton.info
[2013/05/07 21:18:51 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\6w8cv86h.default\extensions\firefox@ghostery.com
[2013/01/30 23:06:15 | 000,363,736 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\6w8cv86h.default\extensions\client@anonymox.net.xpi
[2012/12/22 23:14:53 | 000,153,941 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\6w8cv86h.default\extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi
[2012/12/22 23:33:06 | 000,690,228 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\6w8cv86h.default\extensions\proxytool@proxylist.co.xpi
[2013/03/27 23:45:02 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\6w8cv86h.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/ig
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.80.2_0\npBP4FUpdater.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\npqscan.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: Media Hint = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja\0.1.12_0\
CHR - Extension: Google Drive = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Bitcoin Ticker = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkjcngcenokaadmhbmcokmkanjibmmje\0.3.2_0\
CHR - Extension: AdBlock = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: Cryptocat = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gonbigodpnfghidmnphnadhepmbabhij\2.0.41_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Social Fixer for Facebook = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\7.501_0\
CHR - Extension: Social Fixer = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm\7.501_0\
CHR - Extension: Country Flags = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\keifkkbjefbkgedeolmccljagcmphldp\1.3_0\
CHR - Extension: Psykopaint = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak

O1 HOSTS File: ([2012/11/30 12:20:32 | 000,444,933 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15280 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: mhpractice.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: mhpractice.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: muzzylane.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: muzzylane.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3267CDE9-0AFF-4F78-9B40-998F67A56B08}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89D6E89B-E882-4251-B8D4-830B933164DF}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d5602d3a-8755-11e2-8ab9-50e54927f33f}\Shell - "" = AutoRun
O33 - MountPoints2\{d5602d3a-8755-11e2-8ab9-50e54927f33f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{feaba400-0092-11e1-b780-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{feaba400-0092-11e1-b780-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/05/08 18:16:35 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\RK_Quarantine
[2013/05/07 21:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/05/07 21:28:44 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
[2013/05/07 21:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/07 21:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/07 21:28:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/05/07 21:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/05/07 14:54:25 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/05/03 17:14:13 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\userstmp
[2013/05/03 17:14:13 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\usersold
[2013/05/03 17:14:13 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\users
[2013/05/01 14:55:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/04/30 19:24:58 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Computer Stuff
[2013/04/30 19:24:19 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Hacking
[2013/04/30 19:23:24 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Games
[2013/04/30 19:23:00 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Nvidia
[2013/04/30 19:22:35 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\AntiVirus
[2013/04/27 21:00:03 | 000,194,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013/04/27 21:00:03 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013/04/27 21:00:02 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/04/27 21:00:02 | 007,578,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/04/27 21:00:02 | 002,937,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/04/27 21:00:02 | 002,361,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/04/27 21:00:02 | 000,443,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013/04/27 21:00:02 | 000,421,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013/04/27 21:00:02 | 000,266,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013/04/27 21:00:02 | 000,214,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013/04/27 21:00:01 | 027,765,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/04/27 21:00:01 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/04/27 21:00:01 | 021,088,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/04/27 21:00:01 | 013,382,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/04/27 21:00:01 | 009,362,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/04/27 21:00:01 | 007,820,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/04/27 21:00:01 | 006,276,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/04/27 21:00:01 | 002,749,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/04/27 21:00:01 | 001,999,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/04/27 21:00:01 | 001,832,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432000.dll
[2013/04/27 21:00:01 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432000.dll
[2013/04/27 21:00:01 | 000,922,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013/04/27 21:00:01 | 000,550,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013/04/27 21:00:01 | 000,518,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013/04/27 21:00:01 | 000,218,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013/04/27 21:00:01 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013/04/26 12:47:01 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\LOVE
[2013/04/18 22:16:46 | 000,563,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013/04/18 22:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/18 22:01:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/04/18 22:01:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/04/18 22:01:42 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/04/10 20:27:23 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/10 20:27:22 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/10 20:27:22 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/04/10 20:27:21 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/10 20:27:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/04/10 20:27:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/04/10 20:27:21 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/04/10 20:27:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/04/10 20:27:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/04/10 20:27:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/04/10 20:27:21 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/04/10 20:27:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/04/10 20:27:18 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/10 20:27:18 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/10 20:27:18 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/10 19:49:56 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 19:49:55 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 19:49:55 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 19:49:55 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 19:49:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 19:49:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/08 19:13:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-602907812-2840791192-3910771129-1000UA.job
[2013/05/08 19:07:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/08 18:12:34 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/08 18:03:37 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-602907812-2840791192-3910771129-1000UA.job
[2013/05/08 18:03:37 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-602907812-2840791192-3910771129-1000Core.job
[2013/05/08 18:03:37 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-602907812-2840791192-3910771129-1000Core.job
[2013/05/08 18:03:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/07 23:29:34 | 000,029,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/07 23:29:34 | 000,029,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/07 22:51:51 | 3208,093,696 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/07 22:12:10 | 001,243,378 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/07 22:12:10 | 000,660,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/07 22:12:10 | 000,390,642 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2013/05/07 22:12:10 | 000,121,168 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/07 22:12:10 | 000,083,874 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2013/05/07 21:28:31 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/07 14:53:45 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/04/25 15:34:08 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/04/19 07:24:21 | 027,765,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/04/19 07:24:21 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/04/19 07:24:21 | 021,088,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/04/19 07:24:21 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/04/19 07:24:21 | 015,876,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013/04/19 07:24:21 | 015,135,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/04/19 07:24:21 | 013,382,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/04/19 07:24:21 | 012,417,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013/04/19 07:24:21 | 009,362,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/04/19 07:24:21 | 007,820,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/04/19 07:24:21 | 007,578,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/04/19 07:24:21 | 006,276,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/04/19 07:24:21 | 002,937,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/04/19 07:24:21 | 002,921,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013/04/19 07:24:21 | 002,749,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/04/19 07:24:21 | 002,585,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013/04/19 07:24:21 | 002,361,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/04/19 07:24:21 | 001,999,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/04/19 07:24:21 | 001,832,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432000.dll
[2013/04/19 07:24:21 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432000.dll
[2013/04/19 07:24:21 | 001,055,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013/04/19 07:24:21 | 000,922,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013/04/19 07:24:21 | 000,550,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013/04/19 07:24:21 | 000,518,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013/04/19 07:24:21 | 000,443,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013/04/19 07:24:21 | 000,421,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013/04/19 07:24:21 | 000,266,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013/04/19 07:24:21 | 000,218,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013/04/19 07:24:21 | 000,214,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013/04/19 07:24:21 | 000,181,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013/04/19 07:24:21 | 000,020,536 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/04/19 05:46:06 | 006,488,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013/04/19 05:46:06 | 003,511,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013/04/19 05:46:01 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013/04/19 05:46:01 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013/04/19 05:46:01 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013/04/18 22:16:46 | 000,563,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013/04/17 20:30:28 | 003,122,645 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/04/10 22:14:02 | 000,415,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

yehonatans
2013-05-08, 21:16
========== Files Created - No Company Name ==========

[2013/05/07 21:28:31 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/25 15:34:08 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/04/25 15:34:08 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/04/17 17:44:33 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-602907812-2840791192-3910771129-1000UA.job
[2013/04/17 17:44:32 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-602907812-2840791192-3910771129-1000Core.job
[2013/03/28 19:49:45 | 001,233,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/26 21:38:22 | 000,000,018 | ---- | C] () -- C:\Windows\cmm.dat
[2012/12/02 02:47:00 | 000,019,329 | ---- | C] () -- C:\Users\owner\AppData\Roaming\UserTile.png
[2012/10/10 03:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 03:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 03:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/08/07 12:50:23 | 000,007,598 | ---- | C] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
[2012/07/31 18:17:58 | 000,280,792 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/13 22:01:22 | 000,034,764 | ---- | C] () -- C:\Users\owner\AppData\Local\dt.dat
[2012/06/09 22:27:20 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/05/30 15:47:17 | 000,009,216 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/14 17:55:23 | 000,000,632 | RHS- | C] () -- C:\Users\owner\ntuser.pol
[2012/03/29 18:37:29 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\thunk.dll
[2012/03/29 18:36:33 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\infoccom.dat.dll
[2012/03/29 18:30:42 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\X3DAucom.dat.dll
[2012/03/27 21:04:55 | 000,024,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2012/03/27 21:04:55 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2012/03/27 21:04:54 | 012,006,784 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2012/03/27 21:04:54 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll
[2012/03/18 20:33:30 | 003,502,080 | ---- | C] () -- C:\Windows\SysWow64\auditsvr.exe
[2012/01/12 18:36:54 | 000,000,044 | ---- | C] () -- C:\Users\owner\jagex_cl_runescape_LIVE.dat
[2012/01/12 18:36:54 | 000,000,001 | ---- | C] () -- C:\Users\owner\random.dat
[2011/12/29 18:26:31 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/11/03 19:50:34 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/01 08:16:13 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/10/27 15:23:57 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/10/27 15:19:16 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 08:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 07:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 08:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 09:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 09:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 09:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 06:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 06:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 04:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 04:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 06:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 06:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 06:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 06:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 06:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 06:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD5000AAKX-001CA0 ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 100.00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 366.00GB
Starting Offset: 107583897600
Hidden sectors: 0


========== Files - Unicode (All) ==========
[2013/04/03 21:10:57 | 001,313,597 | ---- | M] ()(C:\Users\owner\Desktop\???? (1).docx) -- C:\Users\owner\Desktop\מבוא (1).docx
[2013/04/03 21:10:51 | 001,313,597 | ---- | C] ()(C:\Users\owner\Desktop\???? (1).docx) -- C:\Users\owner\Desktop\מבוא (1).docx
[2012/07/18 21:58:28 | 000,000,657 | ---- | M] ()(C:\Users\owner\Desktop\movies - ????? ???.lnk) -- C:\Users\owner\Desktop\movies - קיצור דרך.lnk
[2012/07/15 12:23:37 | 000,000,657 | ---- | C] ()(C:\Users\owner\Desktop\movies - ????? ???.lnk) -- C:\Users\owner\Desktop\movies - קיצור דרך.lnk
[2011/10/27 15:02:51 | 000,000,000 | -HSD | M](C:\Users\owner\????? ?????) -- C:\Users\owner\תפריט התחלה
[2011/10/27 15:02:51 | 000,000,000 | -HSD | M](C:\Users\owner\????? ?????) -- C:\Users\owner\תפריט התחלה
[2011/10/27 15:02:44 | 000,000,000 | -HSD | M](C:\ProgramData\????? ??????) -- C:\ProgramData\שולחן העבודה
[2011/10/27 15:02:44 | 000,000,000 | -HSD | M](C:\ProgramData\????? ?????) -- C:\ProgramData\תפריט התחלה
[2011/10/27 15:02:44 | 000,000,000 | -HSD | M](C:\ProgramData\????? ??????) -- C:\ProgramData\שולחן העבודה
[2011/10/27 15:02:44 | 000,000,000 | -HSD | M](C:\ProgramData\????? ?????) -- C:\ProgramData\תפריט התחלה
(C:\Users\owner\????? ?????) -- C:\Users\owner\תפריט התחלה
(C:\ProgramData\????? ??????) -- C:\ProgramData\שולחן העבודה
(C:\ProgramData\????? ?????) -- C:\ProgramData\תפריט התחלה

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\????? ?????] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\???????] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\????? ?????] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\???????] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:82F50D1C
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:261DD7EA

< End of report >

Satchfan
2013-05-09, 12:08
Hi

There is a fair bit of residue from this malware and we’ll start cleaning it shortly but I need some additional information before we begin.

Can you tell me if you set this proxy:

ProxyOverride" = 127.0.0.1:9421;*.local

Also, there are some Firefox entries, some of which seem to be “Urban Dead”-related. Can you tell me if these are intentional addons/extensions:

FF - prefs.js..extensions.enabledAddons: demautoscout%40ud-malton.info:1.25.2
FF - prefs.js..extensions.enabledAddons: %7B24cea704-946d-11da-a72b-0800200c9a66%7D:1.5.1
FF - prefs.js..extensions.enabledAddons: proxytool%40proxylist.co:1.19
FF - prefs.js..extensions.enabledAddons: client%40anonymox.net:1.0.1
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.3
FF - prefs.js..extensions.enabledAddons: %7B7AC261D0-B949-47CA-B9E8-477013A15A6E%7D:1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: :1.25.2
FF - prefs.js..extensions.enabledItems: {24cea704-946d-11da-a72b-0800200c9a66}:1.5.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
[2012/12/22 23:14:53 | 000,153,941 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\6w8cv86h.default\extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi
[2012/12/22 23:33:06 | 000,690,228 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\6w8cv86h.default\extensions\proxytool@proxylist.co.xpi

It might be easier for you to look at the Addons/Extensions and tell me which are intentional.

To see them, open Firefox, click on Tools > Addons.

Please let me know about all these questions and we can get started. :)

yehonatans
2013-05-10, 11:00
Anything "Urban Dead" related is intentional.
this is a list of Firefox extentions:
AnonymoX
DEM autoscout
ghostery
Greasemonkey
Panic button
Proxytool

The SelectionLinks is not intentional, should I remove it?

I do not know if that proxy was intentional, it might be, but I cannot remember if I set it up. (I probably haven't)

Again, thank you very much :)

Satchfan
2013-05-10, 13:29
Thanks for the info.


The SelectionLinks is not intentional, should I remove it? If it is listed, definitely.


Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Run OTL


double click on the icon to run it.
copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL


:Services

:OTL
IE - HKCU\..\SearchScopes\{77453DE9-748C-4165-AE42-941B70D4840E}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKCU\..\SearchScopes\{7AF8ED95-13ED-498a-88AF-E8AEF88A364F}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKCU\..\SearchScopes\{AAFDF7C2-4043-4118-BA5A-3E879506BE40}: "URL" = http://isearch.avg.com/search?cid={43F39CBB-458C-4555-9809-00AE1B0AC486}&mid=fe25f96646f647d19b6081ac0fc31acc-599363268f4c5dfb44aa55eea572ac49793f7bca&lang=en&ds=AVG&pr=fr&d=2012-05-13 16:19:48&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{F9DE3B5C-D14A-45f2-90F5-9641C660CA0B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local
FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "Privitize VPN"

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[Reboot]

click the Run Fix button at the top
let the program run unhindered, reboot when it is done
please post the OTL fix log and new OTL log.

===================================================

Run CKScanner

Download CKScanner by askey127 from here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
doubleclick CKScanner.exe then click Search For Files
when the cursor hourglass disappears, click Save List To File
a message box will verify the file saved
double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

Logs to include in the next post:

OTL fix log
New OTL log
CKFiles.txt

Satchfan

yehonatans
2013-05-10, 15:37
It seems to have worked. Is there anything else I should do?

Satchfan
2013-05-11, 00:12
You have a illegal software on your system, which is probably how your computer became infected. Besides being illegal, cracks/keygens are the most certain means of infecting your system, as ALL illegal software contains some form of malicious code.

This forum, as well as all the other malware removal forums, does not condone the use of illegal software and does not offer support unless it is for the removal of it.

Continuing to help you could be viewed as supporting/condoning this.

If you want to continue, what I need you to do is to uninstall all the illegal software that you have downloaded and installed.

When you have done this, run CKScanner again and post a new log. If I don’t hear back from you in 24 hours this thread will be closed and no more help will be offered.

Satchfan

yehonatans
2013-05-11, 20:28
[QUOTE=Satchfan;440673]You have a illegal software on your system, which is probably how your computer became infected. Besides being illegal, cracks/keygens are the most certain means of infecting your system, as ALL illegal software contains some form of malicious code.

Illegal?
What is illegal on the computer?
As far as I know only my brother and I use this computer, and I don't think he would do such a thing, and I definitely didnt.
Tell me what it is and I will remove it immediately.

Satchfan
2013-05-12, 01:07
Hi yehonatans

The results that came back were as the result of having suspect files/extensions. Having checked further, I’m happy that you are not using any illegitimate programs, so let's see what we can find.

Let's have a deeper look to make sure that there is nothing else lurking.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
--------------------------------------------------------------------

double click on ComboFix.exe & follow the prompts.
when finished, it will produce a report: please post the C:\ComboFix.txt log in your reply.

Satchfan

yehonatans
2013-05-12, 08:09
WHAT DID YOU DO!?!?
I ran it, did what ever it told me, disabled my anti-virus, all of it.
I let the "combo fix" do its magic, restart my computer and give me the report, i look over it, see that it destroyed many things in system32.
"Well, if he says it will fix something, that's cool"
Try to open chrome to thank you, post the info and tell you that i will donate to Spybot.
Cannot open
"WTF?"
try again, says something like "illegal action on a file that needs to be deleted."
"WTF?"
freak out, try to open ie, same thing, try to open avira, same thing, try to open random stuff, same thing.
WTF did he do?
System restore.
Succes!

Care to explain?

Satchfan
2013-05-12, 10:45
It's quite normal to be disconnected after running ComboFix but a reboot should have been all that was required.

Please send the ComboFix log. It can be found at c:\combofix.txt

Thanks

Satchfan

yehonatans
2013-05-12, 20:57
Disconnected?
I couldn't open something that wasn't a part of windows!
I checked combofix, there is no reason it should be running on my computer, its targets are 3 viruses that I have not reported and mostly CANNOT infect a win7 machine.
I restarted, to no effect, no way I am running this again, the computer is functioning normally, if it comes back, so be it, i will ask again, but if this taught me one thing- If it aint broke, dont fix it.

Thank you for your help.

Satchfan
2013-05-13, 00:30
My Spybot reported that it solved 2 out of 8 SelectionLinks problems and told me to restart to get rid of the rest, 2 restarts later, spybot still cannot find any problem.

Anyway, I am hoping you can help meIt appears that you required help.


If it aint broke, dont fix it. I'm unsure about whether you need help or not. :confused:

Please let me know what your current situation is.

Satchfan

yehonatans
2013-05-13, 14:04
Currently everything is fine, I needed help and you helped me.
I do not have SelectionLinks anymore.
But the final thing that you asked me to use (combofix) almost ruined my computer.
So I used a system restore, and everything is fine now.
I meant to say that i do not see a reason to use combofix, as its targets are malware/adware that cannot infect my computer.

Satchfan
2013-05-13, 16:46
I checked combofix, there is no reason it should be running on my computer, its targets are 3 viruses that I have not reported and mostly CANNOT infect a win7 machine. ComboFix does NOT target 3 viruses and anything can infect a Windows 7 machine. If safety precautions are not taken, Windows 7 is no more immune to malware than any other operating system.


(combofix) almost ruined my computer.That is highly unlikely. I don't know where you got your information from but it is very misguided. When you are using ComboFix with guidance from someone who knows how it works, it will do no harm.


If you no longer require help, that is your choice. As long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

Uninstall Combofix

Follow these steps to uninstall Combofix


click START then RUN
now type Combofix /uninstall in the runbox and click OK.

Note the space between the X and the /, it needs to be there.

http://i944.photobucket.com/albums/ad283/Ninamf/WTT/CFuninstall.jpg


please follow the prompts to uninstall Combofix.
once it's finished uninstalling itself you will receive a message saying Combofix was uninstalled successfully.

===================================================

Uninstall OTL


double-click OTL.exe
click the CleanUp! button.
select Yes when the Begin cleanup Process? prompt appears.
if you are prompted to reboot during the cleanup, select Yes.
the tool will delete itself once it finishes, if not delete it by yourself.

NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

===================================================

Uninstall AdwCleaner


double click on adwcleaner.exe to run the tool
click on Uninstall
confirm with Yes.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Update installed programs

Your version Adobe Reader is out-of-date and need to be removed and updated.

To remove it:


click on Start, Control Panel, Programs and Features
click on Adobe Reader and then on Remove
also uninstall Java 1.7.0_11 and any othere version except version 21, which is the latest.

Visit Adobe (http://www.adobe.com/products/acrobat/readstep2_allversions.html) and download the latest version of Acrobat Reader.

Having the latest updates ensures there are no security vulnerabilities in your system.

===================================================

Recommended programs

SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html). SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

===================================================

Spybot - Search and Destroy’ – Re-enable TeaTimer and remember to scan your computer with the program on a regular basis as you would with your anti-virus software.

===================================================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

===================================================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker (http://www.filehippo.com/updatechecker/FHsetup.exe) is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

MVPS Hosts (http://winhelp2002.mvps.org/hosts.htm) file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

===================================================

I also recommend that you read the following:

How to prevent malware (http://miekiemoes.blogspot.com/2008/02/how-to-prevent-malware.html) by miekiemoes

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

yehonatans
2013-05-13, 21:43
thank you for your help.
While I may have been wrong about combofix, i couldnt open anything after i used it....
I would rather not using that again.
Again thank you very much

Satchfan
2013-05-13, 23:10
thank you for your help You are welcome.