Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

couldn't access google.com or any other google site


  • This topic is locked This topic is locked
10 replies to this topic

#1 Shasoosh

Shasoosh

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 13 July 2010 - 01:17 AM

google sites like gmail etc' gave me a 404 in Spanish. www.google.com referred me to some blog with the title ALAN HEROES.
After a restart i can access google sites again but i want to check if i'm infected with something.
thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:06:58, on 13/07/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe
C:\Program Files (x86)\Windows Live\Device Integrator\wldi.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Windows Live\Device Integrator\DI_HIDServer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 62.90.166.178 unisonpilot.walla.co.il
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [WindowsLiveDeviceIntegrator] C:\Program Files (x86)\Windows Live\Device Integrator\wldi.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\useree\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\Microsoft Office\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O8 - Extra context menu item: התאמה אישית לתפריט לחצן ימני - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: מילוי טפסים - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: סרגל הכלים של רובופורם - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: שמירת טפסים - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: מילוי טפסים - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: מילוי טפסים - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: שמירה - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: שמירת טפסים - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: רובופורם - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: סרגל הכלים של רובופורם - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: ה&ערות מקושרות של OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: ה&ערות מקושרות של OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15464 bytes


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:52 AM

Posted 18 July 2010 - 04:44 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
    1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Vista and Win 7 Users please Right Click and run as Admin all programs that I ask you to run

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Download and run OTL:

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. The two logs from OTL
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:52 AM

Posted 21 July 2010 - 02:23 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Shasoosh

Shasoosh
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 21 July 2010 - 04:18 AM

Thanks.
Your OTL link gave me a 403 error so i've downloaded it from here: http://www.itxassociates.com/OT-Tools/OTL.exe

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4307

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21/07/2010 12:12:51
mbam-log-2010-07-21 (12-12-51).txt

Scan type: Quick scan
Objects scanned: 143821
Time elapsed: 1 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






OTL logfile created on: 21/07/2010 12:15:00 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\user\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.67 Gb Total Space | 51.79 Gb Free Space | 18.93% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 114.49 Gb Free Space | 19.20% Space Free | Partition Type: NTFS
Drive E: | 24.41 Gb Total Space | 8.97 Gb Free Space | 36.76% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 3.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\user\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Everything\Everything.exe ()
PRC - C:\Program Files (x86)\ERUNT\ERUNT.EXE ()


========== Modules (SafeList) ==========

MOD - C:\Users\user\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (KMService) -- C:\Windows\SysNative\srvany.exe File not found
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (ose64) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (MSSQLServerADHelper100) -- c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (NLNdisPT) -- C:\Windows\SysNative\DRIVERS\nlndis.sys File not found
DRV:64bit: - (NLNdisMP) -- C:\Windows\SysNative\DRIVERS\nlndis.sys File not found
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\DRIVERS\eamonm.sys File not found
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (cpuz133) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (LMouKE) -- C:\Windows\SysNative\drivers\LMouKE.Sys (Logitech, Inc.)
DRV:64bit: - (L8042mou) -- C:\Windows\SysNative\drivers\L8042mou.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (pfmfs_321) -- C:\Windows\SysNative\drivers\pfmfs_321.sys (Pismo Technic Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (radpms) -- C:\Windows\SysNative\drivers\radpms.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (RT73) -- C:\Windows\SysNative\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV:64bit: - (ATITool) -- C:\Windows\SysNative\drivers\ATITool64.sys ()
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (AODDriver) -- C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys ()
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (NVR0Dev) -- C:\Windows\nvoclk64.sys (NVidia Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4134840020-1099975287-2458313056-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-4134840020-1099975287-2458313056-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4134840020-1099975287-2458313056-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = he
IE - HKU\S-1-5-21-4134840020-1099975287-2458313056-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE E1 D0 48 D6 45 CA 01 [binary data]
IE - HKU\S-1-5-21-4134840020-1099975287-2458313056-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4134840020-1099975287-2458313056-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-4134840020-1099975287-2458313056-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:1.2
FF - prefs.js..extensions.enabledItems: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: rotateimage@minisystems.de:0.1.3.2
FF - prefs.js..extensions.enabledItems: {65d1639c-419f-4b52-9520-2d1455e5091b}:1.3.1
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.3
FF - prefs.js..extensions.enabledItems: undoclosedtabsbutton@supernova00.biz:3.6.2
FF - prefs.js..extensions.enabledItems: yetanothersmoothscrolling@kataho:3.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.96
FF - prefs.js..extensions.enabledItems: {3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}:2.2
FF - prefs.js..network.proxy.socks: "86.101.136.158"
FF - prefs.js..network.proxy.socks_port: 52873
FF - prefs.js..network.proxy.socks_version: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2009/08/30 10:28:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/06 08:07:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/06/25 08:45:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/27 22:01:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/29 23:02:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/06/17 16:21:45 | 000,000,000 | ---D | M]

[2009/08/21 16:35:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2010/07/10 11:35:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6b4hb15a.TEST\extensions
[2010/07/10 11:35:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6b4hb15a.TEST\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010/07/21 07:47:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions
[2010/01/18 18:34:57 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/03/10 18:32:01 | 000,000,000 | ---D | M] (PermaTabs Mod) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{20291fcc-1471-46c8-8213-0911f5ce6d66}
[2010/03/02 15:18:27 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/09/30 14:32:54 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2009/12/11 12:59:25 | 000,000,000 | ---D | M] (SearchBox Sync) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{65d1639c-419f-4b52-9520-2d1455e5091b}
[2010/01/19 20:07:05 | 000,000,000 | ---D | M] (Context Search) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}
[2010/01/09 20:24:36 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/03/27 11:12:19 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2009/08/21 16:36:24 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/07/16 12:27:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/13 00:35:43 | 000,000,000 | ---D | M] (Firefox Throttle) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}
[2010/07/11 19:03:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/05 01:53:20 | 000,000,000 | ---D | M] (LiveClick) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{d166ee2a-36bb-4f33-aff7-e85f912df509}
[2009/11/22 22:27:30 | 000,000,000 | ---D | M] (Tiny Menu) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
[2010/07/19 10:05:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/05/29 17:50:35 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/10 15:33:09 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/04/17 13:05:38 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2009/08/27 14:03:06 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010/01/24 23:14:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\add-to-searchbox@maltekraus.de
[2009/11/04 17:44:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\autofillForms@blueimp.net
[2010/05/19 17:34:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\bettergmail2@ginatrapani.org
[2009/08/21 16:36:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\elemhidehelper@adblockplus.org
[2009/12/11 12:59:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\faviconizetab@espion.just-size.jp
[2010/05/07 01:04:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\firebug@software.joehewitt.com
[2010/04/16 18:03:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\firegestures@xuldev.org
[2010/06/15 16:37:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\greasefire@skrul.com
[2010/06/12 15:55:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\LogMeInClient@logmein.com
[2009/08/27 09:47:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\omiazad@msn.com
[2009/08/27 14:41:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\rotateimage@minisystems.de
[2009/08/21 16:36:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\secureLogin@blueimp.net
[2010/06/12 18:33:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\undoclosedtabsbutton@supernova00.biz
[2010/04/08 00:15:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\extensions\yetanothersmoothscrolling@kataho
[2009/08/21 13:57:27 | 000,001,396 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\searchplugins\5blk4kb2.xml
[2009/08/22 00:16:45 | 000,001,352 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\searchplugins\gamespot.xml
[2009/08/22 10:34:50 | 000,001,983 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\searchplugins\google-.xml
[2009/08/21 11:27:00 | 000,002,024 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\searchplugins\google-il.xml
[2009/09/01 03:01:32 | 000,000,812 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\searchplugins\imdb.xml
[2009/11/04 20:00:59 | 000,000,724 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\searchplugins\torec.xml
[2009/08/22 00:17:22 | 000,001,087 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fjgptt43.default\searchplugins\youtube.xml
[2010/07/21 07:47:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/09 14:38:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/11 22:20:43 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/03/22 22:33:27 | 000,001,332 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 unison.walla.co.il
O1 - Hosts: 62.90.166.178 unisonpilot.walla.co.il
O1 - Hosts: 127.0.0.1 local.unisonplay.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O1 - Hosts: 127.0.0.1 applian.securesites.com
O1 - Hosts: 127.0.0.1 gosredirector.ea.com
O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org
O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 demangler.ea.com
O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-4134840020-1099975287-2458313056-1001\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4134840020-1099975287-2458313056-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-4134840020-1099975287-2458313056-1001..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4134840020-1099975287-2458313056-1001..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\S-1-5-21-4134840020-1099975287-2458313056-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-4134840020-1099975287-2458313056-1001..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-4134840020-1099975287-2458313056-1001..\Run: [WindowsLivePhone] C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4134840020-1099975287-2458313056-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: התאמה אישית לתפריט לחצן ימני - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: מילוי טפסים - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: סרגל הכלים של רובופורם - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: שמירת טפסים - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: התאמה אישית לתפריט לחצן ימני - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: מילוי טפסים - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: סרגל הכלים של רובופורם - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: שמירת טפסים - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: מילוי טפסים - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : מילוי טפסים - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: שמירה - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : שמירת טפסים - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: רובופורם - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : סרגל הכלים של רובופורם - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: ה&ערות מקושרות של OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ה&ערות מקושרות של OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/29 22:24:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7beafc33-9dee-11de-83cd-001a4d45d843}\Shell - "" = AutoRun
O33 - MountPoints2\{7beafc33-9dee-11de-83cd-001a4d45d843}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/21 12:08:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/21 12:08:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/07/20 23:07:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\skypePM
[2010/07/20 23:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/07/20 23:06:56 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/07/20 11:30:55 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\זמני
[2010/07/18 22:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2010/07/18 00:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2010/07/18 00:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plants Vs Zombies
[2010/07/17 23:49:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Beat Hazard
[2010/07/17 23:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Beat Hazard
[2010/07/17 22:40:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\2DBoy
[2010/07/17 22:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2010/07/17 22:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oberon Media
[2010/07/17 15:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft StyleCop 4.3.3.0
[2010/07/15 21:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2010/07/14 12:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/07/14 12:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/07/14 12:02:41 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/07/14 10:41:27 | 000,000,000 | ---D | C] -- C:\dumps
[2010/07/14 00:47:13 | 000,000,000 | ---D | C] -- C:\HLServer
[2010/07/13 22:47:38 | 000,000,000 | ---D | C] -- C:\Counter-Strike Source
[2010/07/13 21:49:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Hamachi
[2010/07/13 21:49:11 | 000,033,344 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys
[2010/07/13 21:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hamachi
[2010/07/13 21:04:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\LogMeIn Hamachi
[2010/07/13 13:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/07/13 12:44:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Skype
[2010/07/13 12:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/07/13 08:47:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/10 18:04:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\WLDI
[2010/07/10 11:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefox4
[2010/07/06 00:57:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\GrabPro
[2010/07/06 00:57:03 | 000,000,000 | ---D | C] -- C:\downloads
[2010/07/06 00:56:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Orbit
[2010/07/06 00:52:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Moyea
[2010/07/06 00:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea
[2010/07/06 00:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ultra Video Splitter
[2010/07/05 10:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\City Interactive
[2010/07/05 00:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAPainter
[2010/07/03 10:45:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashFXP
[2010/06/30 19:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2010/06/29 22:56:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/06/29 13:11:48 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Singularity
[2010/06/29 13:05:56 | 000,000,000 | ---D | C] -- C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
[2010/06/26 21:17:12 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/06/25 08:44:58 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/06/25 08:44:58 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/06/25 08:44:58 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/06/25 08:44:58 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/06/25 08:44:58 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/06/25 08:44:58 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/06/25 08:44:58 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/06/25 08:44:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Windows Live
[2010/06/24 09:53:43 | 000,000,000 | ---D | C] -- C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
[2010/06/23 20:08:28 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/06/23 20:08:28 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/06/23 20:08:28 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/23 20:08:28 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/06/23 20:08:28 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/23 20:08:28 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/06/23 20:08:28 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/06/23 20:08:28 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/06/23 20:05:35 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/06/23 20:05:35 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/06/23 20:05:35 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/06/23 20:05:35 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/23 20:05:35 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/06/23 20:05:34 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/06/23 20:05:34 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/06/23 20:05:20 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/06/21 13:48:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Foxit Software
[2010/06/21 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/21 12:16:59 | 007,864,320 | -HS- | M] () -- C:\Users\user\ntuser.dat
[2010/07/21 12:08:07 | 000,000,889 | ---- | M] () -- C:\Users\user\Desktop\NTREGOPT.lnk
[2010/07/21 12:08:07 | 000,000,870 | ---- | M] () -- C:\Users\user\Desktop\ERUNT.lnk
[2010/07/21 11:44:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4134840020-1099975287-2458313056-1001UA.job
[2010/07/21 11:24:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/21 09:24:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/21 06:44:00 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4134840020-1099975287-2458313056-1001Core.job
[2010/07/20 23:06:58 | 000,002,545 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/07/20 15:57:31 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/20 15:57:31 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/20 14:35:27 | 000,049,152 | ---- | M] () -- C:\Users\user\Desktop\תרגילים בסטטיסטיקה.doc
[2010/07/20 14:34:52 | 000,091,136 | ---- | M] () -- C:\Users\user\Desktop\Ex. 6 - Solutions.doc
[2010/07/20 13:55:16 | 000,112,839 | ---- | M] () -- C:\Users\user\Desktop\1.pdf
[2010/07/20 13:53:56 | 000,088,581 | ---- | M] () -- C:\Users\user\Desktop\2.PDF
[2010/07/20 13:48:40 | 000,089,607 | ---- | M] () -- C:\Users\user\Desktop\פתרון_מועד_א_הסתברות.pdf
[2010/07/20 12:47:59 | 000,008,891 | ---- | M] () -- C:\Users\user\Desktop\output.xls
[2010/07/20 11:44:57 | 000,303,968 | ---- | M] () -- C:\Users\user\Desktop\PVUM_1274354562.f08.tif
[2010/07/20 00:20:38 | 000,077,724 | ---- | M] () -- C:\Users\user\Documents\ללא שם.jpg
[2010/07/19 20:12:37 | 000,002,295 | ---- | M] () -- C:\Users\user\Documents\IMG_19072010_201240.png
[2010/07/19 17:47:02 | 000,019,104 | ---- | M] () -- C:\Users\user\Desktop\GAMA.JPG
[2010/07/19 11:57:18 | 000,237,568 | ---- | M] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2010/07/19 11:57:18 | 000,156,672 | ---- | M] (Radioactive) -- C:\Windows\SysWow64\rmc_fixasf.exe
[2010/07/18 22:56:48 | 000,818,152 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/18 22:56:48 | 000,681,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/18 22:56:48 | 000,131,130 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/16 11:09:28 | 000,064,398 | ---- | M] () -- C:\Users\user\Desktop\שאלות נוספות למבחן.PDF
[2010/07/16 11:09:13 | 000,115,196 | ---- | M] () -- C:\Users\user\Desktop\מבחן מועד א.PDF
[2010/07/16 00:14:11 | 000,001,154 | ---- | M] () -- C:\Users\user\Desktop\Call of Duty Modern Warfare 2 MP.lnk
[2010/07/15 01:53:58 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2010/07/15 01:53:58 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2010/07/15 01:53:19 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2010/07/15 01:52:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/15 01:52:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/14 22:51:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2010/07/14 22:50:54 | 004,294,805 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db
[2010/07/13 21:49:11 | 000,033,344 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys
[2010/07/13 21:35:51 | 000,086,075 | ---- | M] () -- C:\Windows\vstdlib.dll
[2010/07/13 21:35:51 | 000,086,075 | ---- | M] () -- C:\Windows\SysNative\vstdlib.dll
[2010/07/13 13:13:00 | 000,000,966 | ---- | M] () -- C:\Users\user\Documents\My Sharing Folders.lnk
[2010/07/13 10:18:25 | 000,010,240 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/10 19:03:18 | 000,305,245 | ---- | M] () -- C:\Users\user\Documents\Unitltitled.jpg
[2010/07/10 17:42:11 | 000,308,627 | ---- | M] () -- C:\Users\user\Documents\Untitled.jpg
[2010/07/09 23:24:25 | 000,000,132 | ---- | M] () -- C:\Users\user\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/09 12:56:01 | 000,234,832 | ---- | M] () -- C:\Windows\tier0.dll
[2010/07/09 12:56:01 | 000,234,832 | ---- | M] () -- C:\Windows\SysNative\tier0.dll
[2010/07/04 09:26:42 | 000,000,818 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/06/25 08:57:34 | 000,001,596 | ---- | M] () -- C:\sqmnoopt00.sqm
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/21 12:07:08 | 000,000,889 | ---- | C] () -- C:\Users\user\Desktop\NTREGOPT.lnk
[2010/07/21 12:07:08 | 000,000,870 | ---- | C] () -- C:\Users\user\Desktop\ERUNT.lnk
[2010/07/20 23:06:58 | 000,002,545 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/07/20 14:35:27 | 000,049,152 | ---- | C] () -- C:\Users\user\Desktop\תרגילים בסטטיסטיקה.doc
[2010/07/20 14:34:52 | 000,091,136 | ---- | C] () -- C:\Users\user\Desktop\Ex. 6 - Solutions.doc
[2010/07/20 13:48:40 | 000,089,607 | ---- | C] () -- C:\Users\user\Desktop\פתרון_מועד_א_הסתברות.pdf
[2010/07/20 13:43:46 | 000,112,839 | ---- | C] () -- C:\Users\user\Desktop\1.pdf
[2010/07/20 12:47:58 | 000,008,891 | ---- | C] () -- C:\Users\user\Desktop\output.xls
[2010/07/20 11:44:55 | 000,303,968 | ---- | C] () -- C:\Users\user\Desktop\PVUM_1274354562.f08.tif
[2010/07/20 00:20:37 | 000,077,724 | ---- | C] () -- C:\Users\user\Documents\ללא שם.jpg
[2010/07/19 20:12:37 | 000,002,295 | ---- | C] () -- C:\Users\user\Documents\IMG_19072010_201240.png
[2010/07/19 17:47:02 | 000,019,104 | ---- | C] () -- C:\Users\user\Desktop\GAMA.JPG
[2010/07/16 11:46:36 | 000,088,581 | ---- | C] () -- C:\Users\user\Desktop\2.PDF
[2010/07/16 11:10:18 | 000,115,196 | ---- | C] () -- C:\Users\user\Desktop\מבחן מועד א.PDF
[2010/07/16 11:09:43 | 000,064,398 | ---- | C] () -- C:\Users\user\Desktop\שאלות נוספות למבחן.PDF
[2010/07/16 00:14:11 | 000,001,154 | ---- | C] () -- C:\Users\user\Desktop\Call of Duty Modern Warfare 2 MP.lnk
[2010/07/13 22:40:15 | 000,086,075 | ---- | C] () -- C:\Windows\SysNative\vstdlib.dll
[2010/07/13 22:39:40 | 000,234,832 | ---- | C] () -- C:\Windows\SysNative\tier0.dll
[2010/07/13 22:39:33 | 000,234,832 | ---- | C] () -- C:\Windows\tier0.dll
[2010/07/13 21:36:43 | 000,086,075 | ---- | C] () -- C:\Windows\vstdlib.dll
[2010/07/13 13:13:00 | 000,000,966 | ---- | C] () -- C:\Users\user\Documents\My Sharing Folders.lnk
[2010/07/10 19:00:37 | 000,305,245 | ---- | C] () -- C:\Users\user\Documents\Unitltitled.jpg
[2010/07/10 17:39:57 | 000,308,627 | ---- | C] () -- C:\Users\user\Documents\Untitled.jpg
[2010/06/25 08:57:34 | 000,001,596 | ---- | C] () -- C:\sqmnoopt00.sqm
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/02/14 21:50:11 | 000,000,121 | ---- | C] () -- C:\Windows\MXSkypeRecorder.INI
[2010/02/11 18:55:54 | 000,000,116 | ---- | C] () -- C:\Windows\ConverterCore.INI
[2010/02/07 13:51:49 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/11 14:25:58 | 000,001,062 | ---- | C] () -- C:\Windows\ProxyChecker.INI
[2009/11/14 00:48:03 | 000,000,016 | ---- | C] () -- C:\Windows\Wininit.ini
[2009/11/14 00:47:16 | 000,000,439 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2009/11/05 23:30:06 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2009/10/24 13:45:28 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2009/10/07 12:30:47 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2009/08/21 22:34:41 | 000,811,384 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 00:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/03/12 12:01:30 | 000,273,408 | ---- | C] () -- C:\Windows\NVGfxOgl.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:7533C49F
< End of report >



OTL Extras logfile created on: 21/07/2010 12:15:00 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\user\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.67 Gb Total Space | 51.79 Gb Free Space | 18.93% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 114.49 Gb Free Space | 19.20% Space Free | Partition Type: NTFS
Drive E: | 24.41 Gb Total Space | 8.97 Gb Free Space | 36.76% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 3.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: user-PC
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4134840020-1099975287-2458313056-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-040D-1000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-040D-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2010
"{90140000-0017-040D-1000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Hebrew) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-040D-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-040D-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-040D-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-040D-1000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2010
"{90140000-001F-0401-1000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040D-1000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
"{90140000-001F-0419-1000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-040D-1000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-040D-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Hebrew) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-040D-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Hebrew) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-040D-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-040D-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Hebrew) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-040D-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Hebrew) 2010
"{90140000-0100-040D-1000-0000000FF1CE}" = Microsoft Office O MUI (Hebrew) 2010
"{90140000-0101-040D-1000-0000000FF1CE}" = Microsoft Office X MUI (Hebrew) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A2422B02-0D41-43F5-B62E-C7A5E55FCBA8}" = Vegas Pro 9.0 (64-bit)
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.16
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.OMUI.he-il" = Microsoft Office Language Pack 2010 - Hebrew עברית
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PismoFileMountAuditPackage" = Pismo File Mount Audit Package
"Recuva" = Recuva
"SP6" = Logitech SetPoint 6.0
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12C85315-0989-4C28-8956-33458F464DD6}" = The Chronicles of Riddick - Assault on Dark Athena
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 20
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Activision®
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3175553C-88D5-453B-93CB-4012A827533A}" = Microsoft StyleCop 4.3.3.0
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34079D62-AE77-4DE7-8CB2-C5D0ECBC6EB0}" = Insert Website Image Plugin
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EB745BA-194F-4475-9164-B20BB2172395}" = Adobe Photoshop CS5
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Activision®
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B09.0918.1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7CE12FDF-B758-46A5-A8CD-785EDFDC5B84}" = Workspace Macro Pro 6.5
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{875F9A42-D47B-43E6-BA68-29D1895188D5}_is1" = Dynamic Auto-Painter 2.0.7
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_OMUI.he-il_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{96F9B265-1367-4E1A-B8B9-F8530EF3AA62}" = Add or Remove Adobe Premiere Pro CS5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B613BCC6-D542-4A86-BC7B-205A6ADEA46F}" = Microsoft Live Labs Pivot
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced TIFF Editor_is1" = Advanced TIFF Editor 3.1.15.2
"AI RoboForm" = AI RoboForm (All Users)
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.2
"ApexDC++" = ApexDC++ 1.3.1 (64-bit)
"Applian Director1.1" = Applian Director
"ATITool" = ATITool Overclocking Utility
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"Babylon" = Babylon
"BOXEE" = Boxee
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Debut" = Debut Video Capture Software
"Digsby" = Digsby
"Easy Macro Recorder_is1" = Easy Macro Recorder 3.75
"EasyBCD" = EasyBCD 1.7.2
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"Everything" = Everything 1.2.1.371
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 2.2.0.5
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"Hamachi" = Hamachi 1.0.3.0
"HijackThis" = HijackThis 2.0.2
"InstallShield_{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Transformers™ - War for Cybertron™
"InstallShield_{362C6A81-4C88-4B26-8C79-B2EE0076F65F}" = Wolfenstein™ 1.11 Patch
"InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Singularity™
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B09.0918.1
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"iPodHE" = iPodHE - הסרת התוכנה
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Nero 9 Lite_is1" = Nero 9.0.9.4 Lite
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PDFZilla_is1" = PDFZilla V1.2.5
"Picasa 3" = Picasa 3
"Plants Vs Zombies" = Plants Vs Zombies
"Replay Media Catcher 3.02" = Replay Media Catcher 3.02
"Replay Media Catcher 3.11" = Replay Media Catcher 3.11
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"RocketDock_is1" = RocketDock 1.3.5
"SababaDC" = SababaDC s1.02_110
"Speccy" = Speccy
"The KMPlayer" = The KMPlayer (remove only)
"TIFF to PDF_is1" = TIFF to PDF v3.4
"TLN eMule Booster MOD" = TLN eMule Booster MOD
"TreeSize Free_is1" = TreeSize Free V2.3.3
"Tunngle beta_is1" = Tunngle beta
"Update Service" = Update Service
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4134840020-1099975287-2458313056-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >



Since what i mentioned in my first post i didn't saw anything weird except from slugnish that i feel.

Edited by Shasoosh, 21 July 2010 - 04:20 AM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:52 AM

Posted 21 July 2010 - 04:55 PM

hELLO

Not seeing much in the logs lets doublecheck with this

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:52 AM

Posted 25 July 2010 - 11:57 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Shasoosh

Shasoosh
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 26 July 2010 - 05:04 PM

Hey gringo
For some reason i don't get a mail notification when you post a replay, only when you post your bump i get an email.

Here's is the log.. but it doesn't look like this is what causes what i explained in my first post.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=2ca08139d2452e43abeb1901894320c7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-07-26 02:27:28
# local_time=2010-07-26 05:27:28 (+0200, Jerusalem Daylight Time)
# country="Israel"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 29125015 29125015 0 0
# compatibility_mode=5893 16776574 100 94 3667675 32588697 0 0
# compatibility_mode=8192 67108863 100 0 29278643 29278643 0 0
# scanned=532267
# found=4
# cleaned=0
# scan_time=15885
C:\Phone\A2 Uploader\a2uploader.exe a variant of Win32/Packed.Themida application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CA096C6F-AE81-41F9-8459-F4654760E03C}\RP71\A0016541.exe a variant of Win32/Packed.Themida application 00000000000000000000000000000000 I
C:\Users\User\AppData\Local\Temp\Update_7474.exe a variant of Win32/Adware.CiDHelp application 00000000000000000000000000000000 I
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4912bf0e-369cf3ab Java/TrojanDownloader.Agent.NBE trojan 00000000000000000000000000000000 I
C:\Users\User\Downloads\MsgPlusLive-484.exe a variant of Win32/Adware.CiDHelp application 00000000000000000000000000000000 I


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:52 AM

Posted 26 July 2010 - 05:16 PM

Very well done!! This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point.

:DeFogger:
    To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C:)
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes
This will remove all restore points except the new one you just created and clean unneeded files

:Make your Internet Explorer more secure:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

:Make Firefox more secure:

:Turn On Automatic Updates:
    Turn On Automatic Updates
    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

    or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and useing often.

please read this great article by miekiemoes How to prevent Malware:
and
this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here:

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Shasoosh

Shasoosh
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 26 July 2010 - 05:35 PM

Thanks a lot! you can close it.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:52 AM

Posted 26 July 2010 - 05:43 PM

You are most welcome



Google in peace


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:52 AM

Posted 30 July 2010 - 03:57 AM

Since the issue is resolved, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users