Free Malware Removal Forum

[wannabeageek]

Greetings sh770p,


Step 1.
Online Multi Antivirus file scan
Please go to Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\WINDOWS\system32\wuauserv.dll

Using Virus Total

1. Press the Browse button and navigate to -one- of the files in the list.
2. Double click the located file name... The file name should now appear in the online scanner's text entry box.
3. Click on Send File...button.
4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
   
   If you receive the message: File has already been analysed:
   Please press the Reanalyse file now button, so your file will be scanned.
5. When all scans have completed... the results page is displayed
6. Please highlight and copy the page web address link from your browser window.
   Example of web address :
   
7. Please repeat this procedure for each file listed above.
8. Paste the Web address link(s) for the scan results in your next reply.

Step 2.
Farbar Service Scanner (FSS)
SCAN Option
Farbar Service Scanner should still be on your Desktop.

1. Double click FSS.exe to run it on the computer with the issue.
2. Copy the word in the code block below and paste it into the Search: box
   

   Code: Select all

   srservice 

   
   Do not copy the word CODE
3. Press the "Export Service" button.
   When finished, a text file named FSS.txt will be created on your desktop. (Same folder the tool is run).
4. Please copy and paste the contents of the FSS.txt log to your reply.
   Note: If you receive an AutoIt error indicating: Error: Variable must be of type "Object", please UNCHECK the "Report Windows Version Fully" option and run the scan again.

Step 3.
OTL - System Scan/Fix
Important! Close all applications and windows so that you have nothing open and are at your Desktop

1. Double click on OTL.exe to execute it. Keep all other windows closed and let OTL run uninterrupted.
2. Click the None button near the top so that it reads Standard.
3. Copy the following text... do not include the Code box title "Code"
   

   Code: Select all

   HKLM\System\CurrentControlSet\services\srservice
   

4. Click under the Custom Scan/Fixes box and paste the copied text.
5. Click the Run Scan button. If prompted... click OK.
6. When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
7. Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


Please include in your next reply:

1. Contents of VirusTotal results
2. Contents of FSS.txt log
3. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
4. Any problem executing the instructions?

Thanks,
wbg

[sh770p]

https://www.virustotal.com/he/file/f898 ... 376573497/


Note: The export is in "Windows Registry Editor Version 5.00" format.

================== Result for "srservice" ==================

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\srservice]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="System Restore Service"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="LocalSystem"
"Description"="ביצוע תפקידים של שחזור המערכת. כדי להפסיק את השירות, בטל את שחזור המערכת מתוך הכרטיסיה שחזור המערכת ביישום המחשב שלי->מאפיינים"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\srservice\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
73,00,72,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\srservice\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\srservice\Enum]
"0"="Root\\LEGACY_SRSERVICE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_srservice]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_srservice\0000]
"Service"="srservice"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="System Restore Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_srservice\0000\Control]
"ActiveService"="srservice"



================== End Of Export =============

OTL logfile created on: 15/08/2013 16:42:43 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\sh770\שולחן העבודה
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.23% Memory free
4.82 Gb Paging File | 4.20 Gb Available in Paging File | 87.17% Paging File free
Paging file location(s): C:\pagefile.sys 2050 2050E:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 10.00 Gb Free Space | 20.01% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 3.24 Gb Free Space | 3.24% Space Free | Partition Type: NTFS
Drive E: | 32.87 Gb Total Space | 1.95 Gb Free Space | 5.95% Space Free | Partition Type: NTFS
Drive F: | 44.26 Gb Total Space | 13.32 Gb Free Space | 30.10% Space Free | Partition Type: NTFS
Drive G: | 5.75 Gb Total Space | 5.26 Gb Free Space | 91.58% Space Free | Partition Type: NTFS
Drive W: | 931.51 Gb Total Space | 7.81 Gb Free Space | 0.84% Space Free | Partition Type: NTFS

Computer Name: CHABADGAT | User Name: sh770 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< HKLM\System\CurrentControlSet\services\srservice >
"Type" = 32
"Start" = 2
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/04/14 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation)
"DisplayName" = System Restore Service
"DependOnService" = RpcSs [binary data] -- [2009/02/09 13:53:34 | 000,401,408 | ---- | M] (Microsoft Corporation)
"DependOnGroup" = [binary data]
"ObjectName" = LocalSystem
"Description" = ביצוע תפקידים של שחזור המערכת. כדי להפסיק את השירות, בטל את שחזור המערכת מתוך הכרטיסיה שחזור המערכת ביישום המחשב שלי->מאפיינים

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\srservice\Parameters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\srservice\Security]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\srservice\Enum]

< End of report >

[wannabeageek]

Greetings sh770p,

Step 1.
Back Up registry with ERUNT

1. Please use the following link and scroll down to ERUNT and download it on to your desktop. LINK HERE<<<<<<<
2. Click on the erunt-setup.exe
3. Follow the prompts to install ERUNT
4. Choose language
5. A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO
   
6. Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe


Step 2.
OTL - System Scan/Fix
Important! Close all applications and windows so that you have nothing open and are at your Desktop

1. Double click on OTL.exe to execute it. Keep all other windows closed and let OTL run uninterrupted.
2. Under the Standard Registry box change it to All.
3. Check/tick the boxes beside LOP Check and Purity Check.
4. Copy the following text... do not include the quote box title "Code"
   

   Code: Select all

   :OTL
   @Alternate Data Stream - 108 bytes -> C:\Windows:
   
   :Commands
   [EMPTYTEMP]
   

5. Click under the Custom Scan/Fixes box and paste the copied text.
6. Click the Run Fix button. If prompted... click OK.
7. When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
8. Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.

[sh770p]

All processes killed
========== OTL ==========
Unable to delete ADS C:\Windows: .
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: eMule_Secure
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: sh770
->Temp folder emptied: 69673292 bytes
->Temporary Internet Files folder emptied: 370836 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 540160238 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1277 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 582.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08172013_213657

[wannabeageek]

Hi sh770p,

Please run the following. If you have any questions, please ask.

ComboFix

Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
Alternate download site: here
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.
Please disable any Antivirus or Firewall you have active, as shown in this topic. Close all open application windows.

1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
2. Press Yes to the Disclaimer prompt.
   ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
   
3. For XP users: If not already installed... Press "Yes" to any "Recovery Console" prompts.
   Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
   When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
4. Please copy/paste the contents of ComboFix.txt... in your next reply.

Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **

[sh770p]

ComboFix 13-08-18.01 - sh770 08/18/2013 17:58:14.29.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1037.18.2039.1379 [GMT 3:00]
Running from: c:\documents and settings\sh770\שולחן העבודה\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\AMMYY
c:\documents and settings\All Users\Application Data\AMMYY\contacts3.bin
c:\documents and settings\All Users\Application Data\AMMYY\settings3.bin
c:\windows\msmqinst.log
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Files Created from 2013-07-18 to 2013-08-18 )))))))))))))))))))))))))))))))
.
.
2842-08-08 20:26 . 1674-10-08 21:51 -------- d-----w- c:\program files\open-in-default-browser
2013-08-18 11:53 . 2013-08-18 11:55 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-08-17 18:28 . 2013-08-17 19:05 -------- d-----w- c:\program files\ERUNT
2013-08-15 20:05 . 2013-08-15 20:07 -------- d-----w- c:\documents and settings\sh770\Local Settings\Application Data\Adblock Plus for IE
2013-08-15 20:05 . 2013-08-15 20:05 -------- d-----w- c:\documents and settings\sh770\Application Data\Adblock Plus for IE
2013-08-15 20:04 . 2013-08-15 20:05 -------- d-----w- c:\program files\Adblock Plus for IE
2013-08-15 20:04 . 2013-08-16 09:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache
2013-08-15 14:19 . 2013-08-15 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\APN
2013-08-15 13:29 . 2013-08-15 13:29 -------- d-----w- c:\docume~1\sh770\61A7~1
2013-08-13 13:23 . 2013-08-13 13:23 -------- d-----w- C:\_OTL
2013-08-12 15:19 . 2013-08-12 15:19 -------- d-----w- c:\documents and settings\sh770\Local Settings\Application Data\Jaksta_Technologies_Pty_L
2013-08-07 13:49 . 2013-08-07 13:49 -------- d-----w- c:\program files\TeamViewer
2013-08-05 06:42 . 2013-08-05 06:42 -------- d-----w- c:\program files\CDex_150
2013-08-04 22:35 . 2013-08-04 22:35 -------- d-----w- c:\program files\Exact Audio Copy
2013-08-04 19:49 . 2013-08-04 20:23 -------- d-----w- c:\documents and settings\sh770\Local Settings\Application Data\Remove Toolbar Buddy
2013-08-04 19:48 . 2011-09-08 16:08 587768 ----a-w- c:\windows\system32\Codejock.SkinFramework.Unicode.v15.1.3.0908.ocx
2013-08-04 19:48 . 2011-09-08 16:08 509944 ----a-w- c:\windows\system32\Codejock.ShortcutBar.Unicode.v15.1.3.0908.ocx
2013-08-04 19:48 . 2011-09-08 16:08 1140728 ----a-w- c:\windows\system32\Codejock.PropertyGrid.Unicode.v15.1.3.0908.ocx
2013-08-04 19:48 . 2013-08-04 19:48 -------- d-----w- c:\program files\Scorpio Software
2013-08-04 19:48 . 2013-08-04 19:48 -------- d-----w- c:\program files\Common Files\Scorpio Software
2013-08-04 19:48 . 2011-09-08 16:08 833528 ----a-w- c:\windows\system32\Codejock.DockingPane.Unicode.v15.1.3.0908.ocx
2013-08-04 19:48 . 2011-09-08 16:08 1906680 ----a-w- c:\windows\system32\Codejock.Controls.Unicode.v15.1.3.0908.ocx
2013-08-04 19:48 . 2011-09-08 16:07 2717688 ----a-w- c:\windows\system32\Codejock.CommandBars.Unicode.v15.1.3.0908.ocx
2013-08-04 19:48 . 2009-03-24 10:52 218432 ----a-w- c:\windows\system32\richtx32.Ocx
2013-07-30 19:20 . 2013-06-09 18:59 216064 ----a-w- c:\windows\system32\gcapi_dll.dll
2013-07-29 12:43 . 2012-05-05 08:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2013-07-29 12:43 . 2013-07-29 12:47 -------- d-----w- c:\program files\PDFCreator
2013-07-29 12:43 . 2012-05-05 08:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2013-07-29 12:02 . 2013-07-29 12:02 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-07-29 12:01 . 2013-07-29 16:31 -------- d-----w- c:\program files\Soluto
2013-07-29 11:58 . 2013-07-29 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
2013-07-24 20:59 . 2013-07-24 20:59 -------- d-sh--w- c:\documents and settings\sh770\UserData
2013-07-21 18:24 . 2013-08-14 21:43 -------- d-----w- c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-26 02:48 . 2009-06-01 22:53 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:48 . 2009-06-01 22:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:48 . 2009-06-01 22:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:54 . 2009-06-01 22:52 385024 ----a-w- c:\windows\system32\html.iec
2013-07-18 21:16 . 2013-07-18 21:16 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-18 21:16 . 2013-07-02 16:47 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-18 21:16 . 2012-06-12 18:48 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-18 21:16 . 2010-10-24 22:11 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-18 05:14 . 2012-04-18 22:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-18 05:14 . 2011-05-22 19:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-10 10:37 . 2009-06-01 22:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:33 . 2008-04-13 18:59 2030080 ------w- c:\windows\system32\ntkrnlpa.exe
2013-07-04 07:33 . 2008-04-13 18:58 2151424 ------w- c:\windows\system32\ntoskrnl.exe
2013-07-02 14:18 . 2013-07-02 14:18 119808 ----a-r- c:\documents and settings\sh770\Application Data\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2013-06-24 16:13 . 2013-06-24 16:13 130488 ----a-w- c:\windows\system32\drivers\tib_mounter.sys
2013-06-24 16:13 . 2013-06-24 16:13 736312 ----a-w- c:\windows\system32\drivers\tib.sys
2013-06-24 16:13 . 2010-03-07 06:06 158496 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-06-24 16:13 . 2013-06-24 19:53 73504 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2013-06-12 00:41 . 2013-06-12 00:41 17617288 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-05 09:08 . 2012-11-25 13:28 1876608 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 07:22 . 2009-06-01 22:52 563200 ----a-w- c:\windows\system32\qedit.dll
2013-05-28 01:59 . 2009-06-01 22:52 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 01:05 . 2008-05-05 05:25 11264 ----a-w- c:\windows\system32\xpsp4res.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\sh770\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\sh770\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\sh770\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\sh770\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!1_ProcessGuard_Startup"="c:\program files\ProcessGuard\procguard.exe" [2008-07-25 267287]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!1_pgaccount"="c:\program files\ProcessGuard\pgaccount.exe" [2008-07-25 120832]
"look"="User32.dll" [2008-04-14 576512]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"RTHDCPL"="RTHDCPL.EXE" [2013-03-12 20143688]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-07-08 543320]
.
c:\documents and settings\sh770\תפריט התחלה\תוכניות\הפעלה\
Dropbox.lnk - c:\documents and settings\sh770\Application Data\Dropbox\bin\Dropbox.exe [2013-7-30 29397176]
Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe -p sh [2013-8-17 276376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Ammyy Admin\\AA_v3.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2011 11.0.2.556\\en\\setup.exe"=
"d:\\אתר\\אנשי קשר ישן\\MailDB chabad\\MailDB.exe"=
"c:\\Windows\\system32\\mmc.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"d:\\תוכנות ארכיון\\Skype Portable\\Skype.exe"=
"c:\\Program Files\\Miranda IM\\SKYPE\\Skype.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-hostd.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Applian Technologies\\Replay Media Catcher 5\\aria2c.exe"=
"c:\\Program Files\\Applian Technologies\\Replay Media Catcher 5\\qtCopy.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\sh770\\שולחן העבודה\\ChromePortable\\App\\Chrome\\chrome.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Documents and Settings\\sh770\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Ammyy Admin\\AA_v3.2.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP פורט 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP פורט 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP פורט 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP פורט 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP פורט 37675
"1947:TCP"= 1947:TCP:*:Disabled:HASP SRM
"1947:UDP"= 1947:UDP:*:Disabled:HASP SRM
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [28/05/2009 12:48 3712]
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [24/10/2012 15:16 71152]
R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [10/03/2013 20:37 61464]
R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [24/09/2012 06:17 9600]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/2010 17:43 11352]
R2 DCSPGSRV;DiamondCS ProcessGuard Service v3.500;c:\program files\ProcessGuard\DCSUserProt.exe [15/03/2010 03:12 31744]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/06/2010 20:07 35088]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [15/03/2010 03:12 26688]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [07/08/2013 16:49 4308320]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [12/07/2011 10:36 22768]
R2 XHASP;XHASP;c:\windows\system32\drivers\XHASP.sys [02/05/2012 17:50 259584]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [26/06/2011 03:56 28256]
R3 IPSecVPN;IPSecVPN Miniport;c:\windows\system32\drivers\IPSecVPN.sys [05/05/2013 21:38 13654]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07/05/2010 12:06 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [05/01/2012 18:42 75624]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\Drivers\Scutum50.sys --> c:\windows\system32\Drivers\Scutum50.sys [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\sh770\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\sh770\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [02/06/2009 16:27 1691480]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [26/06/2011 03:56 28256]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [04/06/2011 23:14 117584]
S3 cpuz130;cpuz130;\??\c:\docume~1\sh770\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\sh770\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 cpuz136;cpuz136;\??\c:\windows\TEMP\cpuz136\cpuz136_x32.sys --> c:\windows\TEMP\cpuz136\cpuz136_x32.sys [?]
S3 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [15/04/2013 23:07 105344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [01/06/2011 22:42 22856]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/01/2010 01:37 47360]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [07/03/2010 01:51 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [07/03/2010 01:51 11088]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [24/06/2012 21:50 27064]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [19/02/2012 17:24 907496]
S3 SliceDisk5;SliceDisk5;\??\c:\program files\A-FF Find and Mount\slicedisk.sys --> c:\program files\A-FF Find and Mount\slicedisk.sys [?]
S3 Usblink;Usblink Driver;c:\windows\system32\Drivers\ulink.sys --> c:\windows\system32\Drivers\ulink.sys [?]
S3 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [20/11/2009 02:48 1035576]
S3 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [11/10/2012 17:15 721048]
S3 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [26/02/2013 02:54 13242960]
S3 VNic;ULan Network Driver Module;c:\windows\system32\DRIVERS\VNic.sys --> c:\windows\system32\DRIVERS\VNic.sys [?]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [24/05/2009 21:40 390379]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 05:14]
.
2013-01-28 c:\windows\Tasks\קל לוח.job
- c:\program files\Kaluach3\Kaluach3.exe [2013-07-11 06:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.il/
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: הוסף לאנטי באנר - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
TCP: Interfaces\{E40AD9AC-0131-41E5-8124-6F69F2089729}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\
FF - prefs.js: browser.search.selectedEngine - ׳’׳•׳’׳œ ג€¢ ׳—׳™׳₪׳•׳© ׳ž׳•׳¦׳₪׳Ÿ
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?btnI=I%27 ... e=UTF-8&q=
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9150
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
c:\documents and settings\Administrator\תפריט התחלה\תוכניות\הפעלה\Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com
c:\documents and settings\Guest\תפריט התחלה\תוכניות\הפעלה\Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com
AddRemove-uTorrent - w:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-18 18:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-616249376-1417001333-1003\Software\Microsoft\  M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*\Recent File List]
@Allowed: (Read) (RestrictedCode)
"File1"="c:\\WINDOWS\\system32\\compmgmt.msc"
"File2"="c:\\WINDOWS\\system32\\devmgmt.msc"
"File3"="c:\\WINDOWS\\system32\\services.msc"
"File4"="c:\\WINDOWS\\system32\\dfrg.msc"
.
[HKEY_USERS\S-1-5-21-1935655697-616249376-1417001333-1003\Software\Microsoft\  M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*\Settings]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1664)
c:\windows\system32\igfxdev.dll
.
Completion time: 2013-08-18 18:09:27
ComboFix-quarantined-files.txt 2013-08-18 15:09
.
Pre-Run: 10,183,426,048 bytes free
Post-Run: 10,136,305,664 bytes free
.
- - End Of File - - 4890358FEFF5065E304066246FA54718
8F558EB6672622401DA993E1E865C861

[wannabeageek]

Hi sh770p,

I see you have used combofix a few times before. Please run the following :

ComboFix - CFScript
WARNING !
This script is for THIS user and computer ONLY!
Using this tool incorrectly could damage your Operating System... preventing it from starting again!

You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

1. Please open Notepad and copy/paste all the text below... into the window:
   

   Code: Select all

   ADS::
   C:\Windows
   

2. Save it to your desktop as CFScript.txt
3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
   
   
   
   This will cause ComboFix to run again.
   Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
   Do Not touch your computer when ComboFix is running!
   When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
5. Please copy/paste the contents of ComboFix.txt... in your next reply.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **

[sh770p]

While running the COMBOFIX
An error message

4.JPG

---------------------------
Windows - ‏‏שגיאת מערכת
---------------------------
‏‏{שגיאת יישום}

החריגה unknown software exception ‎(0x40000015) אירעה ביישום במיקום ‎0x0044ccbc‏.


‏‏לחץ על אישור כדי לסיים את פעולת התוכנית
‏‏לחץ על ביטול כדי לאתר באגים בתוכנית
---------------------------
אישור ביטול
---------------------------



ComboFix 13-08-19.02 - sh770 08/20/2013 8:23.30.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1037.18.2039.1450 [GMT 3:00]
Running from: c:\documents and settings\sh770\????? ??????\ComboFix.exe
Command switches used :: c:\documents and settings\sh770\????? ??????\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\AMMYY
c:\documents and settings\All Users\Application Data\AMMYY\contacts3.bin
c:\documents and settings\All Users\Application Data\AMMYY\settings3.bin
C:\menu.lst
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-07-20 to 2013-08-20 )))))))))))))))))))))))))))))))
.
.
2842-08-08 20:26 . 1674-10-08 21:51 -------- d-----w- c:\program files\open-in-default-browser
2013-08-18 11:53 . 2013-08-18 11:55 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-08-17 18:28 . 2013-08-17 19:05 -------- d-----w- c:\program files\ERUNT
2013-08-15 20:05 . 2013-08-15 20:07 -------- d-----w- c:\documents and settings\sh770\Local Settings\Application Data\Adblock Plus for IE
2013-08-15 20:05 . 2013-08-15 20:05 -------- d-----w- c:\documents and settings\sh770\Application Data\Adblock Plus for IE
2013-08-15 20:04 . 2013-08-15 20:05 -------- d-----w- c:\program files\Adblock Plus for IE
2013-08-15 20:04 . 2013-08-16 09:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache
2013-08-15 14:19 . 2013-08-15 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\APN
2013-08-15 13:29 . 2013-08-15 13:29 -------- d-----w- c:\docume~1\sh770\61A7~1
2013-08-13 13:23 . 2013-08-13 13:23 -------- d-----w- C:\_OTL
2013-08-12 15:19 . 2013-08-12 15:19 -------- d-----w- c:\documents and settings\sh770\Local Settings\Application Data\Jaksta_Technologies_Pty_L
2013-08-07 13:49 . 2013-08-07 13:49 -------- d-----w- c:\program files\TeamViewer
2013-08-05 06:42 . 2013-08-05 06:42 -------- d-----w- c:\program files\CDex_150
2013-08-04 22:35 . 2013-08-04 22:35 -------- d-----w- c:\program files\Exact Audio Copy
2013-08-04 19:49 . 2013-08-04 20:23 -------- d-----w- c:\documents and settings\sh770\Local Settings\Application Data\Remove Toolbar Buddy
2013-08-04 19:48 . 2011-09-08 16:08 587768 ----a-w- c:\windows\system32\Codejock.SkinFramework.Unicode.v15.1.3.0908.ocx
2013-08-04 19:48 . 2011-09-08 16:08 509944 ----a-w- c:\windows\system32\Codejock.ShortcutBar.Unicode.v15.1.3.0908.ocx
2013-08-04 19:48 . 2011-09-08 16:08 1140728 ----a-w- c:\windows\system32\Codejock.PropertyGrid.Unicode.v15.1.3.0908.ocx
2013-08-04 19:48 . 2013-08-04 19:48 -------- d-----w- c:\program files\Scorpio Software
2013-08-04 19:48 . 2013-08-04 19:48 -------- d-----w- c:\program files\Common Files\Scorpio Software
2013-08-04 19:48 . 2011-09-08 16:08 833528 ----a-w- c:\windows\system32\Codejock.DockingPane.Unicode.v15.1.3.0908.ocx
2013-08-04 19:48 . 2011-09-08 16:08 1906680 ----a-w- c:\windows\system32\Codejock.Controls.Unicode.v15.1.3.0908.ocx
2013-08-04 19:48 . 2011-09-08 16:07 2717688 ----a-w- c:\windows\system32\Codejock.CommandBars.Unicode.v15.1.3.0908.ocx
2013-08-04 19:48 . 2009-03-24 10:52 218432 ----a-w- c:\windows\system32\richtx32.Ocx
2013-07-30 19:20 . 2013-06-09 18:59 216064 ----a-w- c:\windows\system32\gcapi_dll.dll
2013-07-29 12:43 . 2012-05-05 08:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2013-07-29 12:43 . 2013-07-29 12:47 -------- d-----w- c:\program files\PDFCreator
2013-07-29 12:43 . 2012-05-05 08:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2013-07-29 12:02 . 2013-07-29 12:02 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-07-29 12:01 . 2013-07-29 16:31 -------- d-----w- c:\program files\Soluto
2013-07-29 11:58 . 2013-07-29 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
2013-07-24 20:59 . 2013-07-24 20:59 -------- d-sh--w- c:\documents and settings\sh770\UserData
2013-07-21 18:24 . 2013-08-14 21:43 -------- d-----w- c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-26 02:48 . 2009-06-01 22:53 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:48 . 2009-06-01 22:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:48 . 2009-06-01 22:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:54 . 2009-06-01 22:52 385024 ----a-w- c:\windows\system32\html.iec
2013-07-18 21:16 . 2013-07-18 21:16 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-18 21:16 . 2013-07-02 16:47 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-18 21:16 . 2012-06-12 18:48 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-18 21:16 . 2010-10-24 22:11 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-18 05:14 . 2012-04-18 22:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-18 05:14 . 2011-05-22 19:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-10 10:37 . 2009-06-01 22:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:33 . 2008-04-13 18:59 2030080 ------w- c:\windows\system32\ntkrnlpa.exe
2013-07-04 07:33 . 2008-04-13 18:58 2151424 ------w- c:\windows\system32\ntoskrnl.exe
2013-07-02 14:18 . 2013-07-02 14:18 119808 ----a-r- c:\documents and settings\sh770\Application Data\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2013-06-24 16:13 . 2013-06-24 16:13 130488 ----a-w- c:\windows\system32\drivers\tib_mounter.sys
2013-06-24 16:13 . 2013-06-24 16:13 736312 ----a-w- c:\windows\system32\drivers\tib.sys
2013-06-24 16:13 . 2010-03-07 06:06 158496 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-06-24 16:13 . 2013-06-24 19:53 73504 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2013-06-12 00:41 . 2013-06-12 00:41 17617288 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-05 09:08 . 2012-11-25 13:28 1876608 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 07:22 . 2009-06-01 22:52 563200 ----a-w- c:\windows\system32\qedit.dll
2013-05-28 01:59 . 2009-06-01 22:52 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 01:05 . 2008-05-05 05:25 11264 ----a-w- c:\windows\system32\xpsp4res.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\sh770\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\sh770\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\sh770\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\sh770\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!1_ProcessGuard_Startup"="c:\program files\ProcessGuard\procguard.exe" [2008-07-25 267287]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!1_pgaccount"="c:\program files\ProcessGuard\pgaccount.exe" [2008-07-25 120832]
"look"="User32.dll" [2008-04-14 576512]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"RTHDCPL"="RTHDCPL.EXE" [2013-03-12 20143688]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-07-08 543320]
.
c:\documents and settings\sh770\תפריט התחלה\תוכניות\הפעלה\
Dropbox.lnk - c:\documents and settings\sh770\Application Data\Dropbox\bin\Dropbox.exe [2013-7-30 29397176]
Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe -p sh [2013-8-17 276376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Ammyy Admin\\AA_v3.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2011 11.0.2.556\\en\\setup.exe"=
"d:\\אתר\\אנשי קשר ישן\\MailDB chabad\\MailDB.exe"=
"c:\\Windows\\system32\\mmc.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"d:\\תוכנות ארכיון\\Skype Portable\\Skype.exe"=
"c:\\Program Files\\Miranda IM\\SKYPE\\Skype.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-hostd.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Applian Technologies\\Replay Media Catcher 5\\aria2c.exe"=
"c:\\Program Files\\Applian Technologies\\Replay Media Catcher 5\\qtCopy.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\sh770\\שולחן העבודה\\ChromePortable\\App\\Chrome\\chrome.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Documents and Settings\\sh770\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Ammyy Admin\\AA_v3.2.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP פורט 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP פורט 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP פורט 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP פורט 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP פורט 37675
"1947:TCP"= 1947:TCP:*:Disabled:HASP SRM
"1947:UDP"= 1947:UDP:*:Disabled:HASP SRM
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [28/05/2009 12:48 3712]
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [24/10/2012 15:16 71152]
R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [10/03/2013 20:37 61464]
R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [24/09/2012 06:17 9600]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/2010 17:43 11352]
R2 DCSPGSRV;DiamondCS ProcessGuard Service v3.500;c:\program files\ProcessGuard\DCSUserProt.exe [15/03/2010 03:12 31744]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/06/2010 20:07 35088]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [15/03/2010 03:12 26688]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [07/08/2013 16:49 4308320]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [12/07/2011 10:36 22768]
R2 XHASP;XHASP;c:\windows\system32\drivers\XHASP.sys [02/05/2012 17:50 259584]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [26/06/2011 03:56 28256]
R3 IPSecVPN;IPSecVPN Miniport;c:\windows\system32\drivers\IPSecVPN.sys [05/05/2013 21:38 13654]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07/05/2010 12:06 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [05/01/2012 18:42 75624]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\Drivers\Scutum50.sys --> c:\windows\system32\Drivers\Scutum50.sys [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\sh770\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\sh770\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [02/06/2009 16:27 1691480]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [26/06/2011 03:56 28256]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [04/06/2011 23:14 117584]
S3 cpuz130;cpuz130;\??\c:\docume~1\sh770\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\sh770\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 cpuz136;cpuz136;\??\c:\windows\TEMP\cpuz136\cpuz136_x32.sys --> c:\windows\TEMP\cpuz136\cpuz136_x32.sys [?]
S3 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [15/04/2013 23:07 105344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [01/06/2011 22:42 22856]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/01/2010 01:37 47360]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [07/03/2010 01:51 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [07/03/2010 01:51 11088]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [24/06/2012 21:50 27064]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [19/02/2012 17:24 907496]
S3 SliceDisk5;SliceDisk5;\??\c:\program files\A-FF Find and Mount\slicedisk.sys --> c:\program files\A-FF Find and Mount\slicedisk.sys [?]
S3 Usblink;Usblink Driver;c:\windows\system32\Drivers\ulink.sys --> c:\windows\system32\Drivers\ulink.sys [?]
S3 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [20/11/2009 02:48 1035576]
S3 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [11/10/2012 17:15 721048]
S3 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [26/02/2013 02:54 13242960]
S3 VNic;ULan Network Driver Module;c:\windows\system32\DRIVERS\VNic.sys --> c:\windows\system32\DRIVERS\VNic.sys [?]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [24/05/2009 21:40 390379]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 05:14]
.
2013-01-28 c:\windows\Tasks\קל לוח.job
- c:\program files\Kaluach3\Kaluach3.exe [2013-07-11 06:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.il/
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: הוסף לאנטי באנר - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
TCP: DhcpNameServer = 80.179.52.100 80.179.55.100
TCP: Interfaces\{E40AD9AC-0131-41E5-8124-6F69F2089729}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\
FF - prefs.js: browser.search.selectedEngine - Google SSL
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?btnI=I%27 ... e=UTF-8&q=
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9150
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-08-18 19:54; foxyproxy@eric.h.jung; c:\documents and settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\foxyproxy@eric.h.jung
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-20 08:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-616249376-1417001333-1003\Software\Microsoft\  M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*\Recent File List]
@Allowed: (Read) (RestrictedCode)
"File1"="c:\\WINDOWS\\system32\\compmgmt.msc"
"File2"="c:\\WINDOWS\\system32\\devmgmt.msc"
"File3"="c:\\WINDOWS\\system32\\services.msc"
"File4"="c:\\WINDOWS\\system32\\dfrg.msc"
.
[HKEY_USERS\S-1-5-21-1935655697-616249376-1417001333-1003\Software\Microsoft\  M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*\Settings]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1664)
c:\windows\system32\igfxdev.dll
.
Completion time: 2013-08-20 08:50:27
ComboFix-quarantined-files.txt 2013-08-20 05:50
ComboFix2.txt 2013-08-18 15:09
.
Pre-Run: 9,848,840,192 bytes free
Post-Run: 9,811,546,112 bytes free
.
- - End Of File - - 9A60C3DCCBC9D9070EBEE5BE92C98144
8F558EB6672622401DA993E1E865C861

[wannabeageek]

Hi sh770p,

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do the following:

• Launch the application.
• One of 2 things will happen:
  
  • The program will be so outdated that it will automatically invoke a complete re-install; or
  • The program will check, update the database and then run.
  If it does a complete re-install, be sure to follow the prompts.
• Perform Quick Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply.
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

[sh770p]

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

גרסת מסד נתונים: v2013.08.21.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
sh770 :: CHABADGAT [administrator]

הגנה: מכובה

ט"ו/י"ב/תשע"ג 16:48:42
mbam-log-2013-08-21 (16-48-42).txt

סוג הסריקה: סריקה מהירה
אפשרויות סריקה מופעלות: זכרון | אתחול | Registry | קובץ מערכת | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
אפשרויות סריקה מושבתות: P2P
סריקת אובייקטים: 286492
הזמן שחלף: 7 דקות, 57 שניות

תהליכי זיכרון נגועים: 0
(לא נמצאו פריטים זדוניים)

זכרונות מודלים נגועים: 0
(לא נמצאו פריטים זדוניים)

מפתחות רישום נגועים: 0
(לא נמצאו פריטים זדוניים)

ערכי רישום נגועים: 0
(לא נמצאו פריטים זדוניים)

פריטי נתוני רישום נגועים: 0
(לא נמצאו פריטים זדוניים)

תיקיות נגועות: 0
(לא נמצאו פריטים זדוניים)

קבצים נגועים: 0
(לא נמצאו פריטים זדוניים)

(סוף)

[wannabeageek]

Hi sh770p,

Run these scans and post the results.
How is the computer acting?
Will it boot into safemode without a blue screen?


Step 1.
ESET online scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• First please Disable any Antivirus you have active, as shown in This topic. Scroll down to find your product.
• Note: Don't forget to re-enable it after the scan.
• Next hold down Control then click on the following link to open a new window to ESET online scanner
• Press the Blue Run ESET Online Scanner button on the left side of the page.
• A popup box will open.
• Select the option YES, I accept the Terms of Use then click on Start.
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
• Now click on Start.
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• When the scan is completed and you would like the program removed, select Uninstall application on close. Be sure you have copied the log file first!
• Now click on Finish.
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step 2.
OTL
OTLshould be on your Desktop[/b].

1. Double click on OTL.exe to run it.
2. Click the Scan All Users checkbox.
3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
   Leave the remaining selections to the default settings.
4. Click on Run Scan at the top left hand corner.
5. When done, two Notepad files will open.
   
   • OTL.txt <-- Will be opened, maximized
   • Extras.txt <-- Will be minimized on task bar.
6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please include in your next reply:

1. Contents of C:\Program Files\ESET\EsetOnlineScanner\log.txt
2. Contents of OTL.txt
3. Contents of Extras.txt
4. Any problem executing the instructions?
5. How is the computer behaving?

Thanks,
wbg

[sh770p]

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2be25bef179aba418d1149d37a0817a2
# engine=14866
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=תשע"ג-י"ב-ט"ז 06:07:11
# local_time=תשע"ג-י"ב-ט"ז 09:07:11 )
# country="Israel"
# lang=1037
# osver=5.1.2600 NT Service Pack 3
# scanned=145180
# found=20
# cleaned=0
# scan_time=10630
sh=42429268B05688DDB685172D8CF861E00D2256B6 ft=1 fh=21a3673dda1eec3a vn="multiple threats" ac=I fn="C:\Documents and Settings\sh770\שולחן העבודה\מיון\NOD32view4_06_5.exe"
sh=3B14C90F1A129328E27521D592C277B8C87FA769 ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A application" ac=I fn="C:\Inst\XP_RAM.ISO"
sh=855AA5034727785A824E816270607E1C32F7251D ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A application" ac=I fn="C:\Inst\xp_ram\I386\SVCPACK\FIX.CMD"
sh=8C85856D3B940C035A3C7FC6359A54BAFE9361EE ft=0 fh=0000000000000000 vn="Win32/PSWTool.KonBoot.A application" ac=I fn="C:\pmagic\Hiren'sBootCD.iso"
sh=519D06745DAD2BE35D2DE25F9739B80EA64E1FDD ft=1 fh=448900da2d4e2f5a vn="a variant of Win32/RemoteAdmin.Ammyy.B application" ac=I fn="C:\Program Files\Ammyy Admin\AA_v3.1.exe"
sh=2E5265F35F75A50C89E592E127BC80E1E45AA840 ft=1 fh=665395c0536173b7 vn="a variant of Win32/RemoteAdmin.Ammyy.B application" ac=I fn="C:\Program Files\Ammyy Admin\AA_v3.2.exe"
sh=98E44B9C65C15384DA664D1B548E408B486E47BC ft=1 fh=4c0c6dd643ef2f13 vn="a variant of Win32/RemoteAdmin.Ammyy.B application" ac=I fn="C:\Program Files\Ammyy Admin\AA_v3.exe"
sh=229EA863EF8BBB00F051DBF764856D9DA8096D98 ft=1 fh=727b5f8d2ae26ca4 vn="probably a variant of Win32/PSWTool.WirelessNetView.A application" ac=I fn="C:\Program Files\NirSoft\WirelessNetView\WirelessNetView.exe"
sh=90E4890A2DA26A98BAA63AB5D0B7EBC27CEEA5D3 ft=1 fh=ea2de559c4790142 vn="a variant of Win32/PSWTool.PdfCracker.A application" ac=I fn="C:\Program Files\PDF Password Cracker Pro v3.1\crackpdf.exe"
sh=D868070EA6980942E4E0A7A9030B70CCA5C36D1B ft=1 fh=2d84a9c9616021bc vn="Win32/PSWTool.PdfCracker.B application" ac=I fn="C:\Program Files\PDF Password Remover v3.0\winDecrypt.exe"
sh=D25B9BF3F5DA04C98C4BD0653CD3F9D51A28EC3B ft=1 fh=641788557dcf527c vn="Win32/PSWTool.PdfCracker.B application" ac=I fn="C:\Program Files\PDF Password Remover v3.0\winDecrypt.exe.BAK"
sh=6155B7161677DE78E796D6F147137D790608F91F ft=1 fh=06df8b4e52078e03 vn="a variant of Win32/HackTool.Patcher.AD application" ac=I fn="C:\Program Files\SlySoft\AnyDVD\Patch.exe"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files\The KMPlayer\ApnIC.dll"
sh=D0AEA07DD876D90CCBEE70F6AB3ADF5ADD1EA075 ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.AC application" ac=I fn="C:\Program Files\USB Safely Remove\USB Safely Remove.rar"
sh=2A2F88BA3E4361A59A4A845EF98BB12817BB6F60 ft=1 fh=157fd3917dfb8221 vn="a variant of Win32/InstallIQ.A application" ac=I fn="C:\System Volume Information\_restore{152CB5B2-9753-4333-9F16-26DCA89093D8}\RP11\A0004460.exe"
sh=2A2F88BA3E4361A59A4A845EF98BB12817BB6F60 ft=1 fh=157fd3917dfb8221 vn="a variant of Win32/InstallIQ.A application" ac=I fn="C:\System Volume Information\_restore{152CB5B2-9753-4333-9F16-26DCA89093D8}\RP12\A0004524.exe"
sh=98E44B9C65C15384DA664D1B548E408B486E47BC ft=1 fh=4c0c6dd643ef2f13 vn="a variant of Win32/RemoteAdmin.Ammyy.B application" ac=I fn="C:\System Volume Information\_restore{152CB5B2-9753-4333-9F16-26DCA89093D8}\RP14\A0005479.exe"
sh=7A5B4EC405022ABEB1664161F505523956B77F9F ft=0 fh=0000000000000000 vn="Win32/PrcView application" ac=I fn="C:\UBCD4Win\UBCD4WinBuilder.iso"
sh=6661EDA8383915E3713D78F0189D1A15EB5D80C7 ft=1 fh=cd240aea2e807323 vn="Win32/PrcView application" ac=I fn="C:\UBCD4Win\BartPE\PROGRAMS\sdfix\SDFix.exe"
sh=6661EDA8383915E3713D78F0189D1A15EB5D80C7 ft=1 fh=cd240aea2e807323 vn="Win32/PrcView application" ac=I fn="C:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe"


OTL logfile created on: 23/08/2013 03:03:33 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\sh770\שולחן העבודה
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 38.00% Memory free
4.82 Gb Paging File | 3.44 Gb Available in Paging File | 71.39% Paging File free
Paging file location(s): C:\pagefile.sys 2050 2050E:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 9.00 Gb Free Space | 18.00% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 3.15 Gb Free Space | 3.15% Space Free | Partition Type: NTFS
Drive E: | 32.87 Gb Total Space | 1.95 Gb Free Space | 5.95% Space Free | Partition Type: NTFS
Drive F: | 44.26 Gb Total Space | 13.32 Gb Free Space | 30.10% Space Free | Partition Type: NTFS
Drive G: | 5.75 Gb Total Space | 5.19 Gb Free Space | 90.41% Space Free | Partition Type: NTFS
Drive W: | 931.51 Gb Total Space | 8.30 Gb Free Space | 0.89% Space Free | Partition Type: NTFS

Computer Name: CHABADGAT | User Name: sh770 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/17 21:53:05 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/08/12 17:29:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sh770\שולחן העבודה\OTL.exe
PRC - [2013/07/20 22:23:40 | 001,169,920 | ---- | M] (wj32) -- C:\Program Files\Process Hacker 2\ProcessHacker.exe
PRC - [2013/07/19 00:16:13 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2008/07/25 14:22:52 | 000,031,744 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\DCSUserProt.exe
PRC - [2008/07/25 14:22:50 | 000,267,287 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\procguard.exe
PRC - [2008/07/25 14:11:58 | 000,120,832 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\pgaccount.exe
PRC - [2008/04/14 15:00:00 | 001,202,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/17 21:53:05 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/07/18 08:14:53 | 016,166,280 | ---- | M] () -- C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2012/11/21 07:26:34 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
MOD - [2012/01/29 13:54:40 | 000,408,576 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopy.dll
MOD - [2012/01/20 11:55:04 | 000,427,520 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopyExt.dll
MOD - [2010/10/05 21:26:52 | 002,111,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avzkrnl.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/08/20 23:29:30 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/17 21:53:05 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/07 12:42:30 | 004,308,320 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/07/19 00:16:13 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/07/08 14:28:42 | 000,129,112 | ---- | M] (Sandboxie Holdings, LLC) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/13 23:56:20 | 001,035,576 | ---- | M] (Crystal Rich Ltd) [On_Demand | Stopped] -- C:\Program Files\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2013/02/26 03:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013/02/26 03:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2013/02/26 02:54:34 | 013,242,960 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2013/02/26 02:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/10/11 17:15:28 | 000,721,048 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2012/01/05 18:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/06/25 20:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/04/21 12:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [On_Demand | Stopped] -- C:\Windows\system32\hasplms.exe -- (hasplms)
SRV - [2008/07/25 14:22:52 | 000,031,744 | ---- | M] (DiamondCS) [Auto | Running] -- C:\Program Files\ProcessGuard\DCSUserProt.exe -- (DCSPGSRV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VNic.sys -- (VNic)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ulink.sys -- (Usblink)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\A-FF Find and Mount\slicedisk.sys -- (SliceDisk5)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\Scutum50.sys -- (Scutum50)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\NSNDIS5.SYS -- (NSNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys -- (cpuz136)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\sh770\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\sh770\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\sh770\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2013/07/08 14:28:40 | 000,159,208 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2013/06/24 19:13:12 | 000,158,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\snapman.sys -- (snapman)
DRV - [2013/05/19 14:04:42 | 000,124,504 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/29 22:42:40 | 005,444,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2013/02/26 03:29:02 | 000,034,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2013/02/26 03:28:26 | 000,024,272 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2013/02/26 03:28:06 | 000,026,192 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2013/02/26 03:28:04 | 000,062,416 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2013/02/26 03:27:46 | 000,026,064 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2013/02/26 03:27:46 | 000,016,664 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2012/12/20 19:11:38 | 000,026,624 | ---- | M] (wj32) [Kernel | System | Running] -- C:\Program Files\Process Hacker 2\kprocesshacker.sys -- (KProcessHacker2)
DRV - [2012/12/19 21:04:16 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/12/06 01:55:03 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/10/24 15:16:58 | 000,061,464 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsock.sys -- (vsock)
DRV - [2012/10/24 15:16:50 | 000,071,152 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmci.sys -- (vmci)
DRV - [2012/10/11 17:15:36 | 000,041,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2012/10/11 17:15:06 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2012/08/01 21:13:40 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/06/13 16:49:30 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2012/05/02 17:50:14 | 000,259,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\system32\drivers\XHASP.sys -- (XHASP)
DRV - [2012/05/02 17:44:38 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011/08/08 21:13:10 | 000,117,584 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2011/07/12 10:36:28 | 000,022,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\vstor2-mntapi10-shared.sys -- (vstor2-mntapi10-shared)
DRV - [2011/06/26 03:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\appliand.sys -- (appliandMP)
DRV - [2011/06/26 03:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appliand.sys -- (appliand)
DRV - [2010/09/01 16:07:24 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/08/27 16:04:42 | 000,105,344 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\jrdusbser.sys -- (jrdusbser)
DRV - [2010/08/06 23:45:28 | 000,907,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV - [2010/06/25 20:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\npf.sys -- (NPF)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/05/21 20:34:12 | 000,827,488 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2010/05/07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\klim5.sys -- (klim5)
DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/21 21:39:14 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2009/12/21 21:39:12 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\pwdspio.sys -- (pwdspio)
DRV - [2009/11/18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/01/16 12:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/10/17 07:14:00 | 000,030,720 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2008/07/25 14:33:06 | 000,026,688 | ---- | M] (DiamondCS) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\procguard.sys -- (procguard)
DRV - [2008/01/19 00:43:20 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/10/19 03:12:16 | 000,012,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/04/26 02:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk)
DRV - [2005/11/03 10:46:43 | 000,390,379 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\usbVM305.sys -- (ZSMC0305)
DRV - [2005/10/16 08:00:00 | 000,012,928 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2004/08/13 11:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/03/04 22:11:40 | 000,013,654 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\IPSecVPN.sys -- (IPSecVPN)
DRV - [2002/12/24 21:18:56 | 000,003,712 | ---- | M] (Hitachi Global Storage Technologies) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\cfadisk.sys -- (cfadisk)
DRV - [2001/08/17 13:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\loop.sys -- (msloop)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
IE - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\..\SearchScopes,DefaultScope = {A29C6051-83AD-4B4F-ADDE-18FFC2E7AD07}
IE - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\..\SearchScopes\{A29C6051-83AD-4B4F-ADDE-18FFC2E7AD07}: "URL" = http://www.google.co.il/search?hl=iw&q={searchTerms}
IE - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.context.loadInBackground: true
FF - prefs.js..browser.search.defaultenginename: "Google SSL"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Google SSL"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/u/0/?shva=1#inbox"
FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0
FF - prefs.js..extensions.enabledAddons: mintrayr%40tn123.ath.cx:1.1.2
FF - prefs.js..extensions.enabledAddons: optimizegoogle%40optimizegoogle.com:0.79.1
FF - prefs.js..extensions.enabledAddons: %7Baff87fa2-a58e-4edd-b852-0a20203c1e17%7D:0.9
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.11
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.1pre.130817a
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "https://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://127.0.0.1:9151/"
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9150
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: d:\FirefoxPortable ols\App\Firefox\components [2013/07/15 23:29:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: d:\FirefoxPortable ols\App\Firefox\plugins [2013/07/25 01:00:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/17 21:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/17 21:52:55 | 000,000,000 | ---D | M]

[2013/07/15 23:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Extensions
[2013/08/13 16:17:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\filips332\extensions
[2012/07/26 18:37:03 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\filips332\extensions\support@lastpass.com
[2013/08/22 21:28:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions
[2013/06/16 20:03:19 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2013/04/17 12:34:35 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/08/18 19:54:34 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\foxyproxy@eric.h.jung
[2012/11/25 16:28:28 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\mintrayr@tn123.ath.cx
[2013/08/22 21:28:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\staged
[2013/02/10 22:55:30 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\support@lastpass.com
[2013/07/02 19:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\levitzu770\extensions
[2013/07/02 19:55:04 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\levitzu770\extensions\support@lastpass.com
[2013/08/13 16:17:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions
[2012/07/15 23:18:19 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions\ietab@ip.cn
[2013/06/17 18:13:57 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions\support@lastpass.com
[2013/08/13 16:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions
[2012/07/14 23:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012/07/14 23:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012/07/14 23:48:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/07/14 23:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\mintrayr@tn123.ath.cx
[2012/07/14 23:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\support@lastpass.com
[2013/06/17 19:03:27 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\filips332\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/17 21:45:31 | 000,128,676 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012/07/16 00:31:55 | 000,025,781 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2012/08/23 21:36:31 | 000,024,018 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\customization@adblockplus.org.xpi
[2012/07/15 20:48:21 | 000,123,385 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012/07/15 17:20:55 | 000,236,088 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\optimizegoogle@optimizegoogle.com.xpi
[2012/10/10 17:22:54 | 000,042,737 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
[2013/07/31 22:01:48 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/15 17:20:55 | 000,434,392 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/08/17 21:45:31 | 000,816,139 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013/08/04 11:37:59 | 000,275,449 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/06/12 02:13:23 | 000,402,344 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
[2013/08/22 21:28:15 | 000,814,552 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\staged\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/11/27 18:17:34 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\levitzu770\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/15 23:08:35 | 000,123,385 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions\elemhidehelper@adblockplus.org.xpi
[2013/06/17 18:22:14 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/12 22:43:47 | 000,025,781 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2012/07/06 00:12:19 | 000,123,385 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012/04/22 12:53:32 | 000,236,088 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\optimizegoogle@optimizegoogle.com.xpi
[2012/06/22 00:33:29 | 000,061,700 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi
[2012/07/04 09:21:17 | 000,743,290 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/05/20 10:02:17 | 000,697,058 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/07/08 22:29:00 | 000,324,741 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
[2012/07/15 22:30:52 | 000,002,024 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\---.xml
[2013/06/12 06:20:09 | 000,001,990 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\duckduckgo-tor.xml
[2013/07/12 00:31:38 | 000,010,316 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\duckduckgo.xml
[2013/02/10 01:45:59 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\firefox-add-ons.xml
[2012/11/25 20:05:15 | 000,005,598 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\google-ssl-1.xml
[2012/11/25 20:03:10 | 000,008,215 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\google-ssl.xml
[2013/08/22 23:41:29 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\ixquick-https.xml
[2013/08/22 23:41:29 | 000,005,519 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\startpage-https.xml
[2013/08/17 21:52:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/17 21:53:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/08/20 08:45:00 | 000,000,027 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll ()
O4 - HKLM..\Run: [!1_pgaccount] C:\Program Files\ProcessGuard\pgaccount.exe (DiamondCS)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003..\Run: [!1_ProcessGuard_Startup] C:\Program Files\ProcessGuard\procguard.exe (DiamondCS)
O4 - Startup: C:\Documents and Settings\sh770\תפריט התחלה\תוכניות\הפעלה\Dropbox.lnk = C:\Documents and Settings\sh770\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\sh770\תפריט התחלה\תוכניות\הפעלה\Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: הוסף לאנטי באנר - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 3952319953 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 2371633937 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.179.52.100 80.179.55.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E40AD9AC-0131-41E5-8124-6F69F2089729}: DhcpNameServer = 80.179.52.100 80.179.55.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E40AD9AC-0131-41E5-8124-6F69F2089729}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\mhtml - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/17 02:01:48 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/17 02:01:51 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/17 02:01:54 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/17 02:02:01 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/07/17 15:15:53 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/07/17 15:15:49 | 000,000,000 | RHSD | M] - W:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2842/08/08 23:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\open-in-default-browser
[2013/08/22 17:54:25 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\sh770\שולחן העבודה\esetsmartinstaller_heb.exe
[2013/08/21 01:24:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/20 08:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2013/08/18 19:20:28 | 000,000,000 | ---D | C] -- d:\App
[2013/08/18 19:20:22 | 000,000,000 | ---D | C] -- d:\Docs
[2013/08/18 19:20:22 | 000,000,000 | ---D | C] -- d:\Data
[2013/08/18 17:55:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/08/18 17:55:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/08/18 17:55:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/08/18 17:55:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/08/18 17:55:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/18 17:41:10 | 005,106,564 | R--- | C] (Swearware) -- C:\Documents and Settings\sh770\שולחן העבודה\ComboFix.exe
[2013/08/18 16:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\שולחן העבודה\PirateBrowser 0.6b
[2013/08/18 14:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/08/17 21:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/17 21:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/08/15 23:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\Local Settings\Application Data\Adblock Plus for IE
[2013/08/15 23:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\Application Data\Adblock Plus for IE
[2013/08/15 23:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Adblock Plus for IE
[2013/08/15 23:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2013/08/15 17:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/08/14 07:58:02 | 000,357,143 | ---- | C] (Farbar) -- C:\Documents and Settings\sh770\שולחן העבודה\FSS.exe
[2013/08/13 23:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\שולחן העבודה\4936f7033993c518
[2013/08/13 16:23:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/13 04:59:34 | 000,000,000 | ---D | C] -- d:\Kaspersky Rescue Disk 10.0
[2013/08/12 18:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\Local Settings\Application Data\Jaksta_Technologies_Pty_L
[2013/08/12 17:29:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sh770\שולחן העבודה\OTL.exe
[2013/08/11 19:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\שולחן העבודה\RK_Quarantine
[2013/08/10 21:45:18 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sh770\שולחן העבודה\tdsskiller.exe
[2013/08/07 16:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2013/08/05 09:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\CDex_150
[2013/08/05 09:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\שולחן העבודה\SafeBoot
[2013/08/05 01:52:31 | 000,000,000 | R--D | C] -- d:\My Videos
[2013/08/05 01:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Exact Audio Copy
[2013/08/04 22:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\Local Settings\Application Data\Remove Toolbar Buddy
[2013/08/04 22:48:39 | 001,140,728 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.PropertyGrid.Unicode.v15.1.3.0908.ocx
[2013/08/04 22:48:39 | 000,587,768 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.SkinFramework.Unicode.v15.1.3.0908.ocx
[2013/08/04 22:48:39 | 000,509,944 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.ShortcutBar.Unicode.v15.1.3.0908.ocx
[2013/08/04 22:48:38 | 002,717,688 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.CommandBars.Unicode.v15.1.3.0908.ocx
[2013/08/04 22:48:38 | 001,906,680 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.Controls.Unicode.v15.1.3.0908.ocx
[2013/08/04 22:48:38 | 000,218,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.Ocx
[2013/08/04 22:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Scorpio Software
[2013/08/04 22:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scorpio Software
[2013/07/29 15:43:40 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2013/07/29 15:43:38 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL
[2013/07/29 15:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013/07/29 15:02:18 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2013/07/29 15:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2013/07/29 14:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2013/07/27 22:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/07/24 23:59:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\sh770\UserData
[2010/01/12 01:37:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\sh770\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2013/08/23 03:09:33 | 002,866,528 | ---- | M] () -- C:\WINDOWS\System32\pghash.dat
[2013/08/23 02:27:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/22 17:55:52 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\sh770\שולחן העבודה\esetsmartinstaller_heb.exe
[2013/08/22 11:42:11 | 000,710,972 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/22 11:42:11 | 000,587,246 | ---- | M] () -- C:\WINDOWS\System32\perfh00d.dat
[2013/08/22 11:42:11 | 000,132,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/22 11:42:11 | 000,132,250 | ---- | M] () -- C:\WINDOWS\System32\perfc00d.dat
[2013/08/22 11:37:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 11:37:13 | 2138,296,320 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/21 00:40:27 | 000,000,964 | ---- | M] () -- C:\WINDOWS\Kaluach3.INI
[2013/08/20 23:29:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/20 23:29:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/20 17:35:16 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\sh770\תפריט התחלה\תוכניות\הפעלה\Dropbox.lnk
[2013/08/20 09:20:43 | 000,126,632 | ---- | M] () -- C:\WINDOWS\System32\pguard.dat
[2013/08/20 09:20:08 | 000,000,172 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\זרמי נתונים חלופיים של Windows .URL
[2013/08/20 09:17:15 | 000,000,083 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\Frank Heyne Software - NTFS ADS.URL
[2013/08/20 09:00:30 | 000,000,260 | ---- | M] () -- d:\Ammyy_Contact_Book.bin
[2013/08/20 08:45:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/08/20 08:34:00 | 000,014,875 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\4.JPG
[2013/08/20 08:15:58 | 005,106,564 | R--- | M] (Swearware) -- C:\Documents and Settings\sh770\שולחן העבודה\ComboFix.exe
[2013/08/20 08:03:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/08/17 21:44:14 | 018,087,936 | ---- | M] () -- C:\Documents and Settings\sh770\NTUSER.bak
[2013/08/17 21:28:38 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\ERUNT.lnk
[2013/08/17 20:30:06 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/16 12:46:17 | 000,310,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/16 00:27:43 | 000,005,508 | ---- | M] () -- C:\menu.lst
[2013/08/15 02:44:13 | 000,004,414 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2013/08/15 00:19:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/14 07:58:04 | 000,357,143 | ---- | M] (Farbar) -- C:\Documents and Settings\sh770\שולחן העבודה\FSS.exe
[2013/08/13 20:50:15 | 000,000,124 | ---- | M] () -- d:\ax_files.xml
[2013/08/13 01:12:35 | 001,418,021 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\צניעות.pdf
[2013/08/13 00:50:48 | 000,007,789 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\menu.lst
[2013/08/12 17:29:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sh770\שולחן העבודה\OTL.exe
[2013/08/11 16:17:53 | 000,920,576 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\RogueKiller.exe
[2013/08/10 22:27:11 | 000,024,176 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\417.jpg
[2013/08/10 21:45:23 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sh770\שולחן העבודה\tdsskiller.exe
[2013/08/08 19:40:18 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\dds.scr
[2013/08/01 22:04:52 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2013/07/30 19:06:13 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\winscp.rnd
[2013/07/30 12:14:29 | 000,167,274 | ---- | M] () -- C:\WinVBlock.IMG.gz
[2013/07/28 23:03:33 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Microsoft\Internet Explorer\Quick Launch\Process Hacker 2.lnk
[2013/07/26 05:48:58 | 006,017,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/07/26 05:48:58 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2013/07/26 05:48:58 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2013/07/26 05:48:58 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013/07/26 05:48:58 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2013/07/26 05:48:58 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/07/26 05:48:58 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2013/07/26 05:48:58 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2013/07/26 05:48:58 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2013/07/26 05:48:58 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2013/07/26 05:48:58 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2013/07/26 05:48:58 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2013/07/26 05:48:58 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2013/07/26 05:48:58 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/07/26 05:48:57 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/07/26 05:48:57 | 002,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/07/26 05:48:57 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2013/07/26 05:48:57 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2013/07/26 05:48:57 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/07/26 05:48:57 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/07/26 05:48:57 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2013/07/26 05:48:57 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2013/07/26 05:48:57 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2013/07/26 05:48:57 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2013/07/26 05:48:57 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2013/07/26 05:48:57 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2013/07/26 05:48:57 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2013/07/26 05:48:57 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2013/07/25 21:24:58 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2013/07/25 21:24:58 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2013/07/25 18:54:52 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec

========== Files Created - No Company Name ==========

File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2013/08/20 09:19:40 | 000,000,172 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\זרמי נתונים חלופיים של Windows .URL
[2013/08/20 09:17:15 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\Frank Heyne Software - NTFS ADS.URL
[2013/08/20 08:34:00 | 000,014,875 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\4.JPG
[2013/08/18 17:55:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/08/18 17:55:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/08/18 17:55:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/08/18 17:55:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/08/18 17:55:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/08/17 21:28:38 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\ERUNT.lnk
[2013/08/13 01:12:35 | 001,418,021 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\צניעות.pdf
[2013/08/13 00:50:48 | 000,007,789 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\menu.lst
[2013/08/11 16:17:37 | 000,920,576 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\RogueKiller.exe
[2013/08/10 22:27:10 | 000,024,176 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\417.jpg
[2013/08/08 19:40:06 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\dds.scr
[2013/08/07 10:02:39 | 2138,296,320 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/01 22:04:51 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2013/08/01 22:03:20 | 000,000,025 | ---- | C] () -- d:\popcinfot.dat
[2013/07/30 22:20:01 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\gcapi_dll.dll
[2013/07/30 12:14:27 | 000,167,274 | ---- | C] () -- C:\WinVBlock.IMG.gz
[2013/07/29 16:16:11 | 000,175,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/07/02 18:49:04 | 018,087,936 | ---- | C] () -- C:\Documents and Settings\sh770\NTUSER.bak
[2013/06/13 17:06:06 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\sh770\.rnd
[2013/05/09 19:18:44 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/05/05 21:38:03 | 000,013,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\IPSecVPN.sys
[2013/04/25 17:10:52 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\sh770\.recently-used.xbel
[2013/02/07 02:04:45 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\sh770\ntuser.pol
[2012/12/27 22:25:00 | 000,302,402 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/12/19 21:05:51 | 000,116,189 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/12/19 21:05:51 | 000,098,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/09/24 06:17:01 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\ISODisk.sys
[2012/08/21 18:28:22 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\sh770\SecurityKISSTunnel.config
[2012/07/04 19:57:11 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\sh770\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/02 18:03:11 | 000,000,085 | ---- | C] () -- C:\WINDOWS\Macro.ini
[2012/06/05 18:49:54 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\sh770\.swfinfo
[2012/05/31 14:49:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/02 17:56:21 | 000,014,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\F4273C6D.bin
[2012/05/02 17:50:14 | 000,259,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\XHASP.sys
[2012/05/02 17:48:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\hdsuinst.exe
[2012/05/02 17:44:38 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2012/02/15 21:40:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/06 22:57:38 | 000,002,930 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/01/30 18:27:29 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/10/05 19:54:15 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011/04/08 01:44:24 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\sh770\Application Data\winscp.rnd
[2011/03/12 23:44:45 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/11/03 21:50:10 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/16 21:30:29 | 034,516,576 | ---- | C] () -- C:\Documents and Settings\sh770\ff_ppz_1266345016343.ppz
[2010/01/12 01:37:08 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\sh770\Application Data\pcouffin.cat
[2010/01/12 01:37:08 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\sh770\Application Data\pcouffin.inf
[2009/08/31 23:30:12 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\sh770\PUTTY.RND
[2009/08/28 00:09:47 | 000,000,303 | ---- | C] () -- C:\Documents and Settings\sh770\.jupload.properties
[2009/06/16 22:05:03 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2009/06/02 16:24:21 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/03 02:11:17 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:53:33 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 15:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2013/08/15 16:29:19 | 000,000,000 | ---D | M](C:\Documents and Settings\sh770\????? ??????) -- C:\Documents and Settings\sh770\����� ������
[2013/08/15 16:29:19 | 000,000,000 | ---D | M](C:\Documents and Settings\sh770\????? ??????) -- C:\Documents and Settings\sh770\����� ������
[2013/08/15 16:29:19 | 000,000,000 | ---D | C](C:\Documents and Settings\sh770\????? ??????) -- C:\Documents and Settings\sh770\����� ������

< End of report >


OTL Extras logfile created on: 23/08/2013 03:03:33 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\sh770\שולחן העבודה
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 38.00% Memory free
4.82 Gb Paging File | 3.44 Gb Available in Paging File | 71.39% Paging File free
Paging file location(s): C:\pagefile.sys 2050 2050E:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 9.00 Gb Free Space | 18.00% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 3.15 Gb Free Space | 3.15% Space Free | Partition Type: NTFS
Drive E: | 32.87 Gb Total Space | 1.95 Gb Free Space | 5.95% Space Free | Partition Type: NTFS
Drive F: | 44.26 Gb Total Space | 13.32 Gb Free Space | 30.10% Space Free | Partition Type: NTFS
Drive G: | 5.75 Gb Total Space | 5.19 Gb Free Space | 90.41% Space Free | Partition Type: NTFS
Drive W: | 931.51 Gb Total Space | 8.30 Gb Free Space | 0.89% Space Free | Partition Type: NTFS

Computer Name: CHABADGAT | User Name: sh770 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP פורט 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP פורט 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP פורט 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP פורט 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP פורט 37675
"1947:TCP" = 1947:TCP:*:Disabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Disabled:HASP SRM
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\sh770\שולחן העבודה\ChromePortable\App\Chrome\chrome.exe" = C:\Documents and Settings\sh770\שולחן העבודה\ChromePortable\App\Chrome\chrome.exe:*:Enabled:Chrome -- (Google Inc.)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ammyy Admin\AA_v3.exe" = C:\Program Files\Ammyy Admin\AA_v3.exe:*:Disabled:Ammyy Admin -- ()
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.2.556\en\setup.exe" = C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.2.556\en\setup.exe:*:Disabled:Kaspersky Internet Security 2011 -- (Kaspersky Lab)
"D:\אתר\אנשי קשר ישן\MailDB chabad\MailDB.exe" = D:\אתר\אנשי קשר ישן\MailDB chabad\MailDB.exe:*:Disabled:MailDB -- (Romkal)
"C:\Windows\system32\mmc.exe" = C:\Windows\system32\mmc.exe:*:Disabled:‎‎Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Miranda IM\miranda32.exe" = C:\Program Files\Miranda IM\miranda32.exe:*:Disabled:Miranda IM -- ( )
"D:\תוכנות ארכיון\Skype Portable\Skype.exe" = D:\תוכנות ארכיון\Skype Portable\Skype.exe:*:Disabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Miranda IM\SKYPE\Skype.exe" = C:\Program Files\Miranda IM\SKYPE\Skype.exe:*:Disabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Disabled:VMware Authd Service -- (VMware, Inc.)
"C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe:*:Disabled:VMware Workstation Server -- ()
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Applian Technologies\Replay Media Catcher 5\aria2c.exe" = C:\Program Files\Applian Technologies\Replay Media Catcher 5\aria2c.exe:*:Enabled:Replay Media Catcher 5 Torrent Module -- ()
"C:\Program Files\Applian Technologies\Replay Media Catcher 5\qtCopy.exe" = C:\Program Files\Applian Technologies\Replay Media Catcher 5\qtCopy.exe:*:Enabled:Replay Media Catcher 5 QT Module -- ()
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Documents and Settings\sh770\שולחן העבודה\ChromePortable\App\Chrome\chrome.exe" = C:\Documents and Settings\sh770\שולחן העבודה\ChromePortable\App\Chrome\chrome.exe:*:Enabled:Chrome -- (Google Inc.)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Program Files\Ammyy Admin\AA_v3.2.exe" = C:\Program Files\Ammyy Admin\AA_v3.2.exe:*:Enabled:Ammyy Admin -- ()
"C:\Program Files\TeamViewer\Version8\TeamViewer.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Documents and Settings\sh770\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\sh770\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{049D548B-B724-4E16-B55E-7B78B7A28A37}" = InstEd 1.5.12.21
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC5
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.(R) L2 Fast Ethernet Driver
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1ce01891-839b-4ad1-b629-2e608ba0c6ba}" = Adblock Plus for IE
"{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}" = Image Resizer Powertoy Clone for Windows
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.8
"{26583DDE-7506-4046-9C3A-F02852537B8A}" = Splash PRO EX
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{4653FE0D-2762-41B6-A757-8C4F00B790C3}" = Adblock Plus for IE (32-bit)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.5
"{68880887-285F-4260-989B-8B22020D756F}" = E-GOV.IL Sign&Verify Software - AGForm toolbar
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C9FA746-8759-4040-A436-42922CB3492E}" = VistaBootPRO 3.3
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74E78471-E122-4101-8744-CEB6C5C027A0}" = Foxit PDF IFilter
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4F32B-77C7-4951-B33C-05D41A8190C1}" = Microsoft RichCopy 4.0
"{879C4951-5561-324B-B0F5-AA0864C4499E}" = Microsoft .NET Framework 4 Extended HEB Language Pack
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC35EC2-F690-3417-8175-ED16EC771126}" = Microsoft .NET Framework 4 Client Profile HEB Language Pack
"{9011040D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-040D-0000-0000000FF1CE}" = חבילת תאימות עבור מהדורת 2007 של מערכת Office
"{90120000-00B2-040D-0000-0000000FF1CE}" = תוספת שמירה בשם כ- PDF או XPS של Microsoft עבור תוכניות Microsoft Office 2007
"{90140000-0010-040D-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Hebrew) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2010
"{90140000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2010
"{90140000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2010
"{90140000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2010
"{90140000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2010
"{90140000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2010
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2010
"{90140000-0044-040D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Hebrew) 2010
"{90140000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2010
"{90140000-00A1-040D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Hebrew) 2010
"{90140000-00BA-040D-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Hebrew) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961688FD-5FD8-3D21-BE82-ACB1800EBEA2}" = Microsoft .NET Framework 3.5 Language Pack SP1 - heb
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B591BD75-2811-4D09-A590-0D06E4762F34}" = Sudoku Solver V 1.3
"{B70F9EB4-1848-4060-973B-9D9952F2D5C9}" = Responsa CD19
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BF731945-7AAD-45E3-A202-A60C9213915C}_is1" = ISODisk 1.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F49C5BB6-77AF-40EA-AD40-C54FDB05803D}" = Adobe Setup
"{F5BF6AF4-DD9C-4A2C-9B66-DED3E8FD746E}" = Acronis Backup & Recovery 11.5 Bootable Media Builder
"{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter_is1" = AC3Filter 2.2a
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe_95e0cc74dbf32662d4445ac1ef67d56" = Adobe InDesign CS4
"aignesamdeadlink_is1" = AM-DeadLink 4.5
"AnalogX DXMan" = AnalogX DXMan
"AnyDVD" = AnyDVD
"Audacity_is1" = Audacity 2.0.3
"AuthoringTool " = AuthoringTool 1.0.7
"BurnInTest_is1" = BurnInTest v7.0 Pro
"Chicken Invaders: Revenge of the Yolk (Christmas Edition)_is1" = Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.63.0
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"Defraggler" = Defraggler
"DiamondCS ProcessGuard_is1" = DiamondCS ProcessGuard v3.500
"Dream Aquarium" = Dream Aquarium 1.2415
"DVDSmith Movie Backup_is1" = DVDSmith Movie Backup 1.0.8
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"EasyBCD" = EasyBCD 2.2
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"FLAC" = FLAC 1.2.1b (remove only)
"FlashBoot_is1" = FlashBoot 2.1m
"FlashFXP" = FlashFXP
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader_is1" = Foxit Reader
"Greatis Reanimator_is1" = RegRun Reanimator
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.4
"Icons from File_is1" = Icons from File 3.4
"InfraRecorder" = InfraRecorder
"InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"IrfanView" = IrfanView (remove only)
"Kaluach3" = Kaluach3
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LAME_is1" = LAME v3.99.3 (for Windows)
"LastPass" = LastPass (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware גירסה 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - heb" = ערכת שפה של Microsoft .NET Framework 3.5 SP1 - heb
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile HEB Language Pack" = Microsoft .NET Framework 4 Client Profile HEB Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended HEB Language Pack" = Microsoft .NET Framework 4 Extended HEB Language Pack
"Miranda IM" = Miranda IM 0.10.11
"Mozilla Firefox 22.0 (x86 he)" = Mozilla Firefox 22.0 (x86 he)
"Mozilla Firefox 23.0.1 (x86 he)" = Mozilla Firefox 23.0.1 (x86 he)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3 Knife_is1" = Mp3 Knife 3.2
"mp3splt-gtk" = mp3splt-gtk
"Mp3tag" = Mp3tag v2.55a
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NirSoft VideoCacheView" = NirSoft VideoCacheView
"NirSoft WebVideoCap" = NirSoft WebVideoCap
"NirSoft WirelessNetView" = NirSoft WirelessNetView
"nLite_is1" = nLite 1.4.9.1
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenSSL Light (32-bit)_is1" = OpenSSL 0.9.8k Light (32-bit)
"Opera 12.16.1860" = Opera 12.16
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"Process_Hacker2_is1" = Process Hacker 2.31 (r5355)
"Recuva" = Recuva
"Registry Workshop" = Registry Workshop
"Remove Toolbar Buddy_is1" = Remove Toolbar Buddy 6.1
"Replay Media Catcher 4" = Replay Media Catcher 4 (4.4.3)
"Replay Media Catcher 5" = Replay Media Catcher 5 (5.0.0.99)
"RMPrepUSB" = RMPrepUSB
"RollerCoaster Tycoon Setup" = Roll
"Sandboxie" = Sandboxie 4.04 (32-bit)
"SecurityKISS Tunnel_is1" = SecurityKISS Tunnel v0.3.0
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SysTracer" = SysTracer v2.6
"TeamViewer 8" = TeamViewer 8
"TeraCopy_is1" = TeraCopy 2.3 beta 2
"The KMPlayer" = The KMPlayer
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"Tweak UI 2.10" = Tweak UI
"UBCD4Win_is1" = UBCD4Win 3.60
"UltraISO_is1" = UltraISO Premium V9.52
"UnHackMe_is1" = UnHackMe 5.99 release
"Universal Extractor_is1" = Universal Extractor 1.6.1
"Unlocker" = Unlocker 1.9.2
"USB Safely Remove_is1" = USB Safely Remove 5.2
"VLC media player" = VLC media player 2.0.7
"VMware_Workstation" = VMware Workstation
"Winamp" = Winamp
"Windows Unattended CD Creator" = Windows Unattended CD Creator 1.0.2 Beta 10
"Windows Update Remover" = Windows Update Remover
"WinHex" = WinHex
"WinImage" = WinImage
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 5.00 ביתא 5 (32-סיביות)
"winscp3_is1" = WinSCP 5.1.5
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)
"Wubi" = Ubuntu
"תורת אמת - 346" = תורת אמת - 346
"תורת אמת - 347" = תורת אמת - 347

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/06/2013 23:08:50 | Computer Name = CHABADGAT | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 13/06/2013 01:33:12 | Computer Name = CHABADGAT | Source = nginx | ID = 3299
Description = E:\nginx-1.5.1\nginx.exe: could not open error log file: CreateFile()
"logs/error.log" failed (3: The system cannot find the path specified) .

[ System Events ]
Error - 17/08/2013 14:36:59 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 17/08/2013 14:36:59 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7031
Description = The TeamViewer 8 service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 2000 milliseconds:
‏‏הפעל מחדש את השירות.

Error - 17/08/2013 14:47:06 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 18/08/2013 07:55:10 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 19/08/2013 08:04:47 | Computer Name = CHABADGAT | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 46.121.214.106
on the Network Card with network address 001E8C124CC3.

Error - 20/08/2013 01:04:34 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 20/08/2013 06:34:21 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 21/08/2013 03:18:51 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 22/08/2013 04:38:53 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 22/08/2013 04:39:14 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cfadisk


< End of report >

[wannabeageek]

Hi sh770p,

Please run the following:

Step 1.
Download and run MGA Diagnostic Tool
This tool will aid us in determining what additional steps will need to be performed.

1. Click here to download the MGA Diagnostics Tool from Microsoft and save it to your Desktop. The MGADiag.exe icon will appear on your Desktop.
2. Double-click the MGADiag.exe icon on your Desktop. The tools' window will be displayed.
3. Click the Continue button. The scan will be performed. Once the scan is complete the report information will be displayed and a Copy button will be provided.
4. Click the Copy button.
5. Open Notepad and paste the contents of the report into the Notepad window.
6. Save the report and paste the contents into your reply.

Step 2.
Run CKScanner

• Please download CKScanner from Here
• Important: - Save it to your desktop.
• Double-click CKScanner.exe and click Search For Files.
• After a very short time, when the cursor hourglass disappears, click Save List To File.
• A message box will verify the file saved. Please Run the program only once.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

[sh770p]

I tried again to start the computer in safe mode and got the blue screen again

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-DVPWP-KTHH7-43TWQ
Windows Product Key Hash: tslAXmUidWTD88L+sh2tbWH30/o=
Windows Product ID: 55724-OEM-2211906-00109
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {649FE3A0-61E4-4323-A148-A21A2773C9B9}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-364-8007007e_025D1FF3-229-8007007e_025D1FF3-230-1_025D1FF3-238-2
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-8007007e_025D1FF3-229-8007007e_025D1FF3-230-1_025D1FF3-238-2

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{649FE3A0-61E4-4323-A148-A21A2773C9B9}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-43TWQ</PKey><PID>55724-OEM-2211906-00109</PID><PIDType>2</PIDType><SID>S-1-5-21-1935655697-616249376-1417001333</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0413 </Version><SMBIOSVersion major="2" minor="4"/><Date>20090313000000.000000+000</Date><SLPBIOS>ASUS_FLASH</SLPBIOS></BIOS><HWID>7EBA357F0184E07A</HWID><UserLCID>040D</UserLCID><SystemLCID>040D</SystemLCID><TimeZone>שעון רגיל ירושלים(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>AsusTek™</name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{9011040D-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73940-640-0000106-57632</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: N/A
Marker string from BIOS: N/A, hr = 0x80004005
Marker string from OEMBIOS.DAT: ASUS_FLASH

OEM Activation 2.0 Data-->
N/A

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\documents and settings\all users\תפריט התחלה\תוכניות\מערכת\תדיר\kaspersky internet security 2011\‏kavcrack.cmd
c:\documents and settings\all users\תפריט התחלה\תוכניות\מערכת\תדיר\kaspersky internet security 2011\גרסאות קודמות של מאפסים\kavcrack.cmd
c:\documents and settings\all users\תפריט התחלה\תוכניות\מערכת\תדיר\kaspersky internet security 2011\גרסאות קודמות של מאפסים\‏‏עותק (2) של kavcrack.cmd
c:\documents and settings\all users\תפריט התחלה\תוכניות\מערכת\תדיר\kaspersky internet security 2011\גרסאות קודמות של מאפסים\‏‏עותק של kavcrack.cmd
c:\documents and settings\sh770\favorites\פלד\http--crackteam.ws-.url
c:\documents and settings\sh770\favorites\תוכנה\קראקים לבטל תמונות\appzplanet downloads - warez crackz serialz full appz gamez real direct download iso 1 file.url
c:\documents and settings\sh770\favorites\תוכנה\קראקים לבטל תמונות\astakiller exploits and cracks.url
c:\documents and settings\sh770\favorites\תוכנה\קראקים לבטל תמונות\crack-locator.com.url
c:\documents and settings\sh770\favorites\תוכנה\קראקים לבטל תמונות\crack.cd.url
c:\documents and settings\sh770\favorites\תוכנה\קראקים לבטל תמונות\http--www.cracks.st-.url
c:\program files\jdownloader\jd\plugins\hoster\crackedcom.class
c:\program files\pdf password cracker pro v3.1\crackpdf.exe
c:\program files\pdf password cracker pro v3.1\crackpdf.log
c:\program files\pdf password cracker pro v3.1\crackpdf.url
c:\program files\pdf password cracker pro v3.1\help.htm
c:\program files\pdf password cracker pro v3.1\password.dic
c:\program files\pdf password cracker pro v3.1\skinmagic.dll
c:\program files\pdf password cracker pro v3.1\unins000.dat
c:\program files\pdf password cracker pro v3.1\unins000.exe
c:\program files\pdf password cracker pro v3.1\xpgrean.smf
c:\program files\usb safely remove\admincrack.dll
c:\program files\winhex\winhex.keygen.only-zwt\winhex.keygen.only-zwt\file_id.diz
c:\program files\winhex\winhex.keygen.only-zwt\winhex.keygen.only-zwt\keygen.exe
c:\program files\winhex\winhex.keygen.only-zwt\winhex.keygen.only-zwt\zwt.nfo
c:\windows\crackpdf,1.ini
c:\windows\crackpdf,2.ini
scanner sequence 3.ZZ.11.JCNAEZ
----- EOF -----

[Wingman]

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:

• Illegal software
• Cracked software
• illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :

• DDS.txt.
• Attach.txt.
• Details of the problems you're experiencing.

Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.