Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: Cannot get rid of SelectionLinks Malware

  1. #1
    Junior Member
    Join Date
    May 2013
    Posts
    12

    Default Cannot get rid of SelectionLinks Malware

    Hi, i read this thread:
    http://malwaretips.com/blogs/remove-selectionlinks-ads/
    And did what it said, all my antivirus is up to date.
    My Spybot reported that it solved 2 out of 8 SelectionLinks problems and told me to restart to get rid of the rest, 2 restarts later, spybot still cannot find any problem.

    Anyway, I am hoping you can help me.

    Thank you.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
    Run by owner at 22:21:32 on 2013-05-07
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1037.18.4079.2301 [GMT 3:00]
    .
    AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    D:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\vsnp2std.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    D:\Program Files (x86)\steam\Steam.exe
    D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    D:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    D:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\CleanMem\Mini_Monitor.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    c:\program files (x86)\avira\antivir desktop\avscan.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\CCleaner\CCleaner64.exe
    D:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\explorer.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.il/
    uProxyOverride = 127.0.0.1:9421;*.local
    mWinlogon: Userinit = userinit.exe
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: SelectionLinks: {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} -
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    uRun: [Steam] "D:\Program Files (x86)\steam\steam.exe" -silent
    uRun: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [SpybotSD TeaTimer] D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - D:\Program Files\Logitech\SetPoint\SetPoint.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - <orphaned>
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
    TCP: NameServer = 10.0.0.138
    TCP: Interfaces\{3267CDE9-0AFF-4F78-9B40-998F67A56B08} : DHCPNameServer = 10.0.0.138
    TCP: Interfaces\{3267CDE9-0AFF-4F78-9B40-998F67A56B08}\A41636F62637 : DHCPNameServer = 10.0.0.138
    TCP: Interfaces\{3267CDE9-0AFF-4F78-9B40-998F67A56B08}\C6F6E67686F627E637 : DHCPNameServer = 10.0.0.138
    TCP: Interfaces\{89D6E89B-E882-4251-B8D4-830B933164DF} : DHCPNameServer = 10.0.0.138
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Notify: igfxcui - <no file>
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    x64-Run: [snp2std] C:\Windows\vsnp2std.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat"
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - <orphaned>
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\6w8cv86h.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - Privitize VPN
    FF - prefs.js: network.proxy.gopher -
    FF - prefs.js: network.proxy.gopher_port - 0
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Users\owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\owner\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npo1d.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
    FF - plugin: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
    FF - ExtSQL: 2013-04-28 12:42; {7AC261D0-B949-47CA-B9E8-477013A15A6E}; C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\6w8cv86h.default\extensions\{7AC261D0-B949-47CA-B9E8-477013A15A6E}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-10-27 21104]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
    R2 AcuWVSSchedulerv8;Acunetix WVS Scheduler v8;D:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe [2012-6-30 1009840]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-16 86752]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-16 110816]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 100712]
    R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-12-3 1847296]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-7 25928]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-27 412264]
    R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-1-11 34304]
    S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160]
    S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2011-10-5 729152]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-8 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-8 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-8 30208]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-05-07 18:57:19 -------- d-----w- C:\ProgramData\RegCure
    2013-05-07 18:29:52 -------- d-----w- C:\ProgramData\HitmanPro
    2013-05-07 18:28:44 -------- d-----w- C:\Users\owner\AppData\Roaming\Malwarebytes
    2013-05-07 18:28:31 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-05-07 18:28:30 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-05-07 18:28:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-07 12:04:43 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{628FFB0B-FDA3-497F-90D1-816378F2D1F2}\mpengine.dll
    2013-05-07 11:54:25 83160 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
    2013-04-26 09:47:01 -------- d-----w- C:\Users\owner\AppData\Roaming\LOVE
    2013-04-25 12:40:52 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-04-18 19:16:46 563488 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2013-04-18 19:01:42 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-04-10 16:49:58 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-04-10 16:49:56 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-04-10 16:49:56 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2013-04-10 16:49:55 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2013-04-10 16:49:55 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2013-04-10 16:49:55 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-04-10 16:49:55 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-04-10 16:49:55 112640 ----a-w- C:\Windows\System32\smss.exe
    .
    ==================== Find3M ====================
    .
    2013-05-01 23:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
    2013-04-19 02:46:06 6488352 ----a-w- C:\Windows\System32\nvcpl.dll
    2013-04-19 02:46:06 3511072 ----a-w- C:\Windows\System32\nvsvc64.dll
    2013-04-19 02:46:01 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
    2013-04-19 02:46:01 63776 ----a-w- C:\Windows\System32\nvshext.dll
    2013-04-19 02:46:01 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
    2013-04-19 02:46:01 237856 ----a-w- C:\Windows\System32\nvmctray.dll
    2013-04-17 17:30:28 3122645 ----a-w- C:\Windows\System32\nvcoproc.bin
    2013-04-05 13:34:57 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2013-04-05 13:34:49 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2013-04-05 13:34:49 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2013-04-05 13:33:00 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2013-03-30 19:29:25 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
    2013-03-30 19:29:25 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2013-03-15 11:28:44 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-03-15 11:28:44 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-03-15 05:53:06 1807136 ----a-w- C:\Windows\System32\nvdispco6431422.dll
    2013-03-15 05:53:06 1510176 ----a-w- C:\Windows\System32\nvdispgenco6431422.dll
    2013-03-14 11:43:34 1807136 ----a-w- C:\Windows\System32\nvdispco6431421.dll
    2013-03-14 11:43:34 1510176 ----a-w- C:\Windows\System32\nvdispgenco6431421.dll
    2013-02-25 05:27:52 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
    2013-02-25 05:27:45 194848 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
    2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-02-15 14:44:15 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
    2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    2013-02-10 03:25:27 1807136 ----a-w- C:\Windows\System32\nvdispco6420294.dll
    2013-02-10 03:25:27 1510176 ----a-w- C:\Windows\System32\nvdispgenco6420162.dll
    .
    ============= FINISH: 22:23:38.86 ===============
    Attached Files Attached Files
    Last edited by tashi; 2013-05-08 at 01:08. Reason: Copy pasted log into topic per forum FAQ

  2. #2
    Security Expert Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    259

    Default

    Hello yehonatans and welcome to the Safer Networking Forum.

    My name is Satchfan and I would be glad to help you with your computer problem.

    Please read the following guidelines which will help to make cleaning your machine easier:

    • please follow all instructions in the order posted
    • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
    • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
    • if you don't understand something, please don't hesitate to ask for clarification before proceeding
    • the fixes are specific to your problem and should only be used for this issue on this machine.
    • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

    IMPORTANT:

    Please DO NOT install/uninstall any programs unless asked to.
    Please DO NOT run any scans other than those requested

    I am looking at your logs now and will reply with instructions shortly.

    Satchfan

  3. #3
    Security Expert Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    259

    Default

    Hello again yehonatans

    A couple of things before we start cleaning your computer.

    P2P - I see you have P2P software, (uTorrent ), installed on your machine.

    We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

    It almost certainly contributed to your current situation.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

    Please see this topic for more information:

    Perils of P2P File Sharing.

    I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

    Should you decide to keep it, please don’t use it until we have finished up here.

    ===================================================

    Registry cleaners

    I see you are using a “Registry Cleaner”, RegCure. It's not a good idea to use registry cleaners/boosters.

    The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results". Unless you have a particular problem that requires a registry edit to correct it, (and you are expert in the registry), I would suggest you leave the registry alone.

    I strongly advise you to get rid of RegCure and any other cleaner/optimizer/booster/tuneup/tweak type utilities that you have on this or any other computer.

    One of the malware experts, miekiemoes, has an excellent write-up here
    Another excellent article by Bill Castner is located here

    ===================================================

    That said, let’s start cleaning up.

    Disable Spybot’s TeaTimer and Windows Defender

    Spybot’s TeaTimer and Windows Defender can sometimes prevent some things from being fixed.

    Please disable TeaTimer and Windows Defender for now: they can be re-activated once your log is clean.

    • open Spybot Search & Destroy
    • in the Mode menu click "Advanced mode" if not already selected
    • choose "Yes" at the Warning prompt
    • expand the "Tools" menu
    • click "Resident"
    • uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box
    • in the File menu click "Exit" to exit Spybot Search & Destroy.

    To disable Windows Defender:

    • open Windows Defender
    • click on Tools, General Settings
    • scroll down and uncheck Turn on real-time protection (recommended)
    • after you uncheck this, click on the Save button and close Windows Defender.

    ===================================================

    Run RogueKiller

    IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

    Close all running programs.


    Download one of these to your desktop:

    for a 32-bt system download this version.
    for 64-bit use this one
    .
    • close all running programs
    • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
    • when the pre-scan is finished, click on Scan
    • click on Report and copy/paste the content in your next post
    • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

    If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

    Please post the contents of the RKreport.txt in your next reply.

    Satchfan

  4. #4
    Junior Member
    Join Date
    May 2013
    Posts
    12

    Default

    Thank you for your help.
    What is word wrap?
    Attached Files Attached Files

  5. #5
    Security Expert Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    259

    Default

    Thanks for the log.

    What is word wrap?
    Word Wrap makes sure that the log is readable by setting it between defined margins and stopping each line becoming endlessly long.

    In your case it is already on and OK>

    Download and run OTL

    • download OTL to your desktop.
    • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • click Scan all users.
    • under Custom Scan paste this in

      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      services.exe
      /md5stop
      %systemroot%\*. /rp /s
      DRIVES
      CREATERESTOREPOINT
    • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
    • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • you may need two posts to fit them both in.

    ===================================================

    Run aswMBR

    • download aswMBR.exe to your desktop.
    • double click the aswMBR.exe to run it
    • if asked, accept the AVAST virus definition download
    • click the "Scan" button to start scan
    • on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet.

    Logs to include with next post:

    OTL.txt
    Extras.txt
    aswMBR log


    Please do not attach them: copy/paste them into the post.

    Thanks

    Satchfan

  6. #6
    Junior Member
    Join Date
    May 2013
    Posts
    12

    Default Extras+aswMBR

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-05-08 20:32:56
    -----------------------------
    20:32:56.943 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:32:56.943 Number of processors: 4 586 0x2A07
    20:32:56.944 ComputerName: YEHONATANST-PC UserName: owner
    20:32:58.253 Initialize success
    20:33:06.198 AVAST engine defs: 13050800
    20:33:14.117 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    20:33:14.118 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 3
    20:33:14.286 Disk 0 MBR read successfully
    20:33:14.287 Disk 0 MBR scan
    20:33:14.291 Disk 0 Windows 7 default MBR code
    20:33:14.297 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    20:33:14.310 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 102499 MB offset 206848
    20:33:14.332 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 374339 MB offset 210124800
    20:33:14.470 Disk 0 scanning C:\Windows\system32\drivers
    20:33:27.036 Service scanning
    20:33:46.794 Modules scanning
    20:33:46.795 Disk 0 trace - called modules:
    20:33:46.811 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    20:33:46.813 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800471f060]
    20:33:46.814 3 CLASSPNP.SYS[fffff880018d343f] -> nt!IofCallDriver -> [0xfffffa800411bd10]
    20:33:46.814 5 ACPI.sys[fffff88000f957a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80044b3060]
    20:33:47.953 AVAST engine scan C:\Windows
    20:33:52.462 AVAST engine scan C:\Windows\system32
    20:36:10.118 AVAST engine scan C:\Windows\system32\drivers
    20:36:19.522 AVAST engine scan C:\Users\owner
    20:51:58.882 AVAST engine scan C:\ProgramData
    20:59:15.076 Scan finished successfully
    21:09:26.829 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
    21:09:26.835 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"

    OTL Extras logfile created on: 5/8/2013 7:57:51 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16540)
    Locale: 00000409 | Country: ארצות הברית | Language: ENU | Date Format: M/d/yyyy

    3.98 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.76% Memory free
    7.97 Gb Paging File | 4.97 Gb Available in Paging File | 62.46% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 100.10 Gb Total Space | 26.70 Gb Free Space | 26.68% Space Free | Partition Type: NTFS
    Drive D: | 365.57 Gb Total Space | 175.91 Gb Free Space | 48.12% Space Free | Partition Type: NTFS
    Drive E: | 4.99 Gb Total Space | 1.01 Gb Free Space | 20.31% Space Free | Partition Type: FAT32

    Computer Name: YEHONATANST-PC | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Cheat-Defender\Cheat-Defender.exe" = C:\Program Files (x86)\Cheat-Defender\Cheat-Defender.exe:*:Enabled:Cheat-Defender: Anti-Cheat
    "C:\Program Files (x86)\Cheat-Defender\Cheat-Defender.exe" = C:\Program Files (x86)\Cheat-Defender\Cheat-Defender.exe:*:Enabled:Cheat-Defender: Anti-Cheat


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{094B3983-AC0B-42E1-A31A-B7E1E921A032}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{0AFE94AE-9D1E-426B-9A24-2D86B6ED5BBB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{3CC687C4-A14D-4C6A-A382-121E879718F9}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{3D72FCB8-0793-495E-B588-F57555727FA6}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{3F973B6E-991E-47EC-969E-02CD41376E94}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{471AA7C2-71E1-443D-A739-47F7FA36BD9A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4E3DD34E-1BB2-4F02-87AD-37EF4AB3956A}" = lport=137 | protocol=17 | dir=in | app=system |
    "{612ABE99-6C53-43A2-A29D-892409CB97D2}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{6C456652-16C8-4245-B8C0-AAEFF238583D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{806274A0-B2CB-4881-B544-169B4389ED27}" = lport=139 | protocol=6 | dir=in | app=system |
    "{81058533-343B-42E3-8B9F-6C2A175FB0A2}" = rport=137 | protocol=17 | dir=out | app=system |
    "{811D633B-0DF8-4535-AF42-9BD456751E8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{87F5C463-EB55-420D-9EFE-699C3AB51BD8}" = lport=138 | protocol=17 | dir=in | app=system |
    "{9CDE8DB2-BEB1-44BE-AD94-A0D191968B1C}" = lport=445 | protocol=6 | dir=in | app=system |
    "{A19EF0E5-91E6-4615-9429-2BE55C25F6BB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{A33B52B3-BE06-4220-B312-269B2F039963}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{AABFA6A2-8BCD-486C-B6A1-87FC35B46BEF}" = rport=138 | protocol=17 | dir=out | app=system |
    "{B2F19675-6603-4212-88B6-0052C8D0C38D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C4CEB7D8-313F-4DB3-B47F-CA271B24CEF8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{D2BC5B9F-4FCA-4730-840E-EE5A9C7F7CA1}" = rport=445 | protocol=6 | dir=out | app=system |
    "{EF133D65-CE1F-412A-B1F4-B6BC835E0B99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{EFEAFA21-4C82-4014-975E-A7B5AD2625F9}" = rport=139 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00CBBEA6-F284-4BAB-97BB-36558B758DE1}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
    "{0212F790-C4DE-49BD-A6B7-D82C6BCC7587}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{07EF7189-2189-4472-A646-F3B7EE2BDDA0}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
    "{09BFBF0C-C07E-40D3-9569-39127BD8DBEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{0B98A312-7D45-4757-BCBC-80504E1C33A3}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
    "{0EBD603A-45C5-4B6C-8B24-416B3CB19E02}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{10AA3080-2FEE-4588-AAB5-45AE09561BEC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1F04DCC3-3CE4-42BA-A3FF-AF6015C7B5E7}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
    "{21C01E42-C729-42FE-874D-9C5FFB53CC3D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{21F56922-AF5D-494E-B499-1B8F3C7C887A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{24116037-9281-428D-A995-DE4D35AF373B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
    "{253B2344-7F92-4B3B-94AD-D002B5EEDB5C}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{26EDA201-C302-43D6-BE0A-28C5D0BAF75F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{277BF56B-3295-471A-BCEE-486BD540174B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{2C44A955-62F0-45B7-BFA3-817BA4BAF076}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2EC55810-F2CE-460D-8C1B-96459E09906E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
    "{335103F2-813F-4D6A-9F79-CE471E22B144}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{37E05528-C36B-414A-B953-89B9A46FCFC5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{37F1F95E-6458-4923-BCBB-9BD51D8027B6}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\war of the roses\run_game.exe |
    "{3DE0047D-0241-4146-A929-A8615AB0A9F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3DF5B150-D092-4FCA-831A-4A5263379CD4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{45387353-B15C-48D3-B166-1F9C3F8F563D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4A195E93-C32E-4883-80F7-04982A3A535B}" = dir=in | app=c:\users\owner\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{4AF040B3-342E-4787-8AA7-528EB5D386F8}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\firaxis games\sid meier's civilization 4\civilization4.exe |
    "{4B2E0974-1956-4320-968A-A0410968C16B}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
    "{4CD80FE7-61EE-4DA1-90DB-F7C9ED932068}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
    "{4EB7E903-F094-4779-8C61-34B505ABD452}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{4EBB3164-97E2-471F-9CAF-FB33CB6B1070}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\power of two test app\start.exe |
    "{503C5D9C-84CB-4545-A611-006078BE0846}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{51A7014E-F9F1-472C-B355-C6CFE9DC358E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{539DD6F4-D5FC-4E73-AB8C-5509E01D9B25}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{55701726-936A-4A4A-866A-DBF6BC160633}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{631975F9-615B-4D3F-8DEC-2D7886F91508}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
    "{64D542DD-C2C3-4AD6-8C79-DCCA9B618F3E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{65AF1C55-3EC2-417E-A0D9-257FA3D44A62}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
    "{6C05FD18-BB91-446F-97DF-2D210744E3C1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
    "{6D90CC97-59AF-4996-A399-C49A3F91B78E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
    "{711618FF-650E-4378-9303-EF25620BFD92}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{74293AC4-5D2F-4083-BB36-174FA191328D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
    "{74B0BFAA-3A38-4021-9216-EF1BA1456A18}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
    "{75DB080C-70CE-4F38-8CFD-0494EF064567}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
    "{79D7B217-5236-4C0E-B397-D435BB8A4C47}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
    "{7D182833-8CF3-4424-9CD5-2CA97ADBD961}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
    "{7DB4DCA1-D53F-4EFE-8234-54D67D0A8B0C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{7EB9E28C-B390-49D6-86F9-937003C176E5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
    "{83E59150-101F-4C58-8EFE-FB9D953CCD5D}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\firaxis games\sid meier's civilization 4\civilization4.exe |
    "{8495B17E-FF2D-46FA-8323-02D6BAE29203}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
    "{84B7B376-B641-47E8-8FEA-026D6366BFA9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
    "{8B71F08F-7D32-49B6-9E02-864981D1A130}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\power of two test app\start.exe |
    "{8DA0CE55-B86C-4560-B970-943C0ABEA29C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
    "{92D09F94-72CD-4570-B8F0-64E071EE3B14}" = protocol=17 | dir=in | app=d:\origin games\battlefield 3\bf3.exe |
    "{953F4703-6139-4A07-A912-21C8BEF63BD2}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
    "{95C7176B-ACCE-4ED1-8163-2FC10DE4DB7D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{9608E8EE-77DA-4BE4-BD64-CDEE2E196F14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{98100A95-EA3E-4AB0-9380-ABAC2FABBF37}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
    "{9D5D45A0-32A0-42FC-BE93-E1B9335F5403}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
    "{9F2B766E-CD82-47B5-84C8-99AF8EEF27FF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{A9D78906-F3AA-4A6A-BFDA-28753E71A6F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AD694EF6-828D-4FA3-9EF7-31AEFE9AE865}" = protocol=6 | dir=out | app=system |
    "{B49BA2D0-0757-4460-A912-E9E6D6F78B82}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
    "{BA9FF125-F1AB-4614-8F2C-2425E4A9EB08}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BECE41B0-310F-4761-AC77-E7DAC98BA978}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{C3C61AB8-68B7-4910-9201-E23A70F9492D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
    "{C459B455-DB22-48B6-8157-785182B32E67}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe |
    "{C7D62F17-BB57-40B5-BC4E-5ED4C717E0F7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
    "{CBE424D1-F742-48C4-A672-094F450836FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CD60342B-74C9-4A64-A1F3-C9908C431FC6}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
    "{CD9AC28C-FD10-4D72-A081-A2DAD2964BF8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{CF28FE0E-53C2-4745-962B-BE65DCB0951B}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
    "{D9977842-BD50-4247-B33D-40C480152D2F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{E1A514E8-8768-40FB-A2FF-84F868E572A6}" = protocol=6 | dir=in | app=d:\origin games\battlefield 3\bf3.exe |
    "{E57BA0BC-D372-405F-B1C1-0B5479EEE900}" = dir=in | app=c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe |
    "{E7F2BFA0-6F15-4AC8-B5E2-E7BCDBD0E9FD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{EC87F043-0534-4D08-99BD-5577B5B13950}" = dir=in | app=d:\program files (x86)\microsoft games\microsoft flight\flight.exe |
    "{F477B0B3-1488-4227-8101-4C2D03D332B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F573ECA7-01F7-469F-9095-C609EDAECE55}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
    "{F83DAE9A-5A9E-4B07-90F1-30E741A0059F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\war of the roses\run_game.exe |
    "TCP Query User{2687DB61-3837-4CC2-A1D8-DD64DE4F857D}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
    "TCP Query User{329BB28A-D51D-4513-873C-C2FB26065029}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
    "TCP Query User{390B7210-6374-4F25-A503-EF2717112607}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "TCP Query User{48B45DDA-308F-47AB-B70F-8A38FD862B64}D:\program files\muzzy lane software\making history gold\bin\makehist.exe" = protocol=6 | dir=in | app=d:\program files\muzzy lane software\making history gold\bin\makehist.exe |
    "TCP Query User{7E05C4E9-C369-4F77-B8A4-865C7F0F6063}D:\program files (x86)\condition zero\hl.exe" = protocol=6 | dir=in | app=d:\program files (x86)\condition zero\hl.exe |
    "TCP Query User{7E933383-96AB-440E-B963-689AF00D2EF6}D:\darkcomet\darkcomet.exe" = protocol=6 | dir=in | app=d:\darkcomet\darkcomet.exe |
    "TCP Query User{86D4DC1F-E654-4A55-B47E-21B70FC0E65F}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "TCP Query User{97B78B60-DC09-4684-ADF4-7ADD06979D82}D:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=d:\program files (x86)\bitcoin\bitcoin-qt.exe |
    "TCP Query User{9B8A9784-BCFB-4144-B3C4-0635A3751102}C:\program files (x86)\bitcoin\bitcoin.exe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin.exe.exe |
    "TCP Query User{A9CC8B6D-00B9-4D7F-B7FA-3D38F3A38026}D:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=d:\program files (x86)\bitcoin\bitcoin-qt.exe |
    "TCP Query User{B7CB6436-2D62-4647-B484-36BFD5720EA3}C:\users\owner\downloads\nw.1.20130225d.1.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\nw.1.20130225d.1.exe |
    "TCP Query User{C54A7EBC-9A26-45C7-916E-7505C65F4FD6}C:\users\owner\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe |
    "TCP Query User{C7CBC2C0-DD4D-41C7-B521-C68081E183A6}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{C8BADBD3-D36A-4A33-B148-05ACC47407DC}C:\users\owner\downloads\mining_proxy_1.2.0.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\mining_proxy_1.2.0.exe |
    "TCP Query User{D61EA8EC-B8AA-4968-B611-C12D6D860359}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "TCP Query User{E91F5DD4-B3CD-41A6-862D-C24AEBBC7410}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "TCP Query User{EB3AA562-06F0-4891-8B94-6754B76803FF}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{ECCC578B-662C-4D46-892B-43C7730EEBE7}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
    "UDP Query User{00528B85-6CAF-4241-A82E-CDCB52F47B4F}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
    "UDP Query User{02CF9E43-7D23-4F15-B24E-F428124F0A56}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{0526D660-4DA7-4956-AC00-A2733F92535B}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{08A95BA4-5A37-426C-8174-396660445F3C}C:\program files (x86)\bitcoin\bitcoin.exe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin.exe.exe |
    "UDP Query User{0932C9D9-01D2-4575-AA63-4EA42E96A141}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{15839CA2-538E-4B47-862F-C2037110246C}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{2CFD309A-6598-4C88-8770-B6BE8C59F416}D:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=d:\program files (x86)\bitcoin\bitcoin-qt.exe |
    "UDP Query User{3F639829-BE25-4369-A5B5-88B3DA26CB83}D:\program files\muzzy lane software\making history gold\bin\makehist.exe" = protocol=17 | dir=in | app=d:\program files\muzzy lane software\making history gold\bin\makehist.exe |
    "UDP Query User{6DAA5AFE-A9E7-4ACE-B03D-1EA085296F0F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "UDP Query User{721AD087-E3B2-49A7-95ED-CA82C977956B}C:\users\owner\downloads\mining_proxy_1.2.0.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\mining_proxy_1.2.0.exe |
    "UDP Query User{76D20B8A-F2C6-4B39-A968-8884564EA529}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
    "UDP Query User{7E0D4F7A-BAD3-49C7-AB3E-04701173DBAA}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "UDP Query User{8B0C071B-3A36-4221-A7A2-803FAD6932F1}D:\program files (x86)\condition zero\hl.exe" = protocol=17 | dir=in | app=d:\program files (x86)\condition zero\hl.exe |
    "UDP Query User{AF9CC29D-2FCB-4BAF-838C-E2084D8025A4}D:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=d:\program files (x86)\bitcoin\bitcoin-qt.exe |
    "UDP Query User{CFB1242C-4F8F-4A3E-98E7-479A2506E7B7}D:\darkcomet\darkcomet.exe" = protocol=17 | dir=in | app=d:\darkcomet\darkcomet.exe |
    "UDP Query User{EB8A52AB-52BC-409B-A6B4-6B01BA331C2F}C:\users\owner\downloads\nw.1.20130225d.1.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\nw.1.20130225d.1.exe |
    "UDP Query User{F3DF052E-DB7A-40FD-AF26-109BE2AC28E8}C:\users\owner\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe |
    "UDP Query User{FDC43C8A-9D54-4100-B939-F92AA9FDD303}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
    "{1AB648D7-5FDE-321E-825A-4FE93A0890F5}" = Microsoft .NET Framework 4 Extended HEB Language Pack
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA מנהל ההתקן עבור ‎3D Vision 320.00
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = לוח הבקרה של NVIDIA 320.00
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA מנהל התקן עבור נתונים גרפיים 320.00
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.1
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA מנהל ההתקן של בקר ‎3D Vision 320.00
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA תכנת PhysX מערכת 9.12.1031
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = עדכוני NVIDIA 3.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA מנהל ההתקן עבור שמע בתקן HD 1.3.24.2
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{CB457D7C-D242-31CB-83C7-DDCF16418360}" = Microsoft .NET Framework 4 Client Profile HEB Language Pack
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
    "CCleaner" = CCleaner
    "Defraggler" = Defraggler
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile HEB Language Pack" = Microsoft .NET Framework 4 Client Profile HEB Language Pack
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft .NET Framework 4 Extended HEB Language Pack" = Microsoft .NET Framework 4 Extended HEB Language Pack
    "Recuva" = Recuva
    "Speccy" = Speccy
    "WinRAR archiver" = WinRAR 4.01 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{1A01191E-7750-4D43-AA86-64DDDA437070}" = Responsa CD18
    "{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
    "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
    "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
    "{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
    "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
    "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4D5308D2-DC8E-4658-A37C-351000048100}" = Microsoft Flight
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
    "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
    "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{CB92C58B-7BDF-48E3-92E3-51768DCCA585}_is1" = EVGA OC Scanner X 2.1.2
    "{DBD76811-6CF0-4A15-9436-B779C3A36929}_is1" = Acunetix Web Vulnerability Scanner 8.0
    "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{E7A8BC75-50A9-32F2-8DFB-C499D21881B7}" = Google Talk Plugin
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 9.22beta
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "BSPlayerf" = BS.Player FREE
    "Cheat Engine 6.1_is1" = Cheat Engine 6.1
    "CleanMem" = CleanMem
    "Condition Zero" = Condition Zero
    "DarkComet RAT Remover_is1" = DarkComet RAT Remover version 1.0
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "ESN Sonar-0.70.4" = ESN Sonar
    "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.21.1212
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
    "FreeFileViewer_is1" = Free File Viewer 2012
    "GFWL_{4D5308D2-DC8E-4658-A37C-351000048100}" = Microsoft Flight
    "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "MakingHistoryGold" = Making History Gold
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NetsparkerCommunityEdition" = Netsparker [Community Edition] - Web Application Security Scanner
    "NoIPDUC" = No-IP DUC
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Origin" = Origin
    "Picasa 3" = Picasa 3
    "Simple Port Forwarding" = Simple Port Forwarding
    "Steam App 10500" = Empire: Total War
    "Steam App 229690" = Gauntlet Quest
    "Steam App 400" = Portal
    "Steam App 42160" = War of the Roses
    "Steam App 42680" = Call of Duty: Modern Warfare 3
    "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
    "Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
    "Steam App 43110" = Metro 2033
    "Steam App 440" = Team Fortress 2
    "Steam App 570" = Dota 2
    "Steam App 57690" = Tropico 4
    "Steam App 620" = Portal 2
    "TeamViewer 8" = TeamViewer 8
    "TrueCrypt" = TrueCrypt
    "Trusted Software Assistant_is1" = File Type Assistant
    "Uplink" = Uplink (remove only)
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.0
    "webmmf" = WebM Media Foundation Components

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
    "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
    "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
    "Akamai" = Akamai NetSession Interface
    "Bitcoin" = Bitcoin
    "Google Chrome" = Google Chrome
    "SOE-C:/Users/owner/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 5/7/2013 2:22:16 PM | Computer Name = Yehonatanst-pc | Source = WinMgmt | ID = 10
    Description =

    Error - 5/7/2013 3:04:34 PM | Computer Name = Yehonatanst-pc | Source = VSS | ID = 12310
    Description =

    Error - 5/7/2013 3:04:34 PM | Computer Name = Yehonatanst-pc | Source = VSS | ID = 12298
    Description =

    Error - 5/7/2013 3:32:03 PM | Computer Name = Yehonatanst-pc | Source = Application Hang | ID = 1002
    Description = ????????? avscan.exe ?????? 13.6.0.1262 ?????? ????? ?????????? ??
    Windows ??????. ??? ????? ?? ?? ???? ???? ???? ????? ?????, ???? ?? ????????? ?????
    ???? ????? ?? ???? ???????. ???? ?????: 1274 ??? ?????: 01ce4b52a0b86ca6 ??? ????:
    60000 ???? ?????: c:\program files (x86)\avira\antivir desktop\avscan.exe ???? ???:
    9c051129-b74c-11e2-bfa6-50e54927f33f

    Error - 5/7/2013 3:52:22 PM | Computer Name = Yehonatanst-pc | Source = WinMgmt | ID = 10
    Description =

    Error - 5/7/2013 4:26:01 PM | Computer Name = Yehonatanst-pc | Source = SideBySide | ID = 16842815
    Description = ??????? ???? ????? ????? ???? ''d:\program files (x86)\spybot - search
    & destroy\DelZip179.dll''. ????? ????? ??????? ?? ???????? ''d:\program files (x86)\spybot
    - search & destroy\DelZip179.dll'' ????? 8. ???? ''*'' ?? ?????? ''language'' ?????
    ''assemblyIdentity'' ???? ????.

    Error - 5/7/2013 4:52:22 PM | Computer Name = Yehonatanst-pc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 5/7/2013 4:52:22 PM | Computer Name = Yehonatanst-pc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 15584

    Error - 5/7/2013 4:52:22 PM | Computer Name = Yehonatanst-pc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 15584

    Error - 5/8/2013 11:06:15 AM | Computer Name = Yehonatanst-pc | Source = Application Hang | ID = 1002
    Description = ????????? avconfig.exe ?????? 13.6.0.1246 ?????? ????? ??????????
    ?? Windows ??????. ??? ????? ?? ?? ???? ???? ???? ????? ?????, ???? ?? ?????????
    ????? ???? ????? ?? ???? ???????. ???? ?????: ca0 ??? ?????: 01ce4bfd570ef106 ???
    ????: 60000 ???? ?????: C:\program files (x86)\avira\antivir desktop\avconfig.exe

    ????
    ???: a86a8882-b7f0-11e2-a1c8-50e54927f33f

    [ System Events ]
    Error - 5/4/2013 1:11:36 PM | Computer Name = Yehonatanst-pc | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description = ??????? ????? ????? ?????? ?? WLAN ?????. ???? ?????: C:\Windows\system32\athExt.dll
    ???
    ?????: 126

    Error - 5/4/2013 1:13:21 PM | Computer Name = Yehonatanst-pc | Source = Service Control Manager | ID = 7009
    Description = ???????? ????? ???? ??? ???? (30000 ?????? ????) ????? ????? ??????
    ?? ????? Steam Client Service.

    Error - 5/4/2013 1:13:21 PM | Computer Name = Yehonatanst-pc | Source = Service Control Manager | ID = 7000
    Description = ??????? ?????? Steam Client Service ????? ??? ?????? ????: %%1053

    Error - 5/4/2013 4:36:53 PM | Computer Name = Yehonatanst-pc | Source = volsnap | ID = 393252
    Description = ??????? ??? ?? ????? ?????? C: ????? ???? ?????? ???? ?????? ?? ?????
    ??? ?? ?????? ??? ????? ?????? ??-??? ??????.

    Error - 5/5/2013 2:23:05 AM | Computer Name = Yehonatanst-pc | Source = Service Control Manager | ID = 7011
    Description = ???????? ????? ???? ??? ???? (30000 ?????? ????) ????? ????? ??????
    ???????? ?????? Netman.

    Error - 5/7/2013 1:25:15 PM | Computer Name = Yehonatanst-pc | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description = ??????? ????? ????? ?????? ?? WLAN ?????. ???? ?????: C:\Windows\system32\athExt.dll
    ???
    ?????: 126

    Error - 5/7/2013 2:21:49 PM | Computer Name = Yehonatanst-pc | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description = ??????? ????? ????? ?????? ?? WLAN ?????. ???? ?????: C:\Windows\system32\athExt.dll
    ???
    ?????: 126

    Error - 5/7/2013 2:24:21 PM | Computer Name = Yehonatanst-pc | Source = WMPNetworkSvc | ID = 866300
    Description =

    Error - 5/7/2013 3:50:49 PM | Computer Name = Yehonatanst-pc | Source = DCOM | ID = 10010
    Description =

    Error - 5/7/2013 3:51:57 PM | Computer Name = Yehonatanst-pc | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description = ??????? ????? ????? ?????? ?? WLAN ?????. ???? ?????: C:\Windows\system32\athExt.dll
    ???
    ?????: 126


    < End of report >

  7. #7
    Junior Member
    Join Date
    May 2013
    Posts
    12

    Default Otl part 1

    OTL logfile created on: 5/8/2013 7:57:51 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16540)
    Locale: 00000409 | Country: ארצות הברית | Language: ENU | Date Format: M/d/yyyy

    3.98 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.76% Memory free
    7.97 Gb Paging File | 4.97 Gb Available in Paging File | 62.46% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 100.10 Gb Total Space | 26.70 Gb Free Space | 26.68% Space Free | Partition Type: NTFS
    Drive D: | 365.57 Gb Total Space | 175.91 Gb Free Space | 48.12% Space Free | Partition Type: NTFS
    Drive E: | 4.99 Gb Total Space | 1.01 Gb Free Space | 20.31% Space Free | Partition Type: FAT32

    Computer Name: YEHONATANST-PC | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/05/08 19:57:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
    PRC - [2013/05/07 14:53:26 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2013/05/04 02:35:30 | 001,635,752 | ---- | M] (Valve Corporation) -- D:\Program Files (x86)\steam\Steam.exe
    PRC - [2013/05/04 02:35:30 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2013/04/23 10:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    PRC - [2013/04/22 17:52:56 | 000,079,384 | ---- | M] (Google) -- C:\Users\owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    PRC - [2013/04/18 22:15:42 | 000,412,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2013/04/16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    PRC - [2013/04/05 16:34:57 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2013/03/30 22:29:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2013/03/30 22:28:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2013/03/24 11:46:23 | 000,976,672 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    PRC - [2013/03/24 11:41:08 | 001,927,968 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2013/03/24 11:40:57 | 001,074,976 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
    PRC - [2013/02/15 17:44:15 | 001,516,496 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
    PRC - [2013/02/14 04:01:17 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    PRC - [2012/12/18 17:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/06/13 16:16:04 | 001,009,840 | ---- | M] () -- D:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe
    PRC - [2010/11/21 06:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    PRC - [2010/10/05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/10/05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2007/01/30 02:08:40 | 000,077,824 | ---- | M] () -- D:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    PRC - [2006/09/15 14:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe
    PRC - [2005/07/16 00:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/05/08 18:04:08 | 001,175,040 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\wx._core_.pyd
    MOD - [2013/05/08 18:04:08 | 001,153,024 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\_ssl.pyd
    MOD - [2013/05/08 18:04:08 | 001,062,400 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\wx._controls_.pyd
    MOD - [2013/05/08 18:04:08 | 001,022,416 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\windows._cacheinvalidation.pyd
    MOD - [2013/05/08 18:04:08 | 000,811,008 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\wx._windows_.pyd
    MOD - [2013/05/08 18:04:08 | 000,805,888 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\wx._gdi_.pyd
    MOD - [2013/05/08 18:04:08 | 000,735,232 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\wx._misc_.pyd
    MOD - [2013/05/08 18:04:08 | 000,711,680 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\_hashlib.pyd
    MOD - [2013/05/08 18:04:08 | 000,686,080 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\unicodedata.pyd
    MOD - [2013/05/08 18:04:08 | 000,557,056 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\pysqlite2._sqlite.pyd
    MOD - [2013/05/08 18:04:08 | 000,364,544 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\pythoncom27.dll
    MOD - [2013/05/08 18:04:08 | 000,320,512 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32com.shell.shell.pyd
    MOD - [2013/05/08 18:04:08 | 000,128,512 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\_elementtree.pyd
    MOD - [2013/05/08 18:04:08 | 000,127,488 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\pyexpat.pyd
    MOD - [2013/05/08 18:04:08 | 000,122,368 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\wx._wizard.pyd
    MOD - [2013/05/08 18:04:08 | 000,119,808 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32file.pyd
    MOD - [2013/05/08 18:04:08 | 000,110,080 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\pywintypes27.dll
    MOD - [2013/05/08 18:04:08 | 000,108,544 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32security.pyd
    MOD - [2013/05/08 18:04:08 | 000,098,816 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32api.pyd
    MOD - [2013/05/08 18:04:08 | 000,087,040 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\_ctypes.pyd
    MOD - [2013/05/08 18:04:08 | 000,070,656 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\wx._html2.pyd
    MOD - [2013/05/08 18:04:08 | 000,044,032 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\_socket.pyd
    MOD - [2013/05/08 18:04:08 | 000,038,912 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32inet.pyd
    MOD - [2013/05/08 18:04:08 | 000,035,840 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32process.pyd
    MOD - [2013/05/08 18:04:08 | 000,026,624 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\_multiprocessing.pyd
    MOD - [2013/05/08 18:04:08 | 000,025,600 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32pdh.pyd
    MOD - [2013/05/08 18:04:08 | 000,022,528 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32ts.pyd
    MOD - [2013/05/08 18:04:08 | 000,018,432 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32event.pyd
    MOD - [2013/05/08 18:04:08 | 000,017,408 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32profile.pyd
    MOD - [2013/05/08 18:04:08 | 000,011,264 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\win32crypt.pyd
    MOD - [2013/05/08 18:04:08 | 000,010,240 | ---- | M] () -- C:\Users\owner\AppData\Local\Temp\_MEI42122\select.pyd
    MOD - [2013/05/04 02:35:30 | 001,114,536 | ---- | M] () -- D:\Program Files (x86)\steam\bin\chromehtml.dll
    MOD - [2013/04/24 05:30:08 | 000,652,800 | ---- | M] () -- D:\Program Files (x86)\steam\SDL2.dll
    MOD - [2013/04/09 11:57:07 | 000,390,096 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
    MOD - [2013/04/09 11:57:06 | 013,130,704 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
    MOD - [2013/04/09 11:57:05 | 004,050,896 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
    MOD - [2013/04/09 11:56:15 | 000,598,480 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
    MOD - [2013/04/09 11:56:14 | 000,124,368 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
    MOD - [2013/04/09 11:56:13 | 001,606,096 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
    MOD - [2013/03/27 03:16:40 | 020,341,672 | ---- | M] () -- D:\Program Files (x86)\steam\bin\libcef.dll
    MOD - [2012/12/11 20:51:10 | 001,100,800 | ---- | M] () -- D:\Program Files (x86)\steam\bin\avcodec-53.dll
    MOD - [2012/12/11 20:51:10 | 000,192,000 | ---- | M] () -- D:\Program Files (x86)\steam\bin\avformat-53.dll
    MOD - [2012/12/11 20:51:10 | 000,124,416 | ---- | M] () -- D:\Program Files (x86)\steam\bin\avutil-51.dll
    MOD - [2012/12/04 19:02:33 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
    MOD - [2007/01/30 02:08:40 | 000,077,824 | ---- | M] () -- D:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
    SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/05/04 02:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2013/04/23 10:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
    SRV - [2013/04/18 22:15:42 | 000,412,960 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2013/04/05 16:34:57 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013/03/30 22:29:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2013/03/30 22:28:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2013/03/24 11:41:08 | 001,927,968 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/12/18 17:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/04 19:02:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/11/29 11:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/10 03:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2012/06/13 16:16:04 | 001,009,840 | ---- | M] () [Auto | Running] -- D:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe -- (AcuWVSSchedulerv8)
    SRV - [2010/10/05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/10/05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2013/03/30 22:29:25 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2013/03/30 22:29:25 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2013/03/30 22:29:25 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
    DRV:64bit: - [2013/02/25 08:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2013/02/15 17:44:15 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
    DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/10/10 03:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2012/08/23 17:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 17:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 17:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/03/01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/22 13:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
    DRV:64bit: - [2012/01/11 09:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
    DRV:64bit: - [2011/10/05 10:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
    DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/10 19:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
    DRV:64bit: - [2010/12/24 10:32:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/11/21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/01/05 20:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
    DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 03:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2007/01/23 15:48:00 | 000,136,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
    DRV:64bit: - [2007/01/23 15:47:00 | 000,112,400 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
    DRV:64bit: - [2007/01/23 15:47:00 | 000,035,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
    DRV:64bit: - [2006/11/08 15:58:30 | 012,296,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD)
    DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2006/11/08 15:57:50 | 012,006,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?rd=1&ucc=IL&dcc=IL&opt=0&ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 50 06 02 2D B1 CD 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{77453DE9-748C-4165-AE42-941B70D4840E}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
    IE - HKCU\..\SearchScopes\{7AF8ED95-13ED-498a-88AF-E8AEF88A364F}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
    IE - HKCU\..\SearchScopes\{AAFDF7C2-4043-4118-BA5A-3E879506BE40}: "URL" = http://isearch.avg.com/search?cid={43F39CBB-458C-4555-9809-00AE1B0AC486}&mid=fe25f96646f647d19b6081ac0fc31acc-599363268f4c5dfb44aa55eea572ac49793f7bca&lang=en&ds=AVG&pr=fr&d=2012-05-13 16:19:48&v=11.0.0.9&sap=dsp&q={searchTerms}
    IE - HKCU\..\SearchScopes\{F9DE3B5C-D14A-45f2-90F5-9641C660CA0B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
    FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
    FF - prefs.js..browser.search.defaultenginename,S: S", ""
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.order.1: "Privitize VPN"
    FF - prefs.js..browser.search.order.1,S: S", ""
    FF - prefs.js..browser.search.selectedEngine: "Privitize VPN"
    FF - prefs.js..browser.search.selectedEngine,S: S", ""
    FF - prefs.js..extensions.enabledAddons: demautoscout%40ud-malton.info:1.25.2
    FF - prefs.js..extensions.enabledAddons: %7B24cea704-946d-11da-a72b-0800200c9a66%7D:1.5.1
    FF - prefs.js..extensions.enabledAddons: proxytool%40proxylist.co:1.19
    FF - prefs.js..extensions.enabledAddons: client%40anonymox.net:1.0.1
    FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
    FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.3
    FF - prefs.js..extensions.enabledAddons: %7B7AC261D0-B949-47CA-B9E8-477013A15A6E%7D:1.5
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
    FF - prefs.js..extensions.enabledItems: demautoscout@ud-malton.info:1.25.2
    FF - prefs.js..extensions.enabledItems: {24cea704-946d-11da-a72b-0800200c9a66}:1.5.1
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
    FF - prefs.js..network.proxy.gopher: ""
    FF - prefs.js..network.proxy.gopher_port: 0
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\owner\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\owner\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2013/03/28 00:32:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/12/10 10:37:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
    [2013/05/07 21:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\6w8cv86h.default\extensions
    [2012/12/10 10:38:00 | 000,000,000 | ---D | M] (Panic Button) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\6w8cv86h.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}
    [2013/04/28 12:42:13 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\6w8cv86h.default\extensions\{7AC261D0-B949-47CA-B9E8-477013A15A6E}
    [2012/12/10 10:38:00 | 000,000,000 | ---D | M] ("DEM AutoScout") -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\6w8cv86h.default\extensions\demautoscout@ud-malton.info
    [2013/05/07 21:18:51 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\6w8cv86h.default\extensions\firefox@ghostery.com
    [2013/01/30 23:06:15 | 000,363,736 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\6w8cv86h.default\extensions\client@anonymox.net.xpi
    [2012/12/22 23:14:53 | 000,153,941 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\6w8cv86h.default\extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi
    [2012/12/22 23:33:06 | 000,690,228 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\6w8cv86h.default\extensions\proxytool@proxylist.co.xpi
    [2013/03/27 23:45:02 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\6w8cv86h.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/ig
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
    CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.80.2_0\npBP4FUpdater.dll
    CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\npqscan.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
    CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - Extension: Media Hint = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja\0.1.12_0\
    CHR - Extension: Google Drive = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: Bitcoin Ticker = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkjcngcenokaadmhbmcokmkanjibmmje\0.3.2_0\
    CHR - Extension: AdBlock = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
    CHR - Extension: Cryptocat = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gonbigodpnfghidmnphnadhepmbabhij\2.0.41_0\
    CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
    CHR - Extension: Social Fixer for Facebook = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\7.501_0\
    CHR - Extension: Social Fixer = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm\7.501_0\
    CHR - Extension: Country Flags = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\keifkkbjefbkgedeolmccljagcmphldp\1.3_0\
    CHR - Extension: Psykopaint = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
    CHR - Extension: Psykopaint = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak

    O1 HOSTS File: ([2012/11/30 12:20:32 | 000,444,933 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.123fporn.info
    O1 - Hosts: 15280 more lines...
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
    O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\steam\steam.exe (Valve Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
    O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKLM\..Trusted Domains: mhpractice.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mhpractice.com ([]https in Trusted sites)
    O15 - HKLM\..Trusted Domains: muzzylane.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: muzzylane.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.21.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.21.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3267CDE9-0AFF-4F78-9B40-998F67A56B08}: DhcpNameServer = 10.0.0.138
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89D6E89B-E882-4251-B8D4-830B933164DF}: DhcpNameServer = 10.0.0.138
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{d5602d3a-8755-11e2-8ab9-50e54927f33f}\Shell - "" = AutoRun
    O33 - MountPoints2\{d5602d3a-8755-11e2-8ab9-50e54927f33f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{feaba400-0092-11e1-b780-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{feaba400-0092-11e1-b780-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/05/08 18:16:35 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\RK_Quarantine
    [2013/05/07 21:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2013/05/07 21:28:44 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
    [2013/05/07 21:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/05/07 21:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/05/07 21:28:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/05/07 21:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/05/07 14:54:25 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
    [2013/05/03 17:14:13 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\userstmp
    [2013/05/03 17:14:13 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\usersold
    [2013/05/03 17:14:13 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\users
    [2013/05/01 14:55:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013/04/30 19:24:58 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Computer Stuff
    [2013/04/30 19:24:19 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Hacking
    [2013/04/30 19:23:24 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Games
    [2013/04/30 19:23:00 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Nvidia
    [2013/04/30 19:22:35 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\AntiVirus
    [2013/04/27 21:00:03 | 000,194,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
    [2013/04/27 21:00:03 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
    [2013/04/27 21:00:02 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
    [2013/04/27 21:00:02 | 007,578,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
    [2013/04/27 21:00:02 | 002,937,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
    [2013/04/27 21:00:02 | 002,361,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
    [2013/04/27 21:00:02 | 000,443,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
    [2013/04/27 21:00:02 | 000,421,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
    [2013/04/27 21:00:02 | 000,266,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
    [2013/04/27 21:00:02 | 000,214,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
    [2013/04/27 21:00:01 | 027,765,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
    [2013/04/27 21:00:01 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
    [2013/04/27 21:00:01 | 021,088,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
    [2013/04/27 21:00:01 | 013,382,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
    [2013/04/27 21:00:01 | 009,362,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
    [2013/04/27 21:00:01 | 007,820,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
    [2013/04/27 21:00:01 | 006,276,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
    [2013/04/27 21:00:01 | 002,749,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
    [2013/04/27 21:00:01 | 001,999,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
    [2013/04/27 21:00:01 | 001,832,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432000.dll
    [2013/04/27 21:00:01 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432000.dll
    [2013/04/27 21:00:01 | 000,922,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
    [2013/04/27 21:00:01 | 000,550,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
    [2013/04/27 21:00:01 | 000,518,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
    [2013/04/27 21:00:01 | 000,218,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
    [2013/04/27 21:00:01 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
    [2013/04/26 12:47:01 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\LOVE
    [2013/04/18 22:16:46 | 000,563,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
    [2013/04/18 22:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2013/04/18 22:01:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/04/18 22:01:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/04/18 22:01:42 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/04/10 20:27:23 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/04/10 20:27:22 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/04/10 20:27:22 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/04/10 20:27:21 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/04/10 20:27:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/04/10 20:27:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/04/10 20:27:21 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/04/10 20:27:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/04/10 20:27:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/04/10 20:27:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/04/10 20:27:21 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/04/10 20:27:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/04/10 20:27:18 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/04/10 20:27:18 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/04/10 20:27:18 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/04/10 19:49:56 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/04/10 19:49:55 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013/04/10 19:49:55 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013/04/10 19:49:55 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
    [2013/04/10 19:49:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
    [2013/04/10 19:49:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
    [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/05/08 19:13:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-602907812-2840791192-3910771129-1000UA.job
    [2013/05/08 19:07:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/05/08 18:12:34 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/05/08 18:03:37 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-602907812-2840791192-3910771129-1000UA.job
    [2013/05/08 18:03:37 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-602907812-2840791192-3910771129-1000Core.job
    [2013/05/08 18:03:37 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-602907812-2840791192-3910771129-1000Core.job
    [2013/05/08 18:03:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/05/07 23:29:34 | 000,029,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/05/07 23:29:34 | 000,029,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/05/07 22:51:51 | 3208,093,696 | -HS- | M] () -- C:\hiberfil.sys
    [2013/05/07 22:12:10 | 001,243,378 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/05/07 22:12:10 | 000,660,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/05/07 22:12:10 | 000,390,642 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
    [2013/05/07 22:12:10 | 000,121,168 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/05/07 22:12:10 | 000,083,874 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
    [2013/05/07 21:28:31 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/05/07 14:53:45 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
    [2013/04/25 15:34:08 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
    [2013/04/19 07:24:21 | 027,765,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
    [2013/04/19 07:24:21 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
    [2013/04/19 07:24:21 | 021,088,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
    [2013/04/19 07:24:21 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
    [2013/04/19 07:24:21 | 015,876,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
    [2013/04/19 07:24:21 | 015,135,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
    [2013/04/19 07:24:21 | 013,382,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
    [2013/04/19 07:24:21 | 012,417,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
    [2013/04/19 07:24:21 | 009,362,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
    [2013/04/19 07:24:21 | 007,820,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
    [2013/04/19 07:24:21 | 007,578,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
    [2013/04/19 07:24:21 | 006,276,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
    [2013/04/19 07:24:21 | 002,937,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
    [2013/04/19 07:24:21 | 002,921,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
    [2013/04/19 07:24:21 | 002,749,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
    [2013/04/19 07:24:21 | 002,585,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
    [2013/04/19 07:24:21 | 002,361,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
    [2013/04/19 07:24:21 | 001,999,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
    [2013/04/19 07:24:21 | 001,832,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432000.dll
    [2013/04/19 07:24:21 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432000.dll
    [2013/04/19 07:24:21 | 001,055,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
    [2013/04/19 07:24:21 | 000,922,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
    [2013/04/19 07:24:21 | 000,550,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
    [2013/04/19 07:24:21 | 000,518,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
    [2013/04/19 07:24:21 | 000,443,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
    [2013/04/19 07:24:21 | 000,421,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
    [2013/04/19 07:24:21 | 000,266,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
    [2013/04/19 07:24:21 | 000,218,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
    [2013/04/19 07:24:21 | 000,214,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
    [2013/04/19 07:24:21 | 000,181,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
    [2013/04/19 07:24:21 | 000,020,536 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
    [2013/04/19 05:46:06 | 006,488,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
    [2013/04/19 05:46:06 | 003,511,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
    [2013/04/19 05:46:01 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
    [2013/04/19 05:46:01 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
    [2013/04/19 05:46:01 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
    [2013/04/18 22:16:46 | 000,563,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
    [2013/04/17 20:30:28 | 003,122,645 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
    [2013/04/10 22:14:02 | 000,415,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

  8. #8
    Junior Member
    Join Date
    May 2013
    Posts
    12

    Default OTL part 2

    ========== Files Created - No Company Name ==========

    [2013/05/07 21:28:31 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/04/25 15:34:08 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
    [2013/04/25 15:34:08 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
    [2013/04/17 17:44:33 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-602907812-2840791192-3910771129-1000UA.job
    [2013/04/17 17:44:32 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-602907812-2840791192-3910771129-1000Core.job
    [2013/03/28 19:49:45 | 001,233,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/01/26 21:38:22 | 000,000,018 | ---- | C] () -- C:\Windows\cmm.dat
    [2012/12/02 02:47:00 | 000,019,329 | ---- | C] () -- C:\Users\owner\AppData\Roaming\UserTile.png
    [2012/10/10 03:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/10/10 03:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
    [2012/10/10 03:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
    [2012/08/07 12:50:23 | 000,007,598 | ---- | C] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
    [2012/07/31 18:17:58 | 000,280,792 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/06/13 22:01:22 | 000,034,764 | ---- | C] () -- C:\Users\owner\AppData\Local\dt.dat
    [2012/06/09 22:27:20 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
    [2012/05/30 15:47:17 | 000,009,216 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/05/14 17:55:23 | 000,000,632 | RHS- | C] () -- C:\Users\owner\ntuser.pol
    [2012/03/29 18:37:29 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\thunk.dll
    [2012/03/29 18:36:33 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\infoccom.dat.dll
    [2012/03/29 18:30:42 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\X3DAucom.dat.dll
    [2012/03/27 21:04:55 | 000,024,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
    [2012/03/27 21:04:55 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
    [2012/03/27 21:04:54 | 012,006,784 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
    [2012/03/27 21:04:54 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll
    [2012/03/18 20:33:30 | 003,502,080 | ---- | C] () -- C:\Windows\SysWow64\auditsvr.exe
    [2012/01/12 18:36:54 | 000,000,044 | ---- | C] () -- C:\Users\owner\jagex_cl_runescape_LIVE.dat
    [2012/01/12 18:36:54 | 000,000,001 | ---- | C] () -- C:\Users\owner\random.dat
    [2011/12/29 18:26:31 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2011/11/03 19:50:34 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011/11/01 08:16:13 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
    [2011/10/27 15:23:57 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
    [2011/10/27 15:19:16 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
    [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

    ========== ZeroAccess Check ==========

    [2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 08:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 07:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2011/02/26 08:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2011/02/25 09:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/25 09:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/26 09:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/21 06:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/11/21 06:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

    < MD5 for: SERVICES.EXE >
    [2009/07/14 04:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/14 04:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2009/07/14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/21 06:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/21 06:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2010/11/21 06:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/21 06:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/21 06:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/21 06:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

    < %systemroot%\*. /rp /s >

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: WDC WD5000AAKX-001CA0 ATA Device
    Partitions: 3
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 100.00MB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 100.00GB
    Starting Offset: 105906176
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #2
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 366.00GB
    Starting Offset: 107583897600
    Hidden sectors: 0


    ========== Files - Unicode (All) ==========
    [2013/04/03 21:10:57 | 001,313,597 | ---- | M] ()(C:\Users\owner\Desktop\???? (1).docx) -- C:\Users\owner\Desktop\מבוא (1).docx
    [2013/04/03 21:10:51 | 001,313,597 | ---- | C] ()(C:\Users\owner\Desktop\???? (1).docx) -- C:\Users\owner\Desktop\מבוא (1).docx
    [2012/07/18 21:58:28 | 000,000,657 | ---- | M] ()(C:\Users\owner\Desktop\movies - ????? ???.lnk) -- C:\Users\owner\Desktop\movies - קיצור דרך.lnk
    [2012/07/15 12:23:37 | 000,000,657 | ---- | C] ()(C:\Users\owner\Desktop\movies - ????? ???.lnk) -- C:\Users\owner\Desktop\movies - קיצור דרך.lnk
    [2011/10/27 15:02:51 | 000,000,000 | -HSD | M](C:\Users\owner\????? ?????) -- C:\Users\owner\תפריט התחלה
    [2011/10/27 15:02:51 | 000,000,000 | -HSD | M](C:\Users\owner\????? ?????) -- C:\Users\owner\תפריט התחלה
    [2011/10/27 15:02:44 | 000,000,000 | -HSD | M](C:\ProgramData\????? ??????) -- C:\ProgramData\שולחן העבודה
    [2011/10/27 15:02:44 | 000,000,000 | -HSD | M](C:\ProgramData\????? ?????) -- C:\ProgramData\תפריט התחלה
    [2011/10/27 15:02:44 | 000,000,000 | -HSD | M](C:\ProgramData\????? ??????) -- C:\ProgramData\שולחן העבודה
    [2011/10/27 15:02:44 | 000,000,000 | -HSD | M](C:\ProgramData\????? ?????) -- C:\ProgramData\תפריט התחלה
    (C:\Users\owner\????? ?????) -- C:\Users\owner\תפריט התחלה
    (C:\ProgramData\????? ??????) -- C:\ProgramData\שולחן העבודה
    (C:\ProgramData\????? ?????) -- C:\ProgramData\תפריט התחלה

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\System32\config\systemprofile\????? ?????] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\???????] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
    [C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
    [C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
    [C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
    [C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
    [C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
    [C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
    [C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
    [C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\????? ?????] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\???????] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:82F50D1C
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:261DD7EA

    < End of report >

  9. #9
    Security Expert Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    259

    Default

    Hi

    There is a fair bit of residue from this malware and we’ll start cleaning it shortly but I need some additional information before we begin.

    Can you tell me if you set this proxy:

    ProxyOverride" = 127.0.0.1:9421;*.local

    Also, there are some Firefox entries, some of which seem to be “Urban Dead”-related. Can you tell me if these are intentional addons/extensions:

    FF - prefs.js..extensions.enabledAddons: demautoscout%40ud-malton.info:1.25.2
    FF - prefs.js..extensions.enabledAddons: %7B24cea704-946d-11da-a72b-0800200c9a66%7D:1.5.1
    FF - prefs.js..extensions.enabledAddons: proxytool%40proxylist.co:1.19
    FF - prefs.js..extensions.enabledAddons: client%40anonymox.net:1.0.1
    FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
    FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.3
    FF - prefs.js..extensions.enabledAddons: %7B7AC261D0-B949-47CA-B9E8-477013A15A6E%7D:1.5
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
    FF - prefs.js..extensions.enabledItems: :1.25.2
    FF - prefs.js..extensions.enabledItems: {24cea704-946d-11da-a72b-0800200c9a66}:1.5.1
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
    [2012/12/22 23:14:53 | 000,153,941 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\6w8cv86h.default\extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi
    [2012/12/22 23:33:06 | 000,690,228 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\6w8cv86h.default\extensions\proxytool@proxylist.co.xpi


    It might be easier for you to look at the Addons/Extensions and tell me which are intentional.

    To see them, open Firefox, click on Tools > Addons.

    Please let me know about all these questions and we can get started.

  10. #10
    Junior Member
    Join Date
    May 2013
    Posts
    12

    Default

    Anything "Urban Dead" related is intentional.
    this is a list of Firefox extentions:
    AnonymoX
    DEM autoscout
    ghostery
    Greasemonkey
    Panic button
    Proxytool

    The SelectionLinks is not intentional, should I remove it?

    I do not know if that proxy was intentional, it might be, but I cannot remember if I set it up. (I probably haven't)

    Again, thank you very much

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •