Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old May 28th, 2013, 07:37 AM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Posts: 543
browser change

I work on a PC with windows XP and IE8
From time to time a pop-up appears on my screen saying
“Browser change.
It appears that there is an attempt to change your default search engine or your homepage or interfere with your browsing experience.
Do you approve these changes to be made?"

I cannot find which program sends this warning, what change may be made etc. Two malware programs scanned already my computer and didn't find any viruses or malware
The warning is only annoying but I would like to be rid of it.
What can be done
Please advise
Reply With Quote
  #2  
Old May 28th, 2013, 08:18 AM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Hello, idr
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Push the Quick Scan button.
  5. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Reply With Quote
  #3  
Old May 29th, 2013, 04:55 AM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Posts: 543
browser change

Thanks Tom
Now I have both reports on my desktop but they are to long to send them here.
What shall be done
Yochanan
Reply With Quote
  #4  
Old May 29th, 2013, 07:01 AM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Posts: 543
I divided the OTL and will try to send it in two parts and hope for the best
here they are
OTL logfile created on: 29/05/2013 05:24:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\שולחן העבודה
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

1.90 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.61% Memory free
3.75 Gb Paging File | 2.79 Gb Available in Paging File | 74.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 453.34 Gb Free Space | 97.34% Space Free | Partition Type: NTFS
Drive E: | 3.74 Gb Total Space | 1.09 Gb Free Space | 29.25% Space Free | Partition Type: FAT32

Computer Name: 63D066946A994F6 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/29 05:23:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\שולחן העבודה\OTL.exe
PRC - [2013/05/15 17:17:34 | 000,554,408 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/05/09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/26 08:03:12 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/04/26 07:54:56 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/04/03 14:50:09 | 000,169,096 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/04/03 14:50:01 | 001,483,912 | ---- | M] (APN) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier .exe
PRC - [2013/03/22 16:09:37 | 002,787,280 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013/03/06 22:50:48 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe
PRC - [2013/03/06 02:23:50 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager .exe
PRC - [2013/03/06 02:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe
PRC - [2012/12/25 17:35:10 | 004,474,832 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012/09/06 01:52:22 | 000,112,968 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2012/05/24 07:42:20 | 002,207,080 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\mylbx.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/01/19 23:36:38 | 001,420,800 | ---- | M] () -- C:\Program Files\ABK\abk.exe
PRC - [2008/07/06 17:31:02 | 000,331,776 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\KMProcess.exe
PRC - [2008/06/23 21:28:08 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\KMWDSrv.exe
PRC - [2008/06/14 01:02:04 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\KMCONFIG.exe
PRC - [2008/05/30 01:22:38 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\StartAutorun.exe
PRC - [2008/04/28 06:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006M C.EXE
PRC - [2007/05/04 13:14:04 | 000,036,864 | ---- | M] ( ) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
PRC - [2004/08/27 14:00:00 | 001,200,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/19 17:00:40 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
PRC - [2003/08/19 16:56:56 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
PRC - [1997/08/06 00:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
PRC - [1997/08/06 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (No Company Name) ==========

MOD - [2013/05/28 23:17:11 | 002,086,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13052801\algo.dll
MOD - [2013/03/24 09:56:20 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2013/03/22 16:09:37 | 002,787,280 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013/03/22 16:08:36 | 002,520,016 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2013/03/06 02:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe
MOD - [2013/01/08 09:05:57 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem\4d31fb110cc6e242b2f001b1998f2501\System.ni.dll
MOD - [2013/01/08 09:05:51 | 011,415,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\msc orlib\5ecfa8b67f79084594c785c7aa52ed22\mscorlib.ni .dll
MOD - [2013/01/08 09:05:29 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
MOD - [2013/01/07 10:42:58 | 000,010,752 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqusg\3.0.0.0__a5 3cf5803f4c3827\interop.hpqusg.dll
MOD - [2013/01/07 10:41:08 | 002,076,672 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system .xml\1.0.5000.0__b77a5c561934e089_cb4c3d9f\system. xml.dll
MOD - [2013/01/07 10:41:07 | 002,994,176 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system .windows.forms\1.0.5000.0__b77a5c561934e089_4bb618 2d\system.windows.forms.dll
MOD - [2013/01/07 10:41:04 | 001,929,216 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system \1.0.5000.0__b77a5c561934e089_bf4c42e3\system.dll
MOD - [2013/01/07 10:41:01 | 003,289,088 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorl ib\1.0.5000.0__b77a5c561934e089_4591673b\mscorlib. dll
MOD - [2013/01/07 10:40:38 | 002,039,808 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5 000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2013/01/07 10:40:38 | 001,335,296 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77 a5c561934e089\system.xml.dll
MOD - [2013/01/07 10:40:38 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serializati on.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\sy stem.runtime.serialization.formatters.soap.dll
MOD - [2013/01/07 10:40:37 | 001,216,512 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c5 61934e089\system.dll
MOD - [2012/12/31 10:05:42 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/07/05 13:54:32 | 001,218,432 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\Scan.dll
MOD - [2011/06/23 13:41:30 | 000,138,752 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
MOD - [2011/01/19 23:36:38 | 001,420,800 | ---- | M] () -- C:\Program Files\ABK\abk.exe
MOD - [2010/11/26 12:18:08 | 000,175,616 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\unrar.dll
MOD - [2010/06/30 14:03:14 | 000,051,512 | ---- | M] () -- C:\Program Files\My Lockbox\FSPFlt.dll
MOD - [2008/06/16 09:06:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Keyboard & Mouse Driver\MouseHook.dll
MOD - [2008/03/05 22:07:06 | 000,012,800 | ---- | M] () -- C:\Program Files\ABK\shook.dll
MOD - [2008/02/07 10:05:18 | 000,163,840 | ---- | M] () -- C:\WINDOWS\system32\hppatusg01.dll
MOD - [2007/03/29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files\Keyboard & Mouse Driver\keydll.dll
MOD - [2003/08/03 21:58:08 | 000,065,536 | ---- | M] () -- C:\Program Files\Lexmark X1100 Series\ConvDIB.dll
MOD - [2003/07/29 15:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C .DLL
MOD - [1997/08/06 00:00:00 | 003,782,416 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL
MOD - [1997/08/06 00:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
MOD - [1997/08/06 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Documents and Settings\Owner\Application Data\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/16 06:53:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/04/26 07:54:56 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/04/03 14:50:09 | 000,169,096 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/03/22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013/03/06 02:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/07 09:18:09 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/06 01:52:22 | 000,112,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel(R)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2008/06/23 21:28:08 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Keyboard & Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [File_System | Auto | Stopped] -- E:\Protected Folder\Unort-old\Protected Folder\pffilter.sys -- (PfFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/05/28 07:06:46 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/05/09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 10:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/07 01:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/08/21 18:34:12 | 006,168,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2012/08/11 00:22:21 | 000,218,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)
DRV - [2012/07/05 13:54:18 | 000,016,248 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:54:16 | 000,030,408 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:40 | 000,246,816 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2010/07/22 17:13:28 | 000,041,912 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\FSPFltd.sys -- (FSProFilter)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/03/22 11:31:58 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS -- (KMWDFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? }
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=400&systemid=406&apn_dtid= BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9514097236 984954&q={searchTerms}
IE - HKLM\..\SearchScopes\{fe8a5a30-7831-4eb2-a9e7-8402c384c841}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AIC^xdm007^YY^il&si=CIqIwPm857QCF cVY3god4XgAnw&ptb=8CCB72C9-4057-4A75-90A2-0E730F7833F3&ind=2013011403&n=77fc1dcb&psa=&st=sb& searchfor={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?affID=1...00e069959a7e5b
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ncr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = he
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 CF E6 FE 91 0D CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate}
IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId= 341d11a1000000000000e069959a7e5b
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_0&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
IE - HKCU\..\SearchScopes\{75476FC1-0FDA-42F8-B122-120AC818213D}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=crm&q={se archTerms}&locale=en_US&apn_ptnrs=^F4&apn_dtid=^YY YYYY^YY^IL&apn_uid=2bcee474-e483-4429-8c9a-5133a024fe1f&apn_sauid=20EE11BF-A93A-4D3B-92C7-BBA3361A1D15
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=400&systemid=406&apn_dtid= BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9514097236 984954&q={searchTerms}
IE - HKCU\..\SearchScopes\{fe8a5a30-7831-4eb2-a9e7-8402c384c841}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AIC^xdm007^YY^il&si=CIqIwPm857QCF cVY3god4XgAnw&ptb=8CCB72C9-4057-4A75-90A2-0E730F7833F3&ind=2013011403&n=77fc1dcb&psa=&st=sb& searchfor={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.delta-search.com/?affID=119776&babsrc=HP_ss_pr&mntrId=341d11a100000 0000000e069959a7e5b"
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7BDAC3F861-B30D-40dd-9166-F4E75327FAC7%7D:1.3.1
FF - prefs.js..extensions.enabledAddons: toolbar_W3I4-G%40apn.ask.com:12.40914
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.15.100013
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:3.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_0&hsimp=yhs-lavasoft&ent=bs&q="
FF - prefs.js..browser.startup.homepage: "http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=18E51 1A148026EED6049DF51A43C7EF2"
FF - prefs.js..browser.search.defaulturl: "http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=18E51 1A148026EED6049DF51A43C7EF2"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_70 0_202.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ReadingFanatic_6x.co m/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\np dlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/27 05:54:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\6xffxtbr@ReadingFanatic_6x.com: C:\Program Files\ReadingFanatic_6x\bar\1.bin [2013/02/06 06:26:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext\ [2013/04/26 08:03:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/28 07:13:01 | 000,000,000 | ---D | M]

[2013/02/28 08:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/05/28 07:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions
[2013/03/06 09:44:47 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013/05/28 07:11:31 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013/01/14 10:56:29 | 000,000,000 | ---D | M] (ReadingFanatic) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\6xffxtbr@ReadingFanatic_6x.com
[2013/03/07 09:59:17 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\plugin@yontoo.com
[2013/05/14 05:57:22 | 000,000,000 | ---D | M] ("Foxit PDF Creator Toolbar") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\toolbar@ask.com
[2013/05/16 05:50:18 | 000,438,777 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\toolbar_W3I4-G@apn.ask.com.xpi
[2013/03/07 09:59:03 | 000,213,444 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\torntv@torntv.com.xpi
[2013/05/27 10:39:30 | 000,002,580 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\askcom.xml
[2013/05/02 06:59:44 | 000,006,487 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\babylon.xml
[2013/05/02 06:59:44 | 000,006,487 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\BrowserProtect.xml
[2013/02/28 07:59:55 | 000,002,687 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\Search_Results.xml
[2013/03/03 08:58:15 | 000,021,695 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\Web Search.xml
[2013/02/28 08:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/24 06:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013/03/24 06:49:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/26 08:03:38 | 000,000,000 | ---D | M] (RealDownloader) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FI REFOX\EXT
[2013/05/27 05:54:14 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/03/28 06:19:21 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/05/13 14:12:06 | 000,000,644 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2013/03/07 09:59:29 | 000,006,484 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/11/29 10:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/28 07:59:55 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2013/03/28 06:19:18 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
Reply With Quote
  #5  
Old May 29th, 2013, 07:03 AM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Posts: 543
OTL2
========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://securedsearch2.lavasoft.com/i...49DF51A43C7EF2
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaalnlbjohpcogiifplhmlcdg fgamnh\12.40914_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaoiagmlcohkmjodefppbmpj diocmh\7.17.6.0_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.6_1\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmj bilmde\1.3_1\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjb npdiji\1.3.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmb nnoole\0.8_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\phegaokedjdajgnfphbnpkcfdg jbidko\1.0.0.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_1\

O1 HOSTS File: ([2004/08/27 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE \rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Ask Toolbar) - {57334934-2D47-006A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\W3I4-G\Passport.dll (APN LLC.)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {57334934-2D47-006A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\W3I4-G\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {b36151d1-7770-4480-87e4-f89fb54e173d} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {57334934-2D47-006A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\W3I4-G\Passport.dll (APN LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier .exe (APN)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe (Zenographics)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ABK] C:\Program Files\ABK\abk.exe ()
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [Yontoo Desktop] C:\Documents and Settings\Owner\Application Data\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - Startup: C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\Owner\תפריט התחלה\תוכניות\הפעלה\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.readingfanatic.com/one-toolbaredits/menusearch.jhtml?s=209595816&p2=^AIC^xdm007^YY^il& si=CIqIwPm857QCFcVY3god4XgAnw&a=8CCB72C9-4057-4A75-90A2-0E730F7833F3&n=2013011403 File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/w...?1355997665750 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1355998424640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.179.52.100 80.179.55.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{67556DAD-CB19-4DDF-A634-7736372D9D72}: DhcpNameServer = 80.179.52.100 80.179.55.100
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\261249~1.1 32\{c16c1~1\browse~1.dll) - c:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (דף הבית הנוכחי שלי) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/12/20 10:06:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{de73cdae-4fdf-11e2-9b14-e069959a7e5b}\Shell\AutoRun\command - "" = RunClubSanDisk.exe
O33 - MountPoints2\{ff8c23ce-685e-11e2-9b41-e069959a7e5b}\Shell\AutoRun\command - "" = "E:\USB Secure.exe" 1
O33 - MountPoints2\{ff8c23ce-685e-11e2-9b41-e069959a7e5b}\Shell\explore\command - "" = "E:\USB Secure.exe" 1
O33 - MountPoints2\{ff8c23ce-685e-11e2-9b41-e069959a7e5b}\Shell\open\command - "" = "E:\USB Secure.exe" 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/29 05:23:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\שולחן העבודה\OTL.exe
[2013/05/29 05:10:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/05/28 07:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2013/05/28 07:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Search Protection
[2013/05/28 07:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2013/05/28 07:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\adawaretb
[2013/05/28 07:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\adawarebp
[2013/05/28 07:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2013/05/28 07:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/05/28 07:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SecureSearch
[2013/05/28 07:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\adawaretb
[2013/05/28 07:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2013/05/28 07:06:47 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2013/05/28 07:06:47 | 000,013,560 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2013/05/28 07:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Ad-Aware Antivirus
[2013/05/27 06:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\Google Drive
[2013/05/14 10:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\sun
[2013/05/14 10:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\LibreOffice 4.0
[2013/05/08 11:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\PDF-XChange PDF Viewer
[2013/05/08 11:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2013/05/08 11:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SumatraPDF
[2013/05/08 11:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2013/05/08 07:29:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/05/08 07:28:20 | 000,000,000 | ---D | C] -- C:\temp
[2013/05/06 08:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\dvdcss
[2013/05/05 06:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer
[2013/05/05 06:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2013/05/05 06:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/05/05 06:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple
[2013/05/05 06:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/05/05 06:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2013/05/03 07:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\AntiTwin
[2013/05/03 06:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\Auslogics
[2013/05/03 06:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013/05/03 06:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2013/05/02 10:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\IObit Malware Fighter
[2013/05/02 10:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IObit
[2013/05/02 10:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2013/05/02 10:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\Protected Folder
[2013/05/02 10:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/05/02 10:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\KASHU
[2013/05/01 08:45:36 | 000,000,000 | ---D | C] -- C:\swoof
[2013/04/30 10:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
[2013/04/30 10:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\APN
[2013/04/30 10:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask
[2013/04/30 10:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software
[2013/04/30 10:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\Foxit Reader
[2013/04/30 10:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2013/04/30 10:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/29 05:34:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/05/29 05:23:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\שולחן העבודה\OTL.exe
[2013/05/29 05:14:00 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/05/29 05:13:25 | 000,401,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/29 05:13:25 | 000,319,176 | ---- | M] () -- C:\WINDOWS\System32\perfh00d.dat
[2013/05/29 05:13:25 | 000,062,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/29 05:13:25 | 000,062,464 | ---- | M] () -- C:\WINDOWS\System32\perfc00d.dat
[2013/05/29 05:11:15 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/29 05:11:11 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\שולחן העבודה\Google Chrome.lnk
[2013/05/29 05:09:38 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1935655697-1767777339-725345543-1003.job
[2013/05/29 05:09:35 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTas kS-1-5-21-1935655697-1767777339-725345543-1003.job
[2013/05/29 05:08:49 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/29 05:08:49 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTas kS-1-5-21-1935655697-1767777339-725345543-1003.job
[2013/05/29 05:08:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/28 10:31:15 | 001,462,272 | -H-- | M] () -- C:\ffastun0.ffx
[2013/05/28 10:31:15 | 000,606,208 | -H-- | M] () -- C:\ffastun.ffl
[2013/05/28 10:31:15 | 000,131,072 | -H-- | M] () -- C:\ffastun.ffo
[2013/05/28 10:31:15 | 000,004,818 | -H-- | M] () -- C:\ffastun.ffa
[2013/05/28 10:06:05 | 000,000,687 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2013/05/28 09:53:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/28 09:37:18 | 000,001,547 | ---- | M] () -- C:\WINDOWS\ULead.ini
[2013/05/28 07:06:46 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2013/05/28 07:06:46 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2013/05/27 05:55:09 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/05/26 11:37:41 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\שולחן העבודה\Safari.lnk
[2013/05/26 09:46:57 | 000,000,297 | ---- | M] () -- C:\WINDOWS\CDPHOTO.INI
[2013/05/26 08:52:02 | 000,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2013/05/26 05:15:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/22 05:37:39 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeSchedule dTaskS-1-5-21-1935655697-1767777339-725345543-1003.job
[2013/05/21 06:04:18 | 000,021,663 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\change.jpg
[2013/05/19 05:35:00 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduled TaskS-1-5-21-1935655697-1767777339-725345543-1003.job
[2013/05/16 06:11:01 | 000,072,076 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/05/16 05:49:10 | 000,313,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/13 05:51:42 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2013/05/09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/05/09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/05/09 10:59:10 | 000,174,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/05/09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/05/09 10:59:10 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/05/09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/05/09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/05/09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/05/09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/05/09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/05/09 06:12:45 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/08 11:24:28 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\All Users\שולחן העבודה\PDF-Viewer.lnk
[2013/05/07 07:13:37 | 000,044,421 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\countries.pdf
[2013/05/06 08:27:39 | 000,067,249 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\teeth.pdf
[2013/05/05 06:36:00 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\הפעל את דפדפן Internet Explorer.lnk
[2013/05/05 06:20:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/03 07:02:04 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\שולחן העבודה\Anti-Twin.lnk
[2013/05/03 06:57:04 | 000,001,014 | ---- | M] () -- C:\Documents and Settings\Owner\שולחן העבודה\Auslogics Duplicate File Finder.lnk
[2013/05/02 10:29:07 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\שולחן העבודה\IObit Malware Fighter.lnk
[2013/05/02 10:23:23 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Owner\שולחן העבודה\USB Flash Security Ver.3.3.0.lnk
[2013/05/02 10:21:12 | 000,001,547 | ---- | M] () -- C:\Documents and Settings\Owner\שולחן העבודה\My Lockbox.lnk
[2013/05/01 11:11:50 | 000,020,389 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fish_story.html
[2013/04/30 10:28:20 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/04/30 10:28:20 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\שולחן העבודה\Foxit Reader.lnk
[2013/04/30 08:41:09 | 000,007,004 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Clipboard02.jpg
[2013/04/30 08:40:15 | 000,012,441 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Clipboard01.jpg
[2013/04/30 08:31:04 | 000,002,789 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\watch.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/21 06:04:18 | 000,021,663 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\change.jpg
[2013/05/08 11:24:28 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\All Users\שולחן העבודה\PDF-Viewer.lnk
[2013/05/08 11:09:22 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\SumatraPDF.lnk
[2013/05/07 07:13:34 | 000,044,421 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\countries.pdf
[2013/05/06 08:27:39 | 000,067,249 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\teeth.pdf
[2013/05/05 06:22:40 | 000,072,076 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/05/05 06:20:37 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2013/05/05 06:20:37 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\שולחן העבודה\Safari.lnk
[2013/05/05 06:20:37 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\Safari.lnk
[2013/05/05 06:20:12 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/05 06:20:09 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\Apple Software Update.lnk
[2013/05/03 07:02:06 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\Anti-Twin.lnk
[2013/05/03 07:02:04 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\שולחן העבודה\Anti-Twin.lnk
[2013/05/03 06:57:04 | 000,001,014 | ---- | C] () -- C:\Documents and Settings\Owner\שולחן העבודה\Auslogics Duplicate File Finder.lnk
[2013/05/02 10:29:07 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\שולחן העבודה\IObit Malware Fighter.lnk
[2013/05/02 10:23:23 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\Owner\תפריט התחלה\תוכניות\USB Flash Security Ver.3.3.0.lnk
[2013/05/02 10:23:23 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Owner\שולחן העבודה\USB Flash Security Ver.3.3.0.lnk
[2013/05/01 11:11:49 | 000,020,389 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\fish_story.html
[2013/04/30 10:29:12 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/04/30 10:28:20 | 000,001,721 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/04/30 10:28:20 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\שולחן העבודה\Foxit Reader.lnk
[2013/04/30 08:41:09 | 000,007,004 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Clipboard02.jpg
[2013/04/30 08:40:15 | 000,012,441 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Clipboard01.jpg
[2013/04/30 08:31:04 | 000,002,789 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\watch.pdf
[2013/04/29 05:35:43 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeSchedule dTaskS-1-5-21-1935655697-1767777339-725345543-1003.job
[2013/04/29 05:35:43 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTas kS-1-5-21-1935655697-1767777339-725345543-1003.job
[2013/04/29 05:35:40 | 000,000,326 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduled TaskS-1-5-21-1935655697-1767777339-725345543-1003.job
[2013/04/22 07:17:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/12 06:56:04 | 000,114,176 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\BabMaint.exe
[2013/03/24 10:02:21 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2013/03/18 06:35:00 | 000,174,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/18 06:35:00 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/03/11 09:44:37 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2013/03/11 09:44:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2013/03/03 09:17:29 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/11 09:06:18 | 000,008,066 | ---- | C] () -- C:\WINDOWS\extend.dat
[2013/01/27 10:59:10 | 000,000,297 | ---- | C] () -- C:\WINDOWS\CDPHOTO.INI
[2013/01/10 10:15:24 | 000,001,547 | ---- | C] () -- C:\WINDOWS\ULead.ini
[2013/01/09 10:15:08 | 000,000,687 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2013/01/09 09:37:49 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2013/01/09 09:33:49 | 000,000,074 | -H-- | C] () -- C:\WINDOWS\efdcet.dat
[2013/01/08 06:38:39 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2013/01/07 10:42:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2013/01/07 10:21:43 | 000,233,525 | ---- | C] () -- C:\WINDOWS\System32\isutil.dll
[2013/01/07 10:21:41 | 000,000,271 | ---- | C] () -- C:\WINDOWS\apptune.ini
[2013/01/07 10:04:50 | 000,092,905 | ---- | C] () -- C:\WINDOWS\Scan to PDF Uninstaller.exe
[2013/01/07 08:50:18 | 000,000,168 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2012/12/28 08:51:45 | 000,000,478 | ---- | C] () -- C:\Program Files\קיצור דרך אל ‎IrfanView.lnk[2012/12/27 09:16:54 | 000,000,626 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/12/27 09:16:54 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2012/12/20 11:25:40 | 000,261,208 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
[2012/12/20 11:25:40 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2012/12/20 11:25:39 | 000,963,144 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
[2012/12/20 11:25:39 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
[2012/12/20 11:25:39 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2012/12/20 11:21:11 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/12/20 10:07:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/12/20 10:05:11 | 000,022,160 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/12/19 12:45:01 | 000,004,484 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/12/19 12:44:06 | 000,313,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2013/01/07 10:40:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/01/07 18:21:10 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/27 14:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/27 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/05/28 07:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2013/05/28 07:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\adawaretb
[2013/04/23 09:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/04/30 10:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2013/04/23 09:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
[2012/12/26 09:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/03/07 09:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/05/28 07:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2013/05/16 05:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect
[2013/05/28 07:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2013/05/02 10:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/01/15 10:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer
[2013/05/07 07:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2013/01/16 10:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2013/01/20 06:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegClean
[2013/05/28 07:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Search Protection
[2013/03/07 09:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/01/10 10:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2013/05/28 07:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ad-Aware Antivirus
[2013/05/28 08:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\adawaretb
[2013/05/26 07:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Applian FLV and Media Player
[2013/03/07 09:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BabSolution
[2013/03/07 09:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Babylon
[2013/01/09 06:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverFinder
[2013/01/31 08:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\enchant
[2013/05/07 11:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
[2012/12/27 09:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GHISLER
[2013/05/02 10:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2013/05/14 10:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LibreOffice
[2013/05/05 06:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2012/12/31 10:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2013/01/15 10:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PDF Writer
[2013/03/24 10:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pdf995
[2013/01/07 10:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanWorks
[2013/02/28 07:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\searchresultstb
[2013/05/28 07:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecureSearch
[2013/05/09 11:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SumatraPDF
[2013/04/23 09:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Systweak
[2013/01/15 09:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems
[2013/03/07 09:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Yontoo

========== Purity Check ==========



< End of report >
Reply With Quote
  #6  
Old May 29th, 2013, 07:03 AM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Posts: 543
Extra
OTL Extras logfile created on: 29/05/2013 05:24:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\שולחן העבודה
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

1.90 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.61% Memory free
3.75 Gb Paging File | 2.79 Gb Available in Paging File | 74.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 453.34 Gb Free Space | 97.34% Space Free | Partition Type: NTFS
Drive E: | 3.74 Gb Total Space | 1.09 Gb Free Space | 29.25% Space Free | Partition Type: FAT32

Computer Name: 63D066946A994F6 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res. dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res. dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006 MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006M C.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)
"c:\program files\relevantknowledge\rlvknlg.exe" = c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvk nlg.exe
"C:\Program Files\adawaretb\dtUser.exe" = C:\Program Files\adawaretb\dtUser.exe:*:Enabled:Ad-Aware Security Add-on DTX Broker -- (Visicom Media Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.5 Trial
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{350C97B4-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41D1AD50-4276-4DAF-8AAB-5D97D75E47B3}" = PaperScan Free Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0
"{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"{57334934-2D47-006A-76A7-A758B70B0801}" = Ask Toolbar
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735A3951-E139-4E4A-AFAE-BA25E9FF5E6A}" = PDFill FREE PDF Tools
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81DE279A-62E9-472B-AAAE-40B99F262070}_is1" = ABsee Free Image Viewer 4.0.0
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Foxit PDF Creator Toolbar
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.04.1
"{90120000-0020-040D-0000-0000000FF1CE}" = חבילת תאימות עבור מהדורת 2007 של מערכת Office
"{975C8028-51D8-44A9-9585-82E9810FE96A}" = hp LaserJet 1000
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver
"{C2FF8E9B-7DF4-45DC-A4A1-D0A4102E0A03}" = LibreOffice 3.6 Help Pack (Hebrew)
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D54ADF6B-2164-4394-AF70-2778422E9DD8}" = Intel(R) Network Connections 17.4.84.0
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AbiWord2" = AbiWord 2.8.6
"ABK_is1" = ABK
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anti-Twin 2013-05-03 07.02.04" = Anti-Twin (Installation 03/05/2013)
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"avast" = avast! Free Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 9.3.0.1516
"CCleaner" = CCleaner
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Documalis Free Scanner 1.01.0" = Documalis Free Scanner 1.0
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"ie8" = Windows Internet Explorer 8
"InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"InstallShield_{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver
"IObit Malware Fighter_is1" = IObit Malware Fighter
"IrfanView" = IrfanView (remove only)
"KASHU_UsbEnterVer.3.3.0" = USB Flash Security Ver.3.3.0
"Lexmark X1100 Series" = Lexmark X1100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Lockbox_is1" = My Lockbox 2.8.5
"Office8.0" = Microsoft Office 97, Professional Edition
"OmniFormat" = OmniFormat
"Pdf995" = Pdf995
"Protected Folder_is1" = Protected Folder
"RealPlayer 16.0" = RealPlayer
"SumatraPDF" = SumatraPDF 2.2.1
"Totalcmd" = Total Commander (Remove or Repair)
"Ulead Photo Express 3.0 SE" = Ulead Photo Express 3.0 SE
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Foxit PDF Creator Toolbar Updater
"ICDL Book Reader" = ICDL Book Reader

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27/05/2013 04:53:20 | Computer Name = 63D066946A994F6 | Source = Application Error | ID = 1000
Description = ‏‏תקלה ביישום iexplore.exe, גירסה 8.0.6001.18702, תקלה במודול mshtml.dll,
גירסה 8.0.6001.18702, כתובת התקלה 0x00060833‏.

Error - 27/05/2013 04:53:28 | Computer Name = 63D066946A994F6 | Source = Application Error | ID = 1000
Description = ‏‏תקלה ביישום iexplore.exe, גירסה 8.0.6001.18702, תקלה במודול mshtml.dll,
גירסה 8.0.6001.18702, כתובת התקלה 0x00060833‏.

Error - 28/05/2013 00:31:30 | Computer Name = 63D066946A994F6 | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב iexplore.exe, גירסה 8.0.6001.18702, מודול חוסר תגובה
hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

Error - 28/05/2013 00:35:59 | Computer Name = 63D066946A994F6 | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב iexplore.exe, גירסה 8.0.6001.18702, מודול חוסר תגובה
hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

Error - 28/05/2013 01:13:03 | Computer Name = 63D066946A994F6 | Source = Application Error | ID = 1000
Description = ‏‏תקלה ביישום Adaware_Installer[1].exe, גירסה 10.5.2.4379, תקלה במודול
Adaware_Installer[1].exe, גירסה 10.5.2.4379, כתובת התקלה 0x0022feca‏.

Error - 28/05/2013 04:10:45 | Computer Name = 63D066946A994F6 | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב iexplore.exe, גירסה 8.0.6001.18702, מודול חוסר תגובה
hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

Error - 28/05/2013 04:11:24 | Computer Name = 63D066946A994F6 | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב iexplore.exe, גירסה 8.0.6001.18702, מודול חוסר תגובה
hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

Error - 28/05/2013 04:16:35 | Computer Name = 63D066946A994F6 | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב iexplore.exe, גירסה 8.0.6001.18702, מודול חוסר תגובה
hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

Error - 28/05/2013 04:23:30 | Computer Name = 63D066946A994F6 | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב iexplore.exe, גירסה 8.0.6001.18702, מודול חוסר תגובה
hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

Error - 28/05/2013 04:36:18 | Computer Name = 63D066946A994F6 | Source = Application Error | ID = 1000
Description = ‏‏תקלה ביישום realupgrade.exe, גירסה 16.0.1.18, תקלה במודול ntdll.dll,
גירסה 5.1.2600.2180, כתובת התקלה 0x00018fea‏.

[ System Events ]
Error - 08/05/2013 23:47:36 | Computer Name = 63D066946A994F6 | Source = sr | ID = 1
Description = ‏‏מסנן שחזור המערכת נתקל בשגיאה לא צפויה '0xC0000034' בעת עיבוד הקובץ
'_filelst.cfg' באמצעי האחסון 'HarddiskVolume1'. המסנן הפסיק את הפיקוח על אמצעי
האחסון.

Error - 08/05/2013 23:49:07 | Computer Name = 63D066946A994F6 | Source = Windows Update Agent | ID = 16
Description = ‏‏לא ניתן להתחבר: Windows אינו יכול להתחבר לשרות העדכונים האוטומטיים
ולכן אינו יכול להוריד ולהתקין עדכונים לפי לוח הזמנים המתוזמן. Windows ימשיך לנסות
ליצור התקשרות.

Error - 12/05/2013 00:56:25 | Computer Name = 63D066946A994F6 | Source = Windows Update Agent | ID = 16
Description = ‏‏לא ניתן להתחבר: Windows אינו יכול להתחבר לשרות העדכונים האוטומטיים
ולכן אינו יכול להוריד ולהתקין עדכונים לפי לוח הזמנים המתוזמן. Windows ימשיך לנסות
ליצור התקשרות.

Error - 14/05/2013 00:56:27 | Computer Name = 63D066946A994F6 | Source = Windows Update Agent | ID = 16
Description = ‏‏לא ניתן להתחבר: Windows אינו יכול להתחבר לשרות העדכונים האוטומטיים
ולכן אינו יכול להוריד ולהתקין עדכונים לפי לוח הזמנים המתוזמן. Windows ימשיך לנסות
ליצור התקשרות.

Error - 16/05/2013 00:56:27 | Computer Name = 63D066946A994F6 | Source = Windows Update Agent | ID = 16
Description = ‏‏לא ניתן להתחבר: Windows אינו יכול להתחבר לשרות העדכונים האוטומטיים
ולכן אינו יכול להוריד ולהתקין עדכונים לפי לוח הזמנים המתוזמן. Windows ימשיך לנסות
ליצור התקשרות.

Error - 18/05/2013 23:59:22 | Computer Name = 63D066946A994F6 | Source = Windows Update Agent | ID = 16
Description = ‏‏לא ניתן להתחבר: Windows אינו יכול להתחבר לשרות העדכונים האוטומטיים
ולכן אינו יכול להוריד ולהתקין עדכונים לפי לוח הזמנים המתוזמן. Windows ימשיך לנסות
ליצור התקשרות.

Error - 20/05/2013 23:59:26 | Computer Name = 63D066946A994F6 | Source = Windows Update Agent | ID = 16
Description = ‏‏לא ניתן להתחבר: Windows אינו יכול להתחבר לשרות העדכונים האוטומטיים
ולכן אינו יכול להוריד ולהתקין עדכונים לפי לוח הזמנים המתוזמן. Windows ימשיך לנסות
ליצור התקשרות.

Error - 22/05/2013 23:59:26 | Computer Name = 63D066946A994F6 | Source = Windows Update Agent | ID = 16
Description = ‏‏לא ניתן להתחבר: Windows אינו יכול להתחבר לשרות העדכונים האוטומטיים
ולכן אינו יכול להוריד ולהתקין עדכונים לפי לוח הזמנים המתוזמן. Windows ימשיך לנסות
ליצור התקשרות.

Error - 25/05/2013 23:17:26 | Computer Name = 63D066946A994F6 | Source = Windows Update Agent | ID = 16
Description = ‏‏לא ניתן להתחבר: Windows אינו יכול להתחבר לשרות העדכונים האוטומטיים
ולכן אינו יכול להוריד ולהתקין עדכונים לפי לוח הזמנים המתוזמן. Windows ימשיך לנסות
ליצור התקשרות.

Error - 27/05/2013 23:28:45 | Computer Name = 63D066946A994F6 | Source = Windows Update Agent | ID = 16
Description = ‏‏לא ניתן להתחבר: Windows אינו יכול להתחבר לשרות העדכונים האוטומטיים
ולכן אינו יכול להוריד ולהתקין עדכונים לפי לוח הזמנים המתוזמן. Windows ימשיך לנסות
ליצור התקשרות.


< End of report >
Reply With Quote
  #7  
Old May 29th, 2013, 07:22 AM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
A lot of cryptical language and signs in these logs. Where are you from?

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.




[img=http://imageshack.us/a/img841/7292/thisisujrt.gif] Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.[/*]
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".[/*]
  • The tool will open and start scanning your system.[/*]
  • Please be patient as this can take a while to complete depending on your system's specifications.[/*]
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.[/*]
  • Post the contents of JRT.txt into your next message.[/*]




Next, download ComboFix Save to the Desktop
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.
Please provide the contents of the ComboFix report in your reply.
Reply With Quote
  #8  
Old May 29th, 2013, 09:06 AM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Posts: 543
# AdwCleaner v2.301 - Logfile created 05/29/2013 at 10:54:35
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Owner - 63D066946A994F6
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\שולחן העבודה\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : BrowserProtect
Stopped & Deleted : Yontoo Desktop Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\All Users\Application Data\BrowserProtect
Deleted on reboot : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmj bilmde
Deleted on reboot : C:\Program Files\askpartnernetwork
File Deleted : C:\Documents and Settings\Owner\Application Data\BabMaint.exe
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\bpr otector_extensions.sqlite
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\bpr otector_prefs.js
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\Babylon.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\BrowserProtect.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\Search_Results.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\Web Search.xml
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\WINDOWS\Tasks\EPUpdater.job
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\adawaretb
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\askpartnernetwork
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : C:\Documents and Settings\All Users\Application Data\RegClean
Folder Deleted : C:\Documents and Settings\All Users\Application Data\search protection
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\Owner\Application Data\adawaretb
Folder Deleted : C:\Documents and Settings\Owner\Application Data\BabSolution
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ada waretb
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\6xffxtbr@ReadingFanatic_6x.com
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\plugin@yontoo.com
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\toolbar@ask.com
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\jet pack
Folder Deleted : C:\Documents and Settings\Owner\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Owner\Application Data\searchresultstb
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Yontoo
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\askpartnernetwork
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Ilivid
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Owner\תפריט התחלה\תוכניות\TornTV.com
Folder Deleted : C:\Program Files\adawaretb
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\TornTV.com
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\582df8db53dbd40
Key Deleted : HKCU\Software\adawaretb
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uni nstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\582df8db53dbd40
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd .1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68D EBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68D EBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnpp fjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagoc gkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcan epiiimjjndipklodoedlc
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UpgradeCodes\F928123A039649549966D4C29D35B1 C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Delta Chrome Toolbar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKU\S-1-5-21-1935655697-1767777339-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List [C:\Program Files\RelevantKnowledge\rlvknlg.exe]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=341d11a100000000 0000e069959a7e5b --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate} --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\pre fs.js

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\use r.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=341d1[...]
Deleted : user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss_pr&mnt[...]
Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Deleted : user_pref("extensions.asktb.apn_dbr", "cr_26.0.1410.64");
Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Deleted : user_pref("extensions.asktb.cbid", "^F4");
Deleted : user_pref("extensions.asktb.config-updated", false);
Deleted : user_pref("extensions.asktb.cr-o", "101699cr");
Deleted : user_pref("extensions.asktb.crumb", "2013.04.30+00.28.47-toolbar013iad-IL-VGVsIEF2aXYsSXNyYWVs");
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.displaybehavior", "");
Deleted : user_pref("extensions.asktb.displaytext", "");
Deleted : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^IL");
Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "ISXX0026");
Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("extensions.asktb.ff19-config-first-run", "true");
Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "2bcee474-e483-4429-8c9a-5133a024fe1f");
Deleted : user_pref("extensions.asktb.hpr", "YES");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1369801327332");
Deleted : user_pref("extensions.asktb.locale", "en_US");
Deleted : user_pref("extensions.asktb.location", "Tel Aviv,Israel");
Deleted : user_pref("extensions.asktb.lstation", "");
Deleted : user_pref("extensions.asktb.new-tab-enabled", true);
Deleted : user_pref("extensions.asktb.news-native-on", true);
Deleted : user_pref("extensions.asktb.nthp", "YES");
Deleted : user_pref("extensions.asktb.nthp_prev", "2");
Deleted : user_pref("extensions.asktb.o", "101699");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.pstate", "");
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "19");
Deleted : user_pref("extensions.asktb.sa", "YES");
Deleted : user_pref("extensions.asktb.saguid", "20EE11BF-A93A-4D3B-92C7-BBA3361A1D15");
Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=[...]
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.slwo", "1");
Deleted : user_pref("extensions.asktb.socialmini-first", true);
Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "30/04/2013 10:29:11");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.15.15.100013");
Deleted : user_pref("extensions.asktb.version", "5.15.15.35882");
Deleted : user_pref("extensions.asktb.volume", "");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119776&babsrc[...]
Deleted : user_pref("extensions.enabledAddons", "%7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1,plugin%40y[...]
Deleted : user_pref("extensions.W3I4-G.hpr", "\"hxxp://www.search.ask.com/?l=dis&o=41648005&gct=hp&apn_ptnrs=^[...]
Deleted : user_pref("extentions.y2layers.defaultEnableAppsLi st", "twittube,buzzdock,YontooNewOffers");
Deleted : user_pref("extentions.y2layers.installId", "fb770640-c3e4-4320-b6b6-066971362dba");

-\\ Google Chrome v27.0.1453.94

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.36] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.39] : keyword = "ask.com",
Deleted [l.43] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=FXTV5&o=101699&locale =e[...]
Deleted [l.44] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc={qsrc}&li=ff&sstype=prefix&q={searchT[...]

*************************

AdwCleaner[S1].txt - [24915 octets] - [29/05/2013 10:54:35]

########## EOF - C:\AdwCleaner[S1].txt - [24976 octets] ##########
Reply With Quote
  #9  
Old May 29th, 2013, 09:15 AM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Posts: 543
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on Wed 05/29/2013 at 11:07:27.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgr adecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{75476FC1-0FDA-42F8-B122-120AC818213D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{fe8a5a30-7831-4eb2-a9e7-8402c384c841}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{fe8a5a30-7831-4eb2-a9e7-8402c384c841}



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\systweak"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\adawarebp"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\torch"
Successfully deleted: [Folder] "C:\Program Files\readingfanatic_6x"
Failed to delete: [Folder] "C:\Program Files\askpartnernetwork"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\ev9g4cv5.default\inv alidprefs.js
Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\ev9g4cv5.default\sea rchplugins\babylon.xml
Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\ev9g4cv5.default\ext ensions\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Successfully deleted the following from C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\ev9g4cv5.default\pre fs.js

user_pref("browser.search.selectedEngine", "SecureSearch");
Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\ev9g4cv5.default\min idumps [2 files]



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome \extensioninstallforcelist





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Scan was completed on Wed 05/29/2013 at 11:13:48.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Reply With Quote
  #10  
Old May 29th, 2013, 09:39 AM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Posts: 543
Hallo Tom
Here I have a problem
I tried to activate the Combofix, but it requires to shut my Avast antivirus, and I don't know how to do it. Does it have a general "switch" or anything? I do not find it. Or shall I simply uninstall it?
please advise.
I will continue with the Combo only tomorrow morning
Thanks
Yochanan
Reply With Quote
  #11  
Old May 29th, 2013, 11:34 AM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Rightclick the avast symbol in systemtray, there should be a point to deactivate in the context menu.
Reply With Quote
  #12  
Old May 29th, 2013, 03:36 PM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Posts: 543
thank you Tom. I found the deactivation of Avast. By the way, only now I saw your mention of "cryptical language". As you can see in the header of each post - my location is Israel and my interface (to my great sorrow) is in Hebrew which is a right to left language and written in a Hebrew font.
regards
Reply With Quote
  #13  
Old May 29th, 2013, 07:17 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Ah ok, thanks for letting me know
Reply With Quote
  #14  
Old May 30th, 2013, 04:35 AM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Posts: 543
the Combofix log here:
ComboFix 13-05-30.01 - Owner 05/30/2013 6:04.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1255.972.1037.18.1950.1237 [GMT 2:00]
Running from: c:\documents and settings\Owner\שולחן העבודה\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-30 )))))))))))))))))))))))))))))))
.
.
2013-05-29 09:30 . 2013-05-29 09:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\adawarebp
2013-05-29 09:07 . 2013-05-29 09:07 -------- d-----w- c:\windows\ERUNT
2013-05-29 09:07 . 2013-05-29 09:07 -------- d-----w- C:\JRT
2013-05-28 05:13 . 2013-05-28 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2013-05-28 05:12 . 2013-05-28 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2013-05-28 05:11 . 2013-05-28 05:11 -------- d-----w- c:\program files\Toolbar Cleaner
2013-05-28 05:11 . 2013-05-28 05:11 -------- d-----w- c:\documents and settings\Owner\Application Data\SecureSearch
2013-05-28 05:06 . 2013-05-28 05:06 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-05-28 05:06 . 2013-05-28 05:06 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-05-28 05:06 . 2013-05-28 05:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Ad-Aware Antivirus
2013-05-14 08:55 . 2013-05-16 04:05 -------- d-----w- c:\program files\LibreOffice 4.0
2013-05-08 09:24 . 2013-05-08 09:24 -------- d-----w- c:\program files\Tracker Software
2013-05-08 09:11 . 2013-05-09 09:08 -------- d-----w- c:\documents and settings\Owner\Application Data\SumatraPDF
2013-05-08 09:09 . 2013-05-08 09:09 -------- d-----w- c:\program files\SumatraPDF
2013-05-08 05:53 . 2013-05-30 03:51 -------- d-----w- c:\windows\system32\wbem\Logs
2013-05-08 05:28 . 2013-05-08 05:28 -------- d-----w- C:\temp
2013-05-06 06:52 . 2013-05-08 04:40 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2013-05-05 04:20 . 2013-05-05 04:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2013-05-05 04:20 . 2013-05-05 04:20 -------- d-----w- c:\program files\Safari
2013-05-05 04:20 . 2013-05-05 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2013-05-05 04:20 . 2013-05-05 04:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2013-05-05 04:20 . 2013-05-05 04:20 -------- d-----w- c:\program files\Apple Software Update
2013-05-05 04:20 . 2013-05-05 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2013-05-03 05:02 . 2013-05-03 05:02 -------- d-----w- c:\program files\AntiTwin
2013-05-03 04:57 . 2013-05-03 04:57 -------- d-----w- c:\program files\Auslogics
2013-05-03 04:17 . 2013-05-05 04:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2013-05-02 08:28 . 2013-05-02 08:32 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2013-05-02 08:28 . 2013-05-02 08:29 -------- d-----w- c:\program files\IObit
2013-05-02 08:28 . 2013-05-02 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2013-05-02 08:23 . 2013-05-02 08:23 -------- d-----w- c:\program files\KASHU
2013-05-01 06:45 . 2013-05-01 06:47 -------- d-----w- C:\swoof
2013-04-30 08:28 . 2013-04-30 08:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\Foxit Software
2013-04-30 08:28 . 2013-05-07 09:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit Software
2013-04-30 08:28 . 2013-04-30 08:28 -------- d-----w- c:\program files\Foxit Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2013-05-16 04:53 . 2012-12-26 09:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-16 04:53 . 2012-12-26 09:37 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-09 08:59 . 2013-03-18 04:35 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-03-18 04:35 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2012-12-26 07:39 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2012-12-26 07:39 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-12-26 07:39 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2013-03-18 04:34 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2012-12-26 07:39 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2012-12-26 07:39 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2012-12-26 07:39 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-12-26 07:39 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-26 06:03 . 2013-04-26 06:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-04-26 06:03 . 2013-04-26 06:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-04-26 05:54 . 2013-04-26 05:55 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-26 05:54 . 2013-01-16 08:42 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-26 05:54 . 2013-04-26 05:55 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-26 05:54 . 2013-04-26 05:55 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-04 12:50 . 2013-01-15 07:15 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-24 07:56 . 2013-03-11 07:44 1672192 ----a-w- c:\windows\system32\pdfmona.dll
2013-03-24 07:56 . 2013-03-11 07:44 36864 ----a-w- c:\windows\system32\pdf995mon.dll
2013-03-06 23:33 . 2013-03-18 04:35 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-03-28 04:19 . 2013-02-07 07:18 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\GD riveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\GD riveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\GD riveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\GD riveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2013-03-25 3497240]
"ABK"="c:\program files\ABK\abk.exe" [2011-01-19 1420800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-31 136704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-31 174592]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2012-07-31 162816]
"KMCONFIG"="c:\program files\Keyboard & Mouse Driver\StartAutorun.exe" [2008-05-29 212992]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-04-18 36864]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2012-05-24 2207080]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-04-26 295512]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]
"RTHDCPL"="RTHDCPL.EXE" [2012-08-06 20117136]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2013-05-15 554408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-27 15360]
.
c:\documents and settings\Owner\תפריט התחלה\תוכניות\הפעלה\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\documents and settings\Owner\תפריט התחלה\תוכניות\הפעלה\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\documents and settings\Owner\תפריט התחלה\תוכניות\הפעלה\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-6 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-6 51984]
.
c:\documents and settings\Owner\תפריט התחלה\תוכניות\הפעלה\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \HP1006MC.EXE"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvr t.sys [18/03/2013 06:35 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.s ys [18/03/2013 06:35 174664]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [03/03/2013 08:57 41912]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.s ys [28/05/2013 07:06 13560]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.s ys [18/03/2013 06:35 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.s ys [26/12/2012 09:39 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26/12/2012 09:39 368944]
R2 APNMCP;Ask Update Service;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [03/04/2013 14:50 169096]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [26/12/2012 09:39 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [18/03/2013 06:34 66336]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [02/05/2013 10:28 821592]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [06/09/2012 01:52 112968]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Keyboard & Mouse Driver\KMWDSrv.exe [23/06/2008 21:28 208896]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [15/01/2013 09:15 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [15/01/2013 09:15 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc. exe [06/03/2013 02:21 39056]
R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [02/05/2013 10:28 246816]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [15/01/2013 09:15 22856]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [02/05/2013 10:28 30408]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [02/05/2013 10:28 16248]
S2 PfFilter;PfFilter;\??\e:\protected folder\Unort-old\Protected Folder\pffilter.sys --> e:\protected folder\Unort-old\Protected Folder\pffilter.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [20/12/2012 11:21 1691480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-29 03:10 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Insta ller\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-12-26 04:53]
.
2013-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-05-30 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-26 08:58]
.
2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-09 04:54]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-09 04:54]
.
2013-05-29 c:\windows\Tasks\RealDownloaderDownloaderScheduled TaskS-1-5-21-1935655697-1767777339-725345543-1003.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager .exe [2013-03-06 00:23]
.
2013-05-30 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTas kS-1-5-21-1935655697-1767777339-725345543-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06 00:21]
.
2013-05-29 c:\windows\Tasks\RealDownloaderRealUpgradeSchedule dTaskS-1-5-21-1935655697-1767777339-725345543-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06 00:21]
.
2013-05-30 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1935655697-1767777339-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 09:36]
.
2013-05-30 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTas kS-1-5-21-1935655697-1767777339-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 09:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ncr
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 80.179.52.100 80.179.55.100
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=18E51 1A148026EED6049DF51A43C7EF2
FF - ExtSQL: 2013-04-24 06:13; toolbar_W3I4-G@apn.ask.com; c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\toolbar_W3I4-G@apn.ask.com.xpi
FF - ExtSQL: 2013-04-26 08:03; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\documents and settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{57334934-2D47-006A-76A7-7A786E7484D7} - c:\program files\AskPartnerNetwork\Toolbar\W3I4-G\Passport.dll
Toolbar-{57334934-2D47-006A-76A7-7A786E7484D7} - c:\program files\AskPartnerNetwork\Toolbar\W3I4-G\Passport.dll
WebBrowser-{57334934-2D47-006A-76A7-7A786E7484D7} - c:\program files\AskPartnerNetwork\Toolbar\W3I4-G\Passport.dll
AddRemove-Protected Folder_is1 - e:\protected folder\Unort-old\Protected Folder\unins000.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-30 06:18
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-1767777339-725345543-1003\Software\Microsoft\  M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*\Recent File List]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"File1"="c:\\WINDOWS\\system32\\devmgmt.msc"
"File2"="c:\\WINDOWS\\system32\\compmgmt.msc"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-05-30 06:19:45
ComboFix-quarantined-files.txt 2013-05-30 04:19
.
Pre-Run: 486,411,673,600 bytes free
Post-Run: 486,386,139,136 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - DDAE6C284EF1AA4A279081376944C737
Reply With Quote
  #15  
Old May 30th, 2013, 06:43 AM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Hi,

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


Also please post back with a fresh OTL logfile and tell me how the system is running.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
iTunes - Any idea how to change change multiple movies, all selected into tv shows us VonnegutX Applications 1 April 8th, 2008 06:37 AM
Hmm, a cross-browser browser (Called Site Inspector) Harrie The Anything Else Board 0 July 10th, 2007 02:34 PM
Change broadband provider = change email address? miller123 The Anything Else Board 3 March 1st, 2007 10:05 PM
Browser inside browser justind Web Development & Graphic Design 11 November 7th, 2006 06:08 PM


All times are GMT +1. The time now is 08:41 AM.