[RESOLVED] TBhostsupport Conduit problem

48 posts in this topic

Post #: 1   Posted

Hey all im new here, had a very annoying PUP. Optional. Conduit as Registry key and a File that when PC Re-boot to delete it, is coming back some how :(

Malwarebytes says that fire come as "Memory Module" too :\

the file folder name: TBhostsupport - is placed on: C:\Users\name\AppData\Local\TBhostsupport/TBhostsupport.dll

the problem, is delete them, but they back... why is it

had a "Security.Hijack" in Quarantine too.

Some Scan Logs:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
name ::NAME-PC [administrator]

Protection: Enabled

03/12/2013 03:53:38
mbam-log-2013-12-03 (03-53-38).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 439328
Time elapsed: 52 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\name\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> Delete on reboot.

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoUpdate.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TBHostSupport (PUP.Optional.Conduit) -> Data: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\name\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\name\AppData\Local\TBHostSupport (PUP.Optional.Conduit) -> Delete on reboot.

Files Detected: 1
C:\Users\name\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> Delete on reboot.

(end)

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
name:: Name-PC [administrator]

Protection: Enabled

03/12/2013 13:33:33
mbam-log-2013-12-03 (13-33-33).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 441331
Time elapsed: 47 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\name\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TBHostSupport (PUP.Optional.Conduit) -> Data: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Name\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Name\AppData\Local\TBHostSupport (PUP.Optional.Conduit) -> Delete on reboot.

Files Detected: 1
C:\Users\Name\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> Delete on reboot.

(end)

and had a question please, is safe to remove a Quarantine Viruses, Malware ?

Thanks to help.


Share this post


Link to post
Share on other sites

Post #: 2   Posted

Welcome aboard p22002758.gif

Please, observe following rules:

  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

is safe to remove a Quarantine Viruses, Malware ?

Usually it's a good idea to leave them alone for couple of days just in case (rare) if there is some false positive.

If you see no ill effects after couple of days you can empty quarantine folder.

Complete all steps listed here:


Share this post


Link to post
Share on other sites

Post #: 3   Posted (edited)

ok thanks for answer, I try to follow:

1) I sure windows firewall is - on.

2) yes, I had Anti-Virus free name: Avira antivir - full update, full scan, and not found :\

Step 1-

I added 2x Full scan Malwarebytes Log files, as you want make a quick one:

the program is full updated.

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
name :: NAME-PC [administrator]

Protection: Enabled

03/12/2013 23:12:20
MBAM-log-2013-12-03 (23-17-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205387
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\name\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> No action taken.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TBHostSupport (PUP.Optional.Conduit) -> Data: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\name\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\name\AppData\Local\TBHostSupport (PUP.Optional.Conduit) -> No action taken.

Files Detected: 1
C:\Users\name\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> No action taken.

(end)

that TBHostSupport.dll not leaving, I didnt wanna ignore them, the PC allways want to Reboot to remove it..

how much Reboots per a day... is been removed, but allways back :(

Step 2-

I can't download from Mirror 1..

Mirror 2 is in language that I dont understand...

I did a scan with a TDSSKiller is so long, I put it in both posts, here a half:

Didnt had to use it, sorry- edited for short topic read.

Edited by TripleTripe

Share this post


Link to post
Share on other sites

Post #: 4   Posted (edited)

2nd of the half:

is didnt suppost to use, sorry- edited for short topic read.

as you see is didnt found anything :\

how much time is couple of days?

I had Malware party there, so many names, didnt like how is look ^^

wanna delete them all, some of them more than 2.1M , is a waste of space -]

just that TBHhostsupport.dll coming when removed after Reboot, is safe do 100 Reboots on a day ?

Thanks to you, as you see, Im trying...

Edited by TripleTripe

Share this post


Link to post
Share on other sites

Post #: 5   Posted

Please re-read my rules I posted above.

One of them says:

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Now....

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.


Share this post


Link to post
Share on other sites

Post #: 6   Posted (edited)

first, the PC say the FRST64.exe - can Harm the PC is it really safe?

I did the Scan any way- reports:

FAST.txt -

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013 02
Ran by name (administrator) on NAME-PC on 04-12-2013 16:23:28
Running from C:\Users\name\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\ProgramData\Yes Streamer\MediaServer.exe
(The Chromium Authors) C:\ProgramData\Yes Streamer\berkelium.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Abine Inc.) C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(CallingID Ltd.) C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLight.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_152_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\name\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
MountPoints2: {46473585-0f20-11e3-80bc-bcaec5df2d4c} - F:\Startme.exe
HKLM-x32\...\Run: [bCU] - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [411864 2010-03-05] (DeviceVM, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
IFEO\ActionCenterDownloader.exe: [Debugger] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe"
IFEO\Deployer.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\DriverBooster.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\Promote.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\Scheduler.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\SDInit.exe: [Debugger] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe"
IFEO\SmartDefrag.exe: [Debugger] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe"
IFEO\UpdateDB.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
Startup: C:\Users\name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.lnk
ShortcutTarget: .lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.il/
URLSearchHook: HKLM-x32 - NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
SearchScopes: HKLM - DefaultScope {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0D0FtB0DyE0CyDyDzyyEtN0D0Tzu0StBzytBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1361127720
SearchScopes: HKLM - {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0D0FtB0DyE0CyDyDzyyEtN0D0Tzu0StBzytBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1361127720
SearchScopes: HKLM-x32 - DefaultScope {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0D0FtB0DyE0CyDyDzyyEtN0D0Tzu0StBzytBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1361127720
SearchScopes: HKLM-x32 - {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0D0FtB0DyE0CyDyDzyyEtN0D0Tzu0StBzytBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1361127720
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=c6755594000000000000bcaec5df2d4c
SearchScopes: HKCU - {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0D0FtB0DyE0CyDyDzyyEtN0D0Tzu0StBzytBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1361127720
SearchScopes: HKCU - {54DD8777-8136-465F-A8AA-87D4960AA018} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {5911340E-4E3B-480a-81D0-0376EC395497} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
SearchScopes: HKCU - {5F96FD55-6512-417C-93B3-317933C105FC} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=en_IL&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^IL&apn_uid=1680b48c-b254-4f0a-918a-4c9465f13abd&apn_sauid=6CDEFFBE-D34C-47C0-BB40-834D4A36C2F0
SearchScopes: HKCU - {98D0C22A-6095-48DC-A630-CED97A7F603B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2296690&CUI=UN30648475932843724
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL =
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
BHO-x32: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
BHO-x32: AccelerateTab - {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\Program Files (x86)\Secure Speed Dial\IE\SpeedDial.dll (Secure Speed Dial)
BHO-x32: . - {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.80.2.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Chrome:
=======


CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (Avira Toolbar) - C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.28.54987_0
CHR Extension: (YouTube) - C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AccelerateTab) - C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0
CHR Extension: (!\u05D5\u05D5\u05D0\u05DC\u05D4) - C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\Extensions\hifljmdhcpanibegopehdlcpjknfnbpm\1.6_0
CHR Extension: (Walla) - C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfjhiccppafcjicfalobggnophliocpp\10.22.5.510_0
CHR Extension: (Google Wallet) - C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (AD Block) - C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkdcodhlkmiakbangobnmdhieapagic\1.0.0_0
CHR Extension: (Gmail) - C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\huber\AppData\Local\speeddial.crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\huber\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.18.0.crx
CHR HKLM-x32\...\Chrome\Extension: [hifljmdhcpanibegopehdlcpjknfnbpm] - C:\Users\huber\AppData\Local\walla_app.crx
CHR HKLM-x32\...\Chrome\Extension: [jfjhiccppafcjicfalobggnophliocpp] - C:\Users\huber\AppData\Local\CRE\jfjhiccppafcjicfalobggnophliocpp.crx
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-06-29] ()
S2 SecureUpdateSvc; C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2473296 2013-10-30] ()
R2 YesMediaServer; C:\ProgramData\Yes Streamer\MediaServer.exe [5480232 2011-10-15] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2011-08-20] ()
U3 axldb4vz; C:\Windows\System32\Drivers\axldb4vz.sys [0 ] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-04 16:23 - 2013-12-04 16:23 - 00016542 _____ C:\Users\name\Downloads\FRST.txt
2013-12-04 16:23 - 2013-12-04 16:23 - 00000000 ____D C:\FRST
2013-12-04 16:20 - 2013-12-04 16:20 - 01959614 _____ (Farbar) C:\Users\name\Downloads\FRST64.exe
2013-12-03 17:09 - 2013-12-03 17:09 - 00000000 ____D C:\Users\name\AppData\Local\TBHostSupport
2013-12-02 06:02 - 2013-12-03 04:57 - 00064512 ___SH C:\Users\name\Downloads\Thumbs.db
2013-11-21 23:42 - 2013-11-23 16:29 - 00000000 ____D C:\Program Files\Google
2013-11-15 19:55 - 2013-11-16 20:04 - 00000284 _____ C:\Windows\Tasks\Driver Booster Update.job
2013-11-15 19:55 - 2013-11-15 19:58 - 00003216 _____ C:\Windows\System32\Tasks\Driver Booster Scan
2013-11-15 19:55 - 2013-11-15 19:58 - 00002560 _____ C:\Windows\System32\Tasks\Driver Booster Update
2013-11-15 19:55 - 2013-11-15 19:55 - 00001180 _____ C:\Users\Public\Desktop\Driver Booster.lnk
2013-11-14 12:58 - 2013-11-14 12:58 - 00000000 ____D C:\Users\huber\AppData\Local\WhiteListing
2013-11-13 15:38 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-13 15:37 - 2013-11-13 15:37 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 15:37 - 2013-11-13 15:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 15:37 - 2013-11-13 15:37 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-13 15:37 - 2013-11-13 15:37 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-13 15:37 - 2013-11-13 15:37 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-13 15:37 - 2013-11-13 15:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-13 15:37 - 2013-11-13 15:37 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-13 15:37 - 2013-11-13 15:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-13 15:37 - 2013-11-13 15:37 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-13 15:37 - 2013-11-13 15:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-13 15:37 - 2013-11-13 15:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-13 15:14 - 2013-12-03 05:13 - 00000000 ____D C:\ProgramData\ProductData
2013-11-13 15:14 - 2013-11-13 15:14 - 00003094 _____ C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2013-11-13 15:14 - 2013-11-13 15:14 - 00001237 _____ C:\Users\name\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-11-13 15:14 - 2013-11-13 15:14 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-13 15:13 - 2013-12-04 15:13 - 00002205 _____ C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2013-11-13 15:13 - 2013-11-13 15:13 - 00002850 _____ C:\Windows\System32\Tasks\ASC7_SkipUac_huber
2013-11-13 13:54 - 2013-11-13 13:54 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2013-11-13 13:54 - 2013-11-13 13:54 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2013-11-13 09:52 - 2013-11-13 09:52 - 00010411 _____ C:\Users\name\Downloads\fNEM1D81pmha_soCZ9qkE6W1pxF7ImkiOiAiKjU3MzQ0QzZGRUIxOCIsICJjIjogImltYWdlL3RpZmYiLCAidiI6IDEsICJuIjogImh1YmVyNTk5In0=.tif
2013-11-13 04:37 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 04:37 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 04:37 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 04:37 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 04:37 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 04:37 - 2013-10-05 22:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 04:37 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 04:37 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 04:37 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 04:37 - 2013-10-04 04:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 04:37 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 04:37 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 04:37 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 04:37 - 2013-10-03 04:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 04:37 - 2013-10-03 04:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 04:37 - 2013-09-28 03:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 04:37 - 2013-09-25 04:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 04:37 - 2013-09-25 04:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 04:37 - 2013-09-25 04:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 04:37 - 2013-09-25 04:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 04:37 - 2013-09-25 04:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 04:37 - 2013-09-25 04:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 04:37 - 2013-09-25 04:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 04:37 - 2013-09-25 04:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 04:37 - 2013-09-25 03:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 04:37 - 2013-09-25 03:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 04:37 - 2013-09-25 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 04:37 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 04:37 - 2013-09-25 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 04:37 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-10 18:54 - 2013-11-10 18:55 - 03628032 _____ C:\Users\name\Downloads\un-noBio.pps
2013-11-09 13:54 - 2013-12-02 12:47 - 00003168 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2013-11-09 13:54 - 2013-12-02 12:47 - 00003166 _____ C:\Windows\System32\Tasks\SmartDefragUpdate
2013-11-09 13:54 - 2013-05-22 18:49 - 00032600 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2013-11-09 13:52 - 2013-11-09 13:52 - 00001170 _____ C:\Users\Public\Desktop\Smart Defrag 2.lnk
2013-11-09 13:52 - 2013-05-22 18:49 - 00017720 _____ C:\Windows\system32\Drivers\SmartDefragDriver.sys
2013-11-04 13:29 - 2013-11-04 13:29 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}

==================== One Month Modified Files and Folders =======

2013-12-04 16:24 - 2011-12-18 21:56 - 08168998 _____ C:\Windows\SysWOW64\YesMediaShare.log
2013-12-04 16:23 - 2013-12-04 16:23 - 00016542 _____ C:\Users\name\Downloads\FRST.txt
2013-12-04 16:23 - 2013-12-04 16:23 - 00000000 ____D C:\FRST
2013-12-04 16:23 - 2012-04-07 19:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-04 16:20 - 2013-12-04 16:20 - 01959614 _____ (Farbar) C:\Users\name\Downloads\FRST64.exe
2013-12-04 15:47 - 2013-06-27 15:41 - 01558747 _____ C:\Windows\WindowsUpdate.log
2013-12-04 15:34 - 2011-10-02 16:06 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-04 15:13 - 2013-11-13 15:13 - 00002205 _____ C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2013-12-04 08:34 - 2011-10-02 16:06 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-04 04:45 - 2013-03-04 20:02 - 00000000 ____D C:\Users\name\AppData\Local\DoNotTrackPlus
2013-12-04 00:05 - 2011-12-18 21:56 - 10240103 _____ C:\Windows\SysWOW64\YesMediaShare.log.1
2013-12-03 17:09 - 2013-12-03 17:09 - 00000000 ____D C:\Users\name\AppData\Local\TBHostSupport
2013-12-03 15:38 - 2013-10-28 01:27 - 00006003 _____ C:\Users\name\Desktop\עד לרמה 27 בזומבים.txt
2013-12-03 15:21 - 2009-07-14 06:45 - 00023904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 15:21 - 2009-07-14 06:45 - 00023904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 15:18 - 2009-07-14 07:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-03 15:13 - 2011-12-18 21:56 - 00000000 _____ C:\Windows\SysWOW64\chrome.log
2013-12-03 15:13 - 2011-12-18 21:55 - 00000000 ____D C:\ProgramData\Yes Streamer
2013-12-03 15:13 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 11:19 - 2013-03-28 22:06 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-03 05:13 - 2013-11-13 15:14 - 00000000 ____D C:\ProgramData\ProductData
2013-12-03 04:57 - 2013-12-02 06:02 - 00064512 ___SH C:\Users\name\Downloads\Thumbs.db
2013-12-03 01:34 - 2011-12-18 21:56 - 10240113 _____ C:\Windows\SysWOW64\YesMediaShare.log.2
2013-12-02 12:47 - 2013-11-09 13:54 - 00003168 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2013-12-02 12:47 - 2013-11-09 13:54 - 00003166 _____ C:\Windows\System32\Tasks\SmartDefragUpdate
2013-12-02 10:17 - 2011-12-18 21:56 - 10240031 _____ C:\Windows\SysWOW64\YesMediaShare.log.3
2013-12-02 06:32 - 2011-08-20 09:04 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-01 19:20 - 2011-12-18 21:56 - 10240422 _____ C:\Windows\SysWOW64\YesMediaShare.log.4
2013-11-30 23:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-30 18:56 - 2011-12-18 21:56 - 10240026 _____ C:\Windows\SysWOW64\YesMediaShare.log.5
2013-11-27 14:39 - 2011-12-02 17:00 - 00000000 ____D C:\Users\name\AppData\Local\Apache
2013-11-24 08:29 - 2011-10-02 16:06 - 00003922 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-24 08:29 - 2011-10-02 16:06 - 00003670 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-23 16:29 - 2013-11-21 23:42 - 00000000 ____D C:\Program Files\Google
2013-11-23 16:29 - 2011-10-02 16:06 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-22 18:59 - 2011-08-20 09:09 - 00000000 ____D C:\Users\name\AppData\Roaming\IObit
2013-11-22 00:36 - 2011-08-25 23:33 - 00000000 ____D C:\Users\name\AppData\Local\Google
2013-11-21 23:47 - 2012-12-16 22:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-11-21 23:44 - 2013-01-13 22:40 - 00000000 ____D C:\Users\name\AppData\Local\Adobe
2013-11-21 23:42 - 2012-04-07 19:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-21 23:42 - 2012-04-07 19:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-21 23:42 - 2011-08-20 09:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-21 23:36 - 2013-09-16 18:29 - 00000000 ____D C:\Program Files (x86)\Secure Speed Dial
2013-11-18 00:42 - 2012-11-30 03:38 - 00007675 _____ C:\Users\name\Desktop\automate missins - update.txt
2013-11-16 20:04 - 2013-11-15 19:55 - 00000284 _____ C:\Windows\Tasks\Driver Booster Update.job
2013-11-15 19:58 - 2013-11-15 19:55 - 00003216 _____ C:\Windows\System32\Tasks\Driver Booster Scan
2013-11-15 19:58 - 2013-11-15 19:55 - 00002560 _____ C:\Windows\System32\Tasks\Driver Booster Update
2013-11-15 19:55 - 2013-11-15 19:55 - 00001180 _____ C:\Users\Public\Desktop\Driver Booster.lnk
2013-11-15 19:55 - 2011-08-20 09:09 - 00000000 ____D C:\Program Files (x86)\IObit
2013-11-15 19:51 - 2011-08-20 08:15 - 00000000 ____D C:\Users\name
2013-11-14 12:58 - 2013-11-14 12:58 - 00000000 ____D C:\Users\name\AppData\Local\WhiteListing
2013-11-14 12:36 - 2013-03-28 22:06 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-14 05:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 16:12 - 2011-08-20 09:05 - 00000000 ____D C:\Windows\Panther
2013-11-13 15:48 - 2011-08-20 08:16 - 00001413 _____ C:\Users\name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-13 15:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-13 15:37 - 2013-11-13 15:37 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 15:37 - 2013-11-13 15:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 15:37 - 2013-11-13 15:37 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-13 15:37 - 2013-11-13 15:37 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-13 15:37 - 2013-11-13 15:37 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-13 15:37 - 2013-11-13 15:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-13 15:37 - 2013-11-13 15:37 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-13 15:37 - 2013-11-13 15:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-13 15:37 - 2013-11-13 15:37 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-13 15:37 - 2013-11-13 15:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-13 15:37 - 2013-11-13 15:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-13 15:35 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-11-13 15:34 - 2013-07-26 21:29 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 15:33 - 2011-08-23 04:10 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 15:14 - 2013-11-13 15:14 - 00003094 _____ C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2013-11-13 15:14 - 2013-11-13 15:14 - 00001237 _____ C:\Users\name\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-11-13 15:14 - 2013-11-13 15:14 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-13 15:13 - 2013-11-13 15:13 - 00002850 _____ C:\Windows\System32\Tasks\ASC7_SkipUac_huber
2013-11-13 15:13 - 2011-09-16 16:34 - 00000000 ____D C:\ProgramData\IObit
2013-11-13 13:54 - 2013-11-13 13:54 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2013-11-13 13:54 - 2013-11-13 13:54 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2013-11-13 09:52 - 2013-11-13 09:52 - 00010411 _____ C:\Users\name\Downloads\fNEM1D81pmha_soCZ9qkE6W1pxF7ImkiOiAiKjU3MzQ0QzZGRUIxOCIsICJjIjogImltYWdlL3RpZmYiLCAidiI6IDEsICJuIjogImh1YmVyNTk5In0=.tif
2013-11-11 05:50 - 2010-11-21 05:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-10 18:55 - 2013-11-10 18:54 - 03628032 _____ C:\Users\name\Downloads\un-noBio.pps
2013-11-09 13:52 - 2013-11-09 13:52 - 00001170 _____ C:\Users\Public\Desktop\Smart Defrag 2.lnk
2013-11-04 13:29 - 2013-11-04 13:29 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}

Some content of TEMP:
====================
C:\Users\name\AppData\Local\Temp\avgnt.exe
C:\Users\name\AppData\Local\Temp\setup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-30 11:35

==================== End Of Log ============================

Addition.txt -

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2013 02
Ran by huber at 2013-12-04 16:24:09
Running from C:\Users\name\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

AccelerateTab (x32 Version: 1.4)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112)
Advanced SystemCare 7 (x32 Version: 7.0.5)
Advertising Center (x32 Version: 0.0.0.1)
Air Conflicts Secret Wars (HKCU)
Air Conflicts: Vietnam (x32 Version: 1)
Alien Swarm (x32)
Aliens: Colonial Marines (x32)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.81008.0920)
Apache: Air Assault (x32 Version: 1.0.0.1)
Ask Toolbar (x32 Version: 1.15.26.0)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.4.5.0)
ATI AVIVO64 Codecs (Version: 11.6.0.50930)
ATI Problem Report Wizard (Version: 3.0.795.0)
Avira Free Antivirus (x32 Version: 14.0.1.759)
Battlefield Play4Free (HKCU)
BitTorrent (x32 Version: 7.2.1)
Browser Configuration Utility (x32 Version: 1.0.12.1)
BSPlayer (x32)
Call of Duty: Black Ops - Multiplayer (x32)
Call of Duty: Black Ops (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229)
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229)
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229)
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229)
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229)
CCC Help Czech (x32 Version: 2013.1008.0931.15229)
CCC Help Danish (x32 Version: 2013.1008.0931.15229)
CCC Help Dutch (x32 Version: 2013.1008.0931.15229)
CCC Help English (x32 Version: 2013.1008.0931.15229)
CCC Help Finnish (x32 Version: 2013.1008.0931.15229)
CCC Help French (x32 Version: 2013.1008.0931.15229)
CCC Help German (x32 Version: 2013.1008.0931.15229)
CCC Help Greek (x32 Version: 2013.1008.0931.15229)
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229)
CCC Help Italian (x32 Version: 2013.1008.0931.15229)
CCC Help Japanese (x32 Version: 2013.1008.0931.15229)
CCC Help Korean (x32 Version: 2013.1008.0931.15229)
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229)
CCC Help Polish (x32 Version: 2013.1008.0931.15229)
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229)
CCC Help Russian (x32 Version: 2013.1008.0931.15229)
CCC Help Spanish (x32 Version: 2013.1008.0931.15229)
CCC Help Swedish (x32 Version: 2013.1008.0931.15229)
CCC Help Thai (x32 Version: 2013.1008.0931.15229)
CCC Help Turkish (x32 Version: 2013.1008.0931.15229)
ccc-utility64 (Version: 2013.1008.932.15229)
CCleaner (Version: 3.22)
Driver Booster (x32 Version: 1.0)
Foxit Reader (x32 Version: 5.4.5.124)
Google Chrome (x32 Version: 31.0.1650.57)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.22.3)
HydraVision (x32 Version: 4.2.180.0)
IObit Uninstaller (x32 Version: 3.0.3.1064)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Jurassic Park The Game (x32 Version: 1.0.0.15)
K-Lite Codec Pack 7.2.0 (Full) (x32 Version: 7.2.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NCH EN Toolbar (x32 Version: 6.8.2.0)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero Installer (x32 Version: 4.4.9.0)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart OEM (x32 Version: 9.4.10.100)
neroxml (x32 Version: 1.0.0)
PunkBuster Services (x32 Version: 0.990)
Realtek Ethernet Controller Driver (x32 Version: 7.37.1229.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251)
Smart Defrag 2 (x32 Version: 2.9)
SpeedFan (remove only) (x32)
Steam (x32 Version: 1.0.0.0)
Surfing Protection (x32 Version: 1.0)
swMSM (x32 Version: 12.0.0.1)
System Requirements Lab CYRI (x32 Version: 4.4.26.0)
Tom Clancy's H.A.W.X (x32 Version: 1.02.00000)
TVersity Codec Pack 1.7 (x32 Version: 1.7)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
WinRAR 4.00 (64-bit) (Version: 4.00.0)
World of Tanks v.0.7.0 (x32)
Xiph.Org Open Codecs 0.85.17777 (x32 Version: 0.85.17777)
Yes Streamer 1.3Beta (x32 Version: 1.3Beta)

==================== Restore Points =========================

19-11-2013 12:41:50 Windows Update
21-11-2013 21:47:33 Windows Update
21-11-2013 22:35:57 Before uninstalling Google Toolbar for Internet Explorer
23-11-2013 01:00:14 Windows Update
26-11-2013 19:23:27 Windows Update
03-12-2013 13:09:07 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2512B675-C250-4BF5-9992-544E293BB874} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02] (Google Inc.)
Task: {42C7BF62-1D35-480D-ABE8-F07D27E5E26A} - System32\Tasks\ASC7_SkipUac_huber => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2013-10-28] (IObit)
Task: {61476729-A89A-407C-A471-E4854CA90120} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-02-08] ()
Task: {924C4FC2-2FBA-4FA1-9992-AE2CD2B6280B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {A109D3BD-5D7D-4AF0-8C51-A744FDAF4C1D} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2013-09-13] (IObit)
Task: {A5BAB2DC-6A7C-4B56-849E-57B7BF44923D} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2013-09-08] (IObit)
Task: {BABF7A62-9BA9-407A-8B29-69BEA46C4A9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02] (Google Inc.)
Task: {BDEB45C5-9D2C-47C5-BCEC-0AA74A42E48D} - System32\Tasks\{CFE84E0E-4C51-4F70-B18D-4E3F35569D3B} => C:\Program Files (x86)\Steam\steamapps\common\call of duty black ops\BlackOps.exe [2013-05-25] ()
Task: {C9752871-B796-4531-9B5A-8A4E306DA3A5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {CB5126C0-CFA9-48F2-B97B-FB84623E05E6} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2013-05-22] (IObit)
Task: {D3B270FE-DCAE-4005-9114-551CED198105} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-09-08] (IObit)
Task: {E9792658-1D26-4F67-9943-FEEB7737A633} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {F36AAB2A-075C-4D2F-BB9F-52199B9FBAAF} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2013-10-25] (IObit)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-08-20 08:49 - 2011-03-02 21:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-11-13 15:13 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2013-02-23 18:09 - 2013-02-23 18:02 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-08-19 18:02 - 2011-08-19 18:02 - 00102184 _____ () C:\ProgramData\Yes Streamer\EasyHook32.dll
2011-08-19 18:02 - 2011-08-19 18:02 - 00081704 _____ () C:\ProgramData\Yes Streamer\portaudio_x86.dll
2011-08-19 18:02 - 2011-08-19 18:02 - 00556840 _____ () C:\ProgramData\Yes Streamer\taglib.dll
2011-08-19 18:02 - 2011-08-19 18:02 - 00225064 _____ () C:\ProgramData\Yes Streamer\CORE_RL_lcms_.dll
2011-08-19 18:02 - 2011-08-19 18:02 - 00031528 _____ () C:\ProgramData\Yes Streamer\CORE_RL_xlib_.dll
2011-08-19 18:02 - 2011-08-19 18:02 - 00716584 _____ () C:\ProgramData\Yes Streamer\log4cxx.dll
2011-08-19 18:01 - 2011-08-19 18:01 - 04534072 _____ () C:\ProgramData\Yes Streamer\avcodec-52.dll
2011-08-19 18:01 - 2011-08-19 18:01 - 00083768 _____ () C:\ProgramData\Yes Streamer\avutil-50.dll
2011-08-19 18:02 - 2011-08-19 18:02 - 00313640 _____ () C:\ProgramData\Yes Streamer\libmp3lame-0.dll
2011-08-19 18:01 - 2011-08-19 18:01 - 00795448 _____ () C:\ProgramData\Yes Streamer\avformat-52.dll
2011-08-19 18:02 - 2011-08-19 18:02 - 00203064 _____ () C:\ProgramData\Yes Streamer\swscale-0.dll
2011-09-05 16:28 - 2011-09-05 16:28 - 00562072 _____ () C:\ProgramData\Yes Streamer\sqlite3.dll
2011-08-19 18:02 - 2011-08-19 18:02 - 00143144 _____ () C:\ProgramData\Yes Streamer\fribidi.dll
2009-08-01 06:39 - 2009-08-01 06:39 - 00503202 _____ () C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
2013-03-10 23:39 - 2013-03-10 23:39 - 00227192 _____ () C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPButton.dll
2013-03-10 23:39 - 2013-03-10 23:39 - 00597880 _____ () C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPContentFilter.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2013 05:50:08 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00038e19
Faulting process id: 0x1fa8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/03/2013 10:51:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ASCUrlScanner.dll_unloaded, version: 0.0.0.0, time stamp: 0x5237ff12
Exception code: 0xc0000005
Fault offset: 0x07ba0537
Faulting process id: 0x21e0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/03/2013 10:21:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x80000002
Fault offset: 0x771fd7e8
Faulting process id: 0xf5c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/03/2013 03:38:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0xdf4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/03/2013 03:14:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 03:11:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xa7e67c6b
Faulting process id: 0x2dc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/03/2013 02:27:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ASCUrlScanner.dll_unloaded, version: 0.0.0.0, time stamp: 0x5237ff12
Exception code: 0xc0000005
Fault offset: 0x07f60537
Faulting process id: 0x119c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/03/2013 05:15:46 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/03/2013 05:08:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 05:08:35 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (12/03/2013 03:14:47 PM) (Source: Service Control Manager) (User: )
Description: The SecureUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (12/03/2013 01:22:47 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the YesMediaServer service.

Error: (12/03/2013 01:22:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the YesMediaServer service.

Error: (12/03/2013 11:56:21 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the YesMediaServer service.

Error: (12/03/2013 05:09:05 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (12/03/2013 05:08:53 AM) (Source: Service Control Manager) (User: )
Description: The SecureUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (12/03/2013 05:08:35 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/03/2013 05:08:35 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (12/02/2013 07:18:53 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (12/02/2013 07:18:29 AM) (Source: Service Control Manager) (User: )
Description: The SecureUpdate service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (12/04/2013 05:50:08 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea8e7c000000500038e191fa801cef09ae64f432eC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll2ad5e3c0-5c97-11e3-8db4-bcaec5df2d4c

Error: (12/03/2013 10:51:38 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cASCUrlScanner.dll_unloaded0.0.0.05237ff12c000000507ba053721e001cef065442b9874C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEASCUrlScanner.dllb3e2dae8-5c5c-11e3-8db4-bcaec5df2d4c

Error: (12/03/2013 10:21:03 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cunknown0.0.0.00000000080000002771fd7e8f5c01cef060fd528474C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown6e4572b4-5c58-11e3-8db4-bcaec5df2d4c

Error: (12/03/2013 03:38:28 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea8e7c0000374000ce753df401cef02a3a454dbeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll30980058-5c20-11e3-8db4-bcaec5df2d4c

Error: (12/03/2013 03:14:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 03:11:19 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cunknown0.0.0.000000000c0000005a7e67c6b2dc01cef0259e30dea6C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown65d88b12-5c1c-11e3-8922-bcaec5df2d4c

Error: (12/03/2013 02:27:03 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cASCUrlScanner.dll_unloaded0.0.0.05237ff12c000000507f60537119c01cef01a8ee2c703C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEASCUrlScanner.dll36c146c1-5c16-11e3-8922-bcaec5df2d4c

Error: (12/03/2013 05:15:46 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\ATI Technologies\PRW\amdprw.exe

Error: (12/03/2013 05:08:55 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 05:08:35 AM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 4077.26 MB
Available physical RAM: 2674.25 MB
Total Pagefile: 10190.44 MB
Available Pagefile: 7839.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:59.95 GB) NTFS
Drive d: () (Fixed) (Total:270.45 GB) (Free:214.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4FE04FDF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270 GB) - (Type=07 NTFS)

==================== End Of Log ============================

can delete those files 2x logs? thx

and how much time is couple of days that ok to delete quarantine malware???

please help with this thanks.

Edited by TripleTripe

Share this post


Link to post
Share on other sites

Post #: 7   Posted

p22002970.gif Uninstall Advanced SystemCare 7.

Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

p22002970.gif Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

fixlist.txt


Share this post


Link to post
Share on other sites

Post #: 8   Posted (edited)

questions- so remove the program for ever?

do you use registry cleaner sometimes? if recomend TuneUp 2014 ?

I downloaded the fixlist.txt - please tell me if i do the right way-

1) first delete Advance system care 7

2) I open new folder name: FAST64 (for it's own) - put there both 4 files- (Additional.txt- FAST64.exe - fixlist.txt - FAST.txt )

placed on: C:\Users\name\Downloads\FAST

now I need to open the FAST.txt and Run (start) the FAST64 , than I pressing Fix and waiting, and bring the Fixlog.txt ?

sorry didnt want to do some worng. thx for help.

Edited by TripleTripe

Share this post


Link to post
Share on other sites

Post #: 9   Posted

do you use registry cleaner sometimes?

Never and I posted above why.

You just run FRST64 and press "Fix" button. No need to open anything else.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


Share this post


Link to post
Share on other sites

Post #: 10   Posted (edited)

roger my friend, here is the Fixlog.txt -

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-12-2013
Ran by huber at 2013-12-04 21:54:19 Run:1
Running from C:\Users\huber\Downloads\FAST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\huber\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
C:\Users\huber\AppData\Local\TBHostSupport
MountPoints2: {46473585-0f20-11e3-80bc-bcaec5df2d4c} - F:\Startme.exe
URLSearchHook: HKLM-x32 - NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
C:\Program Files (x86)\NCH_EN
SearchScopes: HKLM - DefaultScope {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya....E&cr=1361127720
SearchScopes: HKLM - {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya....E&cr=1361127720
SearchScopes: HKLM-x32 - DefaultScope {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya....E&cr=1361127720
SearchScopes: HKLM-x32 - {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya....E&cr=1361127720
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2801948
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...000bcaec5df2d4c
SearchScopes: HKCU - {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya....E&cr=1361127720
SearchScopes: HKCU - {98D0C22A-6095-48DC-A630-CED97A7F603B} URL = http://search.condui...648475932843724
BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
BHO-x32: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2013-12-03 17:09 - 2013-12-03 17:09 - 00000000 ____D C:\Users\huber\AppData\Local\TBHostSupport
C:\Users\huber\AppData\Local\Temp\avgnt.exe
C:\Users\huber\AppData\Local\Temp\setup.exe
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport => Value deleted successfully.
C:\Users\huber\AppData\Local\TBHostSupport => Moved successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46473585-0f20-11e3-80bc-bcaec5df2d4c} => Key deleted successfully.
HKCR\CLSID\{46473585-0f20-11e3-80bc-bcaec5df2d4c} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e} => Key deleted successfully.
C:\Program Files (x86)\NCH_EN => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} => Key deleted successfully.
HKCR\CLSID\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} => Key deleted successfully.
HKCR\CLSID\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{98D0C22A-6095-48DC-A630-CED97A7F603B} => Key deleted successfully.
HKCR\CLSID\{98D0C22A-6095-48DC-A630-CED97A7F603B} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Key deleted successfully.
HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{37483b40-c254-4a72-bda4-22ee90182c1e} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37483B40-C254-4A72-BDA4-22EE90182C1E} => Value deleted successfully.
HKCR\CLSID\{37483B40-C254-4A72-BDA4-22EE90182C1E} => Key not found.
HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully.
HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.
C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\gcswf32.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll not found.
C:\Windows\SysWOW64\npdeployJava1.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
"C:\Users\huber\AppData\Local\TBHostSupport" => File/Directory not found.
C:\Users\huber\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\huber\AppData\Local\Temp\setup.exe => Moved successfully.
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.

==== End of Fixlog ====

just many thanks for your help.

questions: do I can delete the quarantine malware? as I said is party names over there ^^

- the NCH EN toolbar deleted :) do I can remove all it's registry or reboot?

im waiting your order, dont do what didnt need to.

Edited by TripleTripe

Share this post


Link to post
Share on other sites

Post #: 11   Posted

Leave everything alone for now.

p22002970.gif Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

p22002970.gif Create new restore point before proceeding with the next step....
How to:

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


Share this post


Link to post
Share on other sites

Post #: 12   Posted (edited)

roger than mate, doing.

RogueKiller found 7 bad registry, they are in new folder name: RK_Quarantine ,now showing log files:

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : huber [Admin rights]
Mode : Remove -- Date : 12/05/2013 02:57:09
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[sUSP PATH] berkelium.exe -- C:\ProgramData\Yes Streamer\berkelium.exe [-] -> KILLED [TermProc]
[sUSP PATH][DLL] rundll32.exe -- C:\Users\huber\AppData\Local\TBHostSupport\TBHostSupport.dll [x] -> rundll32.exe KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[iFEO] HKLM\[...]\ActionCenterDownloader.exe : Debugger ("C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe" [7]) -> DELETED
[iFEO] HKLM\[...]\Deployer.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[iFEO] HKLM\[...]\DriverBooster.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[iFEO] HKLM\[...]\Promote.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[iFEO] HKLM\[...]\Scheduler.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[iFEO] HKLM\[...]\SDInit.exe : Debugger ("C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe" [7]) -> DELETED
[iFEO] HKLM\[...]\SmartDefrag.exe : Debugger ("C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe" [7]) -> DELETED
[iFEO] HKLM\[...]\UpdateDB.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] 12893a4cfc106895ccf256a23ee1c433
[bSP] dca6e48254042917010fe0ccc5df1bc5 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 199900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409602048 | Size: 276938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12052013_025709.txt >>
RKreport[0]_S_12052013_025544.txt

--- I will edit for Malwarebytes Anti-Rootkit - report. = need create restore as said.

+ damn I love you are saving life human! thx you my hero! - will add reports Malware anti rookit mate.

Edit- can't download it= Internal Server Error :( I do again

again- Service Temporarily Unavailable :(

"The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later."

got it, there he is:

System-log.txt

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16428

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.110000 GHz
Memory total: 4275318784, free: 2276229120

Downloaded database version: v2013.12.04.10
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
12/05/2013 03:23:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spkq.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\System32\Drivers\axldb4vz.SYS
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\comdlg32.dll
\Windows\System32\kernel32.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\user32.dll
\Windows\System32\nsi.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\psapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\lpk.dll
\Windows\System32\ws2_32.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\difxapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ole32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\usp10.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\clbcatq.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004dd4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-8\
Lower Device Object: 0xfffffa8004b03060
Lower Device Driver Name: \Driver\atapi\
IRP handler 0 of \Driver\atapi points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004dd4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-8\
Lower Device Object: 0xfffffa8004b03060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004dd4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c629b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004dd4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004ae4d10, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004b03060, DeviceName: \Device\Ide\IdeDeviceP3T1L0-8\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a012690740, 0xfffffa8004dd4060, 0xfffffa8007a5d790
Lower DeviceData: 0xfffff8a00f5bc8e0, 0xfffffa8004b03060, 0xfffffa8004010a70
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4FE04FDF

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 409395200

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409602048 Numsec = 567169024

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

mbar-log-2013-12-05 (03-23-23)

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.12.04.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
huber :: HUBER-PC [administrator]

05/12/2013 03:23:23
mbar-log-2013-12-05 (03-23-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 224758
Time elapsed: 12 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

No had to restart, found 0 ? im ready man ^^

Edited by TripleTripe

Share this post


Link to post
Share on other sites

Post #: 13   Posted

Share this post


Link to post
Share on other sites

Post #: 14   Posted

srange, again:

mbar-log-2013-12-05 (07-26-35)

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.12.05.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
huber :: HUBER-PC [administrator]

05/12/2013 07:26:35
mbar-log-2013-12-05 (07-26-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 224585
Time elapsed: 12 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

system-log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16428

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.110000 GHz
Memory total: 4275318784, free: 2276229120

Downloaded database version: v2013.12.04.10
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
12/05/2013 03:23:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spkq.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\System32\Drivers\axldb4vz.SYS
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\comdlg32.dll
\Windows\System32\kernel32.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\user32.dll
\Windows\System32\nsi.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\psapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\lpk.dll
\Windows\System32\ws2_32.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\difxapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ole32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\usp10.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\clbcatq.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004dd4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-8\
Lower Device Object: 0xfffffa8004b03060
Lower Device Driver Name: \Driver\atapi\
IRP handler 0 of \Driver\atapi points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004dd4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-8\
Lower Device Object: 0xfffffa8004b03060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004dd4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c629b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004dd4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004ae4d10, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004b03060, DeviceName: \Device\Ide\IdeDeviceP3T1L0-8\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a012690740, 0xfffffa8004dd4060, 0xfffffa8007a5d790
Lower DeviceData: 0xfffff8a00f5bc8e0, 0xfffffa8004b03060, 0xfffffa8004010a70
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4FE04FDF

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 409395200

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409602048 Numsec = 567169024

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16428

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.110000 GHz
Memory total: 4275318784, free: 2505039872

Downloaded database version: v2013.12.05.01
Downloaded database version: v2013.12.05.02
Initializing...
======================
------------ Kernel report ------------
12/05/2013 07:26:32
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spkq.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\System32\Drivers\axldb4vz.SYS
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\comdlg32.dll
\Windows\System32\kernel32.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\user32.dll
\Windows\System32\nsi.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\psapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\lpk.dll
\Windows\System32\ws2_32.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\difxapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ole32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\usp10.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\clbcatq.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004dd4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-8\
Lower Device Object: 0xfffffa8004b03060
Lower Device Driver Name: \Driver\atapi\
IRP handler 0 of \Driver\atapi points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004dd4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-8\
Lower Device Object: 0xfffffa8004b03060
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa8004010a70
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004dd4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c629b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004dd4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004ae4d10, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004b03060, DeviceName: \Device\Ide\IdeDeviceP3T1L0-8\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00e04b660, 0xfffffa8004dd4060, 0xfffffa8007a5d790
Lower DeviceData: 0xfffff8a00cfe87f0, 0xfffffa8004b03060, 0xfffffa8004010a70
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4FE04FDF

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 409395200

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409602048 Numsec = 567169024

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished


Share this post


Link to post
Share on other sites

Post #: 15   Posted (edited)

-bad new- the TBhostsupport folder + file are back some how.. he moved succesfull to quarantine, but is back ? :(

do this page can be right? http://greatis.com/appdata/d/TEMP/s/scoped_dir_2560_5282_crx_install_tbhostsupport_tbhostsupport.dll.htm - saw that tbhostsupport.dll is dangerus :\

and how to remove it safety? thx m8

if you didnt want enter the site, is safe I hope, copy paste from there, you will know:

Manual removal instructions:

Antivirus Report of %TEMP%\SCOPED_DIR_2560_5282\CRX_INSTALL\TBHOSTSUPPORT\TBHOSTSUPPORT.DLL: %TEMP%\SCOPED_DIR_2560_5282\CRX_INSTALL\TBHOSTSUPPORT\TBHOSTSUPPORT.DLL Conduit (fs) %TEMP%\SCOPED_DIR_2560_5282\CRX_INSTALL\TBHOSTSUPPORT\TBHOSTSUPPORT.DLL Dangerous %TEMP%\SCOPED_DIR_2560_5282\CRX_INSTALL\TBHOSTSUPPORT\TBHOSTSUPPORT.DLL High Risk %temp%\scoped_dir_2560_5282\crx_install\tbhostsupport\tbhostsupport.dll We suggest you to remove TBHOSTSUPPORT.DLL from your computer as soon as possible.
TBHOSTSUPPORT.DLL is known as: Conduit (fs)
MD5 of TBHOSTSUPPORT.DLL = 9fd16d3cc543eb20f067dd6537432082
TBHOSTSUPPORT.DLL size is 458016 bytes.
Full path on a computer: %TEMP%\SCOPED_DIR_2560_5282\CRX_INSTALL\TBHOSTSUPPORT\TBHOSTSUPPORT.DLL
Related Files:
%Temp%\scoped_dir_2560_5282\CRX_INSTALL\tb\sl\serviceLayer.js
%Temp%\scoped_dir_2560_5282\CRX_INSTALL\tb\version.txt
%Temp%\scoped_dir_2560_5282\CRX_INSTALL\TBHostSupport\TBHostSupport.dll
%Temp%\scoped_dir_2560_5282\CRX_INSTALL\_locales\en\messages.json
%Temp%\scoped_dir_792_5037\CRX_INSTALL\Search\html\SearchBackground.html

Remove TBHOSTSUPPORT.DLL now!

Reviewed by:

by NightWatcher

TBHOSTSUPPORT.DLL Dangerous Rating: 5 out of 5 ---- they right, "TBHOSTSUPPORT.DLL size is 458016 bytes" :-(

--- 2x log files from RogueKiller, pasted up there 1, here they both:

1)

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : huber [Admin rights]
Mode : Remove -- Date : 12/05/2013 02:57:09
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[sUSP PATH] berkelium.exe -- C:\ProgramData\Yes Streamer\berkelium.exe [-] -> KILLED [TermProc]
[sUSP PATH][DLL] rundll32.exe -- C:\Users\huber\AppData\Local\TBHostSupport\TBHostSupport.dll [x] -> rundll32.exe KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[iFEO] HKLM\[...]\ActionCenterDownloader.exe : Debugger ("C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe" [7]) -> DELETED
[iFEO] HKLM\[...]\Deployer.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[iFEO] HKLM\[...]\DriverBooster.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[iFEO] HKLM\[...]\Promote.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[iFEO] HKLM\[...]\Scheduler.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[iFEO] HKLM\[...]\SDInit.exe : Debugger ("C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe" [7]) -> DELETED
[iFEO] HKLM\[...]\SmartDefrag.exe : Debugger ("C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe" [7]) -> DELETED
[iFEO] HKLM\[...]\UpdateDB.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] 12893a4cfc106895ccf256a23ee1c433
[bSP] dca6e48254042917010fe0ccc5df1bc5 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 199900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409602048 | Size: 276938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12052013_025709.txt >>
RKreport[0]_S_12052013_025544.txt

2)

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : huber [Admin rights]
Mode : Scan -- Date : 12/05/2013 02:55:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[sUSP PATH] berkelium.exe -- C:\ProgramData\Yes Streamer\berkelium.exe [-] -> KILLED [TermProc]
[sUSP PATH][DLL] rundll32.exe -- C:\Users\huber\AppData\Local\TBHostSupport\TBHostSupport.dll [x] -> rundll32.exe KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[iFEO] HKLM\[...]\ActionCenterDownloader.exe : Debugger ("C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe" [7]) -> FOUND
[iFEO] HKLM\[...]\Deployer.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[iFEO] HKLM\[...]\DriverBooster.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[iFEO] HKLM\[...]\Promote.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[iFEO] HKLM\[...]\Scheduler.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[iFEO] HKLM\[...]\SDInit.exe : Debugger ("C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe" [7]) -> FOUND
[iFEO] HKLM\[...]\SmartDefrag.exe : Debugger ("C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe" [7]) -> FOUND
[iFEO] HKLM\[...]\UpdateDB.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] 12893a4cfc106895ccf256a23ee1c433
[bSP] dca6e48254042917010fe0ccc5df1bc5 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 199900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409602048 | Size: 276938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12052013_025544.txt >>

sorry, they are looking so much simillar, but they not, pasted they both.

Edited by TripleTripe

Share this post


Link to post
Share on other sites

Post #: 16   Posted

p22002970.gif Create new restore point before proceeding with the next step....
How to:

p22002970.gif Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.



    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.


  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"


**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.



When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.


Share this post


Link to post
Share on other sites

Post #: 17   Posted

asking m8, the NOTE - just If, for some reason, Combofix refuses to run? and how to Restart computer in safe mode ?

I hope not get to that part.. hope the first work fine with disable and disconncetion.

so from the NOTE part, didnt do if work well right?

copy, hope work well..


Share this post


Link to post
Share on other sites

Post #: 18   Posted

Share this post


Link to post
Share on other sites

Post #: 19   Posted (edited)

:( disconnected internet before so no up-date ? I think modem will self alone want to connect :\

need stay connect to internet when didnt got security?

the ComboFix icon dissapier after question without internet connection and all security off: start with REDUCE MODE - something, with number in start little log window

I get this in local disk C:/COMBOFIX = NircmdB.exe ???

sorry im idiot :(

- do make a restore before using combofix or is fine with this?

Edited by TripleTripe

Share this post


Link to post
Share on other sites

Post #: 20   Posted

Don't disconnect from the internet manually.

My instructions don't ask for it.

Restart computer, make sure internet connection is on and run Combofix.

Don't overthink it...lol


Share this post


Link to post
Share on other sites

Post #: 21   Posted (edited)

oki is done - first all secutiry up but I dont see them working in the down side bar... but they on green working, every page internet want to pass, is ask to... :\

log fire combofix - so many other folders are opened like: "Recovery" , "Qoobox" , "found.000" ... hmm he found and fight that ugly TBHhostsupport - help:

ComboFix 13-12-04.04 - huber 12/06/2013 0:53.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1255.972.1033.18.4077.1958 [GMT 2:00]
Running from: c:\users\huber\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\huber\AppData\Local\TBHostSupport
c:\users\huber\AppData\Local\TBHostSupport\TBHostSupport.dll
c:\users\huber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.lnk
c:\users\huber\AppData\Roaming\windows
c:\users\huber\AppData\Roaming\windows\Files\Updates\files\data.ini
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-11-05 to 2013-12-05 )))))))))))))))))))))))))))))))
.
.
2013-12-05 22:58 . 2013-12-05 22:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-05 01:23 . 2013-12-05 05:39 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-05 01:21 . 2013-12-05 05:25 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-05 01:08 . 2013-12-05 22:12 -------- d-----w- c:\users\huber\AppData\Local\CrashDumps
2013-12-04 14:23 . 2013-12-04 14:23 -------- d-----w- C:\FRST
2013-12-03 13:09 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED61700E-A72C-40CF-81C1-F2FADA9778B0}\mpengine.dll
2013-11-21 21:42 . 2013-11-23 14:29 -------- d-----w- c:\program files\Google
2013-11-14 10:58 . 2013-11-14 10:58 -------- d-----w- c:\users\huber\AppData\Local\WhiteListing
2013-11-13 13:38 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-13 13:14 . 2013-12-03 03:13 -------- d-----w- c:\programdata\ProductData
2013-11-13 13:14 . 2013-11-13 13:14 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-13 11:54 . 2013-11-13 11:54 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2013-11-09 11:54 . 2013-05-22 16:49 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-11-09 11:52 . 2013-05-22 16:49 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-03 09:19 . 2013-03-28 20:06 107416 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-11-21 21:42 . 2012-04-07 17:37 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-21 21:42 . 2011-08-20 07:03 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-14 10:36 . 2013-03-28 20:06 132600 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-11-13 13:33 . 2011-08-23 02:10 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-11 03:50 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-10 23:04 . 2013-10-10 23:04 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-10 23:04 . 2013-10-10 23:04 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-10 23:04 . 2013-10-10 23:04 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-10 23:04 . 2013-10-10 23:04 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-10 23:04 . 2013-10-10 23:04 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-10 23:04 . 2013-10-10 23:04 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-10 23:04 . 2013-10-10 23:04 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-08 14:01 . 2013-10-08 14:01 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-10-08 14:01 . 2013-10-08 14:01 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-10-08 14:01 . 2013-10-08 14:01 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-10-08 14:01 . 2013-10-08 14:01 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-10-08 14:01 . 2013-10-08 14:01 125824 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-10-08 14:01 . 2010-09-29 01:14 142792 ----a-w- c:\windows\system32\atiuxp64.dll
2013-10-08 14:01 . 2011-12-30 00:01 114488 ----a-w- c:\windows\system32\atiu9p64.dll
2013-10-08 14:01 . 2010-09-29 01:13 97984 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-10-08 14:01 . 2010-09-29 01:54 1237200 ----a-w- c:\windows\system32\aticfx64.dll
2013-10-08 14:01 . 2013-10-08 14:01 1030128 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-10-08 14:00 . 2010-09-29 01:37 9464840 ----a-w- c:\windows\system32\atidxx64.dll
2013-10-08 14:00 . 2013-10-08 14:00 8215992 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-10-08 14:00 . 2013-10-08 14:00 6176008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-10-08 14:00 . 2013-10-08 14:00 6189416 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-10-08 14:00 . 2011-12-06 02:39 6767240 ----a-w- c:\windows\system32\atiumd6a.dll
2013-10-08 14:00 . 2011-12-06 02:24 7256496 ----a-w- c:\windows\system32\atiumd64.dll
2013-10-08 13:58 . 2013-10-08 13:58 12534784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-10-08 13:39 . 2013-10-08 13:39 229376 ----a-w- c:\windows\system32\clinfo.exe
2013-10-08 13:39 . 2013-10-08 13:39 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-10-08 13:39 . 2013-10-08 13:39 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-10-08 13:39 . 2013-10-08 13:39 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-10-08 13:39 . 2013-10-08 13:39 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-10-08 13:39 . 2013-10-08 13:39 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-10-08 13:38 . 2013-10-08 13:38 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-10-08 13:38 . 2013-10-08 13:38 127488 ----a-w- c:\windows\system32\coinst_13.152.1.8.dll
2013-10-08 13:38 . 2013-10-08 13:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-10-08 13:38 . 2013-10-08 13:38 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-10-08 13:38 . 2013-10-08 13:38 28192256 ----a-w- c:\windows\system32\amdocl64.dll
2013-10-08 13:36 . 2013-10-08 13:36 23761408 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-10-08 13:34 . 2013-10-08 13:34 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-10-08 13:34 . 2013-10-08 13:34 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-10-08 13:17 . 2013-10-08 13:17 25385984 ----a-w- c:\windows\system32\atio6axx.dll
2013-10-08 13:13 . 2013-10-08 13:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-10-08 13:13 . 2013-10-08 13:13 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-10-08 13:13 . 2013-10-08 13:13 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-10-08 13:13 . 2013-10-08 13:13 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-10-08 13:13 . 2013-10-08 13:13 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-10-08 13:13 . 2013-10-08 13:13 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-10-08 13:09 . 2013-10-08 13:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-10-08 13:00 . 2013-10-08 13:00 21400064 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-10-08 12:54 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-10-08 12:53 . 2013-10-08 12:53 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-10-08 12:53 . 2013-10-08 12:53 576512 ----a-w- c:\windows\system32\atieclxx.exe
2013-10-08 12:52 . 2013-10-08 12:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-10-08 12:51 . 2013-10-08 12:51 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-10-08 12:28 . 2012-12-19 19:33 784384 ----a-w- c:\windows\system32\atiadlxx.dll
2013-10-08 12:28 . 2013-10-08 12:28 594944 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-10-08 12:28 . 2013-10-08 12:28 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2013-10-08 12:28 . 2013-10-08 12:28 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-10-08 12:28 . 2013-10-08 12:28 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-10-08 12:28 . 2013-10-08 12:28 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-10-08 12:27 . 2013-10-08 12:27 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-10-08 12:27 . 2013-10-08 12:27 619008 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-10-08 12:24 . 2013-10-08 12:24 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-10-08 06:50 . 2013-10-08 06:50 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-10-08 06:45 . 2013-10-08 06:45 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-10-08 04:50 . 2013-10-22 20:40 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-01 10:43 . 2013-05-07 16:23 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-10-01 10:43 . 2013-03-28 20:06 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-09-30 07:16 . 2013-09-16 16:29 268968 ----a-w- c:\windows\SysWow64\sqlite3.dll
2013-09-08 02:30 . 2013-10-10 20:11 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-10 20:11 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-10 20:11 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-02-08 13:10 1521800 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-11-14 683576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SecureUpdateSvc;SecureUpdate;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 YesMediaServer;Yes Media Server;c:\programdata\Yes Streamer\MediaServer.exe;c:\programdata\Yes Streamer\MediaServer.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 01:34 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 21:42]
.
2013-12-05 c:\windows\Tasks\Driver Booster Update.job
- c:\program files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-11-15 09:12]
.
2013-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 14:06]
.
2013-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 14:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-11-13 13:14 2486592 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.co.il/
IE: &יצא ל- Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Download with &Media Finder
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 10.0.0.138
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-TBHostSupport - c:\users\huber\AppData\Local\TBHostSupport\TBHostSupport.dll
SafeBoot-MsMpSvc
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\programdata\Yes Streamer\berkelium.exe
.
**************************************************************************
.
Completion time: 2013-12-06 01:04:26 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-05 23:04
.
Pre-Run: 63,659,888,640 bytes free
Post-Run: 63,162,060,800 bytes free
.
- - End Of File - - 7B79551FC17DB1AAB0F96FA8A4177B41
A36C5E4F47E84449FF07ED3517B43A31

Edited by TripleTripe

Share this post


Link to post
Share on other sites

Post #: 22   Posted

Looks good.

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

p22002970.gif Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.


Share this post


Link to post
Share on other sites

Post #: 23   Posted

roger that my hero, here I bring the log files.

first- AdwCleaner

# AdwCleaner v3.014 - Report created 06/12/2013 at 01:41:12
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : huber - HUBER-PC
# Running from : C:\Users\huber\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BCUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\DeviceVM
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DeviceVM
Folder Deleted : C:\Program Files (x86)\Secure Speed Dial
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\huber\AppData\Local\AskToolbar
Folder Deleted : C:\Users\huber\AppData\Local\Conduit
Folder Deleted : C:\Users\huber\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\huber\AppData\Local\WhiteListing
Folder Deleted : C:\Users\huber\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\huber\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\huber\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\huber\AppData\LocalLow\NCH_EN
Folder Deleted : C:\Users\huber\AppData\Roaming\DeviceVM
Folder Deleted : C:\Users\huber\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\huber\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfjhiccppafcjicfalobggnophliocpp
File Deleted : C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\NCH Software
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jfjhiccppafcjicfalobggnophliocpp
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [bCU]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_free-m4a-to-mp3-converter_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_free-m4a-to-mp3-converter_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_the-all-seeing-eye[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_the-all-seeing-eye[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_the-all-seeing-eye_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_the-all-seeing-eye_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{125B7A09-B405-46FB-95FB-96CF6B72992D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{125B7A09-B405-46FB-95FB-96CF6B72992D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{819DC4CA-4FFF-4C2E-800D-F346471D99BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D87B85EC-2E55-48A8-866B-E2F334D5C858}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC304FD5-E848-466B-BED5-B4AE840F606C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\NCH_EN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\NCH_EN
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [13890 octets] - [06/12/2013 01:38:30]
AdwCleaner[s0].txt - [13310 octets] - [06/12/2013 01:41:12]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [13371 octets] ##########

second- Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by huber on Fri 12/06/2013 at 1:48:41.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5F96FD55-6512-417C-93B3-317933C105FC}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\huber\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\huber\appdata\local\cre"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/06/2013 at 1:52:09.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

now doing with OTL - will edit my friend, lot of Thanks again to you! :)


Share this post


Link to post
Share on other sites

Post #: 24   Posted

Share this post


Link to post
Share on other sites

Post #: 25   Posted (edited)

here the last logs brother :) - waiting your orders, sir!

OTL.txt

OTL logfile created on: 06/12/2013 02:00:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\huber\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 0000040d | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

3.98 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 71.10% Memory free
9.95 Gb Paging File | 8.34 Gb Available in Paging File | 83.81% Paging File free
Paging file location(s): c:\pagefile.sys 6115 6115 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.21 Gb Total Space | 58.89 Gb Free Space | 30.17% Space Free | Partition Type: NTFS
Drive D: | 270.45 Gb Total Space | 214.61 Gb Free Space | 79.35% Space Free | Partition Type: NTFS

Computer Name: HUBER-PC | User Name: huber | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/06 01:36:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\huber\Desktop\OTL.exe
PRC - [2013/11/24 08:28:54 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/11/14 12:36:33 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/11/14 12:36:12 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/11/14 12:36:11 | 000,683,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2013/10/01 12:43:15 | 001,164,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/06/29 18:28:20 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/13 15:37:18 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/08 14:52:58 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/12/04 04:51:18 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/11/21 23:42:20 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/14 12:36:33 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/11/14 12:36:12 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/10/01 12:43:15 | 001,164,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/29 18:28:20 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/15 00:32:40 | 005,480,232 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\Yes Streamer\MediaServer.exe -- (YesMediaServer)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/03 11:19:03 | 000,107,416 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/11/14 12:36:38 | 000,132,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/10/08 15:58:42 | 012,534,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/10/08 14:27:46 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/10/01 12:43:26 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/07/05 10:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/05/22 18:49:32 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/08 14:54:31 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/11/08 14:54:31 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/11/08 14:54:31 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/11/08 14:54:31 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/20 09:00:43 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/28 21:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/09 03:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/12/09 03:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-919280948-690444962-2289758078-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.il/
IE - HKU\S-1-5-21-919280948-690444962-2289758078-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKU\S-1-5-21-919280948-690444962-2289758078-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32 File not found
IE - HKU\S-1-5-21-919280948-690444962-2289758078-1000\..\SearchScopes,DefaultScope = {156B910C-4F81-44f7-9D4D-9DB85806430A}
IE - HKU\S-1-5-21-919280948-690444962-2289758078-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-919280948-690444962-2289758078-1000\..\SearchScopes\{156B910C-4F81-44f7-9D4D-9DB85806430A}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=he&q={searchTerms}
IE - HKU\S-1-5-21-919280948-690444962-2289758078-1000\..\SearchScopes\{54DD8777-8136-465F-A8AA-87D4960AA018}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
IE - HKU\S-1-5-21-919280948-690444962-2289758078-1000\..\SearchScopes\{5911340E-4E3B-480a-81D0-0376EC395497}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKU\S-1-5-21-919280948-690444962-2289758078-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-919280948-690444962-2289758078-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\auto-update@mozilla.org: C:\Users\huber\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate [2012/08/03 18:09:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\auto-update@mozilla.org: C:\Users\huber\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate [2012/08/03 18:09:41 | 000,000,000 | ---D | M]

[2012/05/22 14:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\huber\AppData\Roaming\Mozilla\Extensions
[2012/08/03 18:09:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\huber\AppData\Roaming\Mozilla\Firefox\Extensions
[2012/08/03 18:09:41 | 000,000,000 | ---D | M] (Mozilla Auto-Update) -- C:\Users\huber\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Avira Toolbar = C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.28.54987_0\
CHR - Extension: YouTube = C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: \u05D7\u05D9\u05E4\u05D5\u05E9 Google = C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AccelerateTab = C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\
CHR - Extension: !\u05D5\u05D5\u05D0\u05DC\u05D4 = C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\Extensions\hifljmdhcpanibegopehdlcpjknfnbpm\1.6_0\
CHR - Extension: Avira Toolbar = C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Google Wallet = C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: AD Block = C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkdcodhlkmiakbangobnmdhieapagic\1.0.0_0\
CHR - Extension: Gmail = C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/12/06 00:58:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-919280948-690444962-2289758078-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-919280948-690444962-2289758078-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-919280948-690444962-2289758078-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-919280948-690444962-2289758078-1000\..Trusted Domains: blank ([]about in Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.80.2.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F47EDF7C-CE0F-4796-99B2-37B05067C670}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/06 01:48:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/06 01:38:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/06 01:36:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\huber\Desktop\OTL.exe
[2013/12/06 01:35:59 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\huber\Desktop\JRT.exe
[2013/12/06 01:01:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/12/06 00:52:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/12/06 00:52:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/12/06 00:52:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/12/06 00:27:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/06 00:27:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/12/05 03:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/12/05 03:21:58 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/12/05 03:21:55 | 000,000,000 | ---D | C] -- C:\Users\huber\Desktop\mbar
[2013/12/05 03:11:31 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2013/12/05 03:08:55 | 000,000,000 | ---D | C] -- C:\Users\huber\AppData\Local\CrashDumps
[2013/12/05 02:52:46 | 000,000,000 | ---D | C] -- C:\Users\huber\Desktop\RK_Quarantine
[2013/12/04 16:23:02 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/21 23:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/11/15 19:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
[2013/11/13 15:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2013/11/13 15:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2013/11/13 15:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2013/11/09 13:54:01 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2013/11/09 13:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2

========== Files - Modified Within 30 Days ==========

[2013/12/06 01:52:12 | 000,023,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/06 01:52:12 | 000,023,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/06 01:45:24 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job
[2013/12/06 01:44:26 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/06 01:43:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/06 01:43:32 | 3206,488,064 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/06 01:36:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\huber\Desktop\OTL.exe
[2013/12/06 01:36:00 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\huber\Desktop\JRT.exe
[2013/12/06 01:34:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/06 01:33:57 | 001,110,034 | ---- | M] () -- C:\Users\huber\Desktop\adwcleaner.exe
[2013/12/06 01:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/06 01:00:20 | 000,000,447 | ---- | M] () -- C:\Windows\SysWow64\tversity.cookies
[2013/12/06 00:58:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/05 07:25:55 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/12/03 15:18:12 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/03 15:18:12 | 000,654,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/03 15:18:12 | 000,122,142 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/03 11:19:03 | 000,107,416 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/11/15 19:55:08 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster.lnk
[2013/11/14 12:36:38 | 000,132,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/11/13 15:37:20 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/13 15:37:19 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/09 13:52:09 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk

========== Files Created - No Company Name ==========

[2013/12/06 01:33:57 | 001,110,034 | ---- | C] () -- C:\Users\huber\Desktop\adwcleaner.exe
[2013/12/06 00:52:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/06 00:52:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/06 00:52:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/06 00:52:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/06 00:52:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/15 19:55:10 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\Driver Booster Update.job
[2013/11/15 19:55:08 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\Driver Booster.lnk
[2013/11/13 15:37:20 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/13 15:37:19 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/09 13:52:11 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2013/11/09 13:52:09 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2013/10/08 15:39:08 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/10/08 15:39:08 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/10/08 08:45:08 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/09/16 18:29:27 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/03/01 11:17:17 | 000,004,608 | ---- | C] () -- C:\Users\huber\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/16 22:26:42 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/10/19 22:31:53 | 000,292,911 | ---- | C] () -- C:\Users\huber\AppData\Local\speeddial.crx
[2012/05/18 20:21:22 | 000,057,608 | ---- | C] () -- C:\Users\huber\AppData\Local\walla_app.crx
[2012/04/06 20:43:37 | 000,766,376 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/12/30 02:00:17 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/28 06:48:32 | 000,000,033 | ---- | C] () -- C:\Users\huber\AppData\Roaming\M.data
[2011/08/28 06:48:15 | 000,000,000 | ---- | C] () -- C:\Users\huber\AppData\Roaming\data.ll

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/13 13:54:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2013/11/13 13:54:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2013/10/15 03:07:27 | 000,000,000 | ---D | M] -- C:\Users\huber\AppData\Roaming\BitTorrent
[2013/10/16 02:55:12 | 000,000,000 | ---D | M] -- C:\Users\huber\AppData\Roaming\DAEMON Tools Lite
[2011/08/20 09:01:05 | 000,000,000 | ---D | M] -- C:\Users\huber\AppData\Roaming\Foxit
[2013/03/12 17:06:48 | 000,000,000 | ---D | M] -- C:\Users\huber\AppData\Roaming\Foxit Software
[2013/11/22 18:59:24 | 000,000,000 | ---D | M] -- C:\Users\huber\AppData\Roaming\IObit
[2012/08/03 18:09:39 | 000,000,000 | ---D | M] -- C:\Users\huber\AppData\Roaming\MCommon
[2012/10/08 09:56:09 | 000,000,000 | ---D | M] -- C:\Users\huber\AppData\Roaming\Nitro PDF
[2011/08/20 08:56:33 | 000,000,000 | ---D | M] -- C:\Users\huber\AppData\Roaming\URSoft
[2011/08/20 11:33:02 | 000,000,000 | ---D | M] -- C:\Users\huber\AppData\Roaming\wargaming.net
[2013/09/01 02:50:40 | 000,000,000 | ---D | M] -- C:\Users\huber\AppData\Roaming\WOT Statistics

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/09/16 12:35:47 | 097,757,658 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\亸
[2013/09/14 18:36:19 | 097,757,658 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\亸

========== Alternate Data Streams ==========

@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:1CE11B51

< End of report >

EXTRAS.txt

OTL Extras logfile created on: 06/12/2013 02:00:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\huber\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 0000040d | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

3.98 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 71.10% Memory free
9.95 Gb Paging File | 8.34 Gb Available in Paging File | 83.81% Paging File free
Paging file location(s): c:\pagefile.sys 6115 6115 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.21 Gb Total Space | 58.89 Gb Free Space | 30.17% Space Free | Partition Type: NTFS
Drive D: | 270.45 Gb Total Space | 214.61 Gb Free Space | 79.35% Space Free | Partition Type: NTFS

Computer Name: HUBER-PC | User Name: huber | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-919280948-690444962-2289758078-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09914942-0A1C-41A5-BD18-64560F4D578D}" = rport=445 | protocol=6 | dir=out | app=system |
"{1BEE0EEE-1B76-46F0-AC72-C104F6111B18}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28B30FA2-8F33-46C5-8CBB-75C8C6BAF836}" = rport=139 | protocol=6 | dir=out | app=system |
"{31F1253D-B27A-4576-A15B-7AAEDE3D4B50}" = rport=138 | protocol=17 | dir=out | app=system |
"{39219B14-2CFA-4FB7-BA1D-830BCCBE06E8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51196885-CE2A-4343-9E56-635715C25933}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5351DAB9-C8B2-465C-841B-1AFB87592D9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{55E95DFD-5953-46A3-9C18-8AA3186F2BD0}" = lport=138 | protocol=17 | dir=in | app=system |
"{5E81DDF6-3945-4943-B4FF-461C5D5A3879}" = rport=137 | protocol=17 | dir=out | app=system |
"{628EE39C-6E5B-4BA5-A66D-2FBBFCA98CFC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{893DE83B-56F6-4896-9471-CE11A537AA19}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F1F99E5-1568-475C-A4C8-818FE8742F10}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A2EAD820-6ED2-443E-B495-3917EAA05311}" = lport=445 | protocol=6 | dir=in | app=system |
"{B03BE45C-6176-47DA-A79E-FCF9C3818AEA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B41FC036-1AF6-4C0F-ABE1-5E0B57A4E3DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D2E19608-A258-4F61-BC34-1C7DD507E539}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D33D6BDA-F172-400C-AAD3-2411458AA996}" = lport=137 | protocol=17 | dir=in | app=system |
"{D8D135BD-F922-4B9C-A356-706B0FB24273}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E124A076-B961-44D3-8A6C-2F83C138F30E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E847E1AA-3398-4555-A51A-1DC9886CE328}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA2E1CC9-A92A-4A18-9B76-10DF18688A83}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017EBF9E-A488-4798-A750-48177FA99578}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07E5AA1F-1018-4789-8DC8-3B4B117C197A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A0B1DBA-BFB3-4252-B44C-02FD6FD5766D}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\apache air assault\launcher.exe |
"{0DCDF03A-A1E8-4F84-980C-FAD46AC139B1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2C0EA2B5-3DD8-48F3-BD52-719F53F0F759}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3013D53A-A23A-4DBC-8FE4-8FF09EDED0B0}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\apache air assault\yuplay\yuplay.exe |
"{32B19232-8CBB-48BD-B715-91ADE6B625B5}" = protocol=6 | dir=out | app=system |
"{35C0ED81-BBED-4853-B62E-C480410A28DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{35D7CFDB-B792-4DA2-A349-521243526344}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{395573A1-7832-403E-AB35-0BB4C2E28763}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{47418FF5-1CB8-46EA-91D4-B913940FBD62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{4B4D9D21-240D-4F45-BC6B-00432F5D3E74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4EAE7E65-21B7-4FE5-9800-281A1A0802D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{4FD677FA-65F4-415D-8BEB-7EC14D7291B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{527000B2-5F77-496D-9247-4A5530BE0F45}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe |
"{52FF0F4B-DD62-4A80-A310-C79C2516FEF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{53B25589-718E-4E4A-893E-68D0FC4F2C28}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\apache air assault\launcher.exe |
"{5E7FD16F-36AC-48CB-806C-F5DD20D338F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6440AD53-193B-43A7-87D4-EE65740FF4EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{688D7651-57A3-4F82-BF56-E0E34392E383}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A5781DA-F0B3-47FC-BA7C-E2B64A38456D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7D3CD4BB-99C9-44FD-9397-604A07683AC4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens colonial marines\binaries\win32\acm.exe |
"{7DCEE3A2-E7D0-4A43-B2CB-02AF51F32049}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"{7DD07551-BFC1-48E0-96D3-1E509E176D57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E570D7E-D0B3-4364-8EB0-84D8AC9F868B}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\apache air assault\yuplay\yuplay.exe |
"{7E936492-767F-40D9-82A4-495CF1C41C00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85E3AC30-10E0-4841-AAD6-762BC5BF3425}" = dir=in | app=c:\programdata\yes streamer\mediaserver.exe |
"{8A11F094-529C-4261-8E4A-7BA7D8243BA2}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{8A976253-12C2-4614-81B2-B95F37A5147C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{ACF469F8-4AD8-45A9-B10D-1C3465C60766}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"{B5AA487B-97A5-41E1-9157-4DBDDAF59FF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA1829D0-B769-4C6D-9F5B-3A9EA33B9368}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C3EED591-D2E6-43AF-A592-EC86870460CC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe |
"{CDF87537-7366-4328-8CFB-F09E168F9B98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7BC9833-DB87-4465-AFBA-E3113EE13440}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DEC8D64F-2C4C-41B2-94A8-5EA3C93DF534}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{DF7AB2C3-0718-4791-B3B1-DD353640DF49}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{E59D72BC-1FB0-47D5-92DF-D3A3D2FE539F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{ECAE86AF-BF10-49D3-961D-99FED7CBDB28}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F1FBDC97-1B20-4890-9767-0E371A7FF8CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens colonial marines\binaries\win32\acm.exe |
"{F470BF26-07CD-4BE4-A80D-08F4818BBC5D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F8B60FD2-8C3A-40FC-851A-B66D56EC4C74}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FAD42DD1-E625-4611-B432-0AFD66EAF302}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{FE462769-0453-473C-BA35-8A60D07BBF86}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FE71D8A3-A71D-4A92-A9A0-D1CE5E7F543C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FF270015-1E6C-4658-9DF2-E39F28A57571}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{007B8DCE-D512-4340-BF04-A2EA050DBEBE}D:\mobile games\505games\1c\men of war\mow.exe" = protocol=6 | dir=in | app=d:\mobile games\505games\1c\men of war\mow.exe |
"TCP Query User{105B45DF-2FB0-4A9F-A126-BEA38E2669E9}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{27010B7F-1B10-4B4C-82E8-9174C433490D}C:\windows.old\program files (x86)\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:\windows.old\program files (x86)\dead space 2\deadspace2.exe |
"TCP Query User{294FD15C-B2EE-42C0-808D-3D72833FCD1B}C:\program files (x86)\bitcomposer games\air conflicts secret wars\acsw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomposer games\air conflicts secret wars\acsw.exe |
"TCP Query User{67D877B9-D542-4133-8256-D9976414E06C}D:\mobile games\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=d:\mobile games\dead island\deadislandgame.exe |
"TCP Query User{753323AF-7F61-4028-8507-DE7F44F9A67E}C:\users\huber\desktop\למחשב החדש\אחרי הפירמוט\killing floor\system\killingfloor.exe" = protocol=6 | dir=in | app=c:\users\huber\desktop\למחשב החדש\אחרי הפירמוט\killing floor\system\killingfloor.exe |
"TCP Query User{8200606D-7342-4C5A-A504-18F0A9145111}D:\mobile games\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=6 | dir=in | app=d:\mobile games\codemasters\worms 4 mayhem\worms 4 mayhem.exe |
"TCP Query User{9AF04B7E-2184-4A0E-B6CC-37DC304A53E3}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{C518CED2-339C-497D-90B5-D500835A7624}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{F4C4AFAD-49C8-4F42-99E0-D6414F9D27C5}C:\program files (x86)\bitcomposer games\air conflicts vietnam\acv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomposer games\air conflicts vietnam\acv.exe |
"TCP Query User{FBE1F46A-0470-4A04-AD5D-F2285578DF09}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{FCDEB1FA-8F24-4C82-899E-949D9F5D8E81}D:\programs installed\bittorrent-7.2.1.exe" = protocol=6 | dir=in | app=d:\programs installed\bittorrent-7.2.1.exe |
"UDP Query User{13ED1606-E278-4817-A41A-E119F4035609}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{2E2F3290-DA87-49E1-9935-08B65F5299E5}C:\users\huber\desktop\למחשב החדש\אחרי הפירמוט\killing floor\system\killingfloor.exe" = protocol=17 | dir=in | app=c:\users\huber\desktop\למחשב החדש\אחרי הפירמוט\killing floor\system\killingfloor.exe |
"UDP Query User{5B6A8F36-2BAB-414B-8D2A-8E0684BEDEBB}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{682EFCE4-5BA0-442F-9505-30B9B66BFEA2}D:\mobile games\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=17 | dir=in | app=d:\mobile games\codemasters\worms 4 mayhem\worms 4 mayhem.exe |
"UDP Query User{6EAFFC5C-09D6-461D-958F-E61E09B5E860}C:\windows.old\program files (x86)\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:\windows.old\program files (x86)\dead space 2\deadspace2.exe |
"UDP Query User{856743C5-1450-4593-9F23-491A55A88F77}D:\mobile games\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=d:\mobile games\dead island\deadislandgame.exe |
"UDP Query User{9D2D8886-0B2D-4B06-8038-612A004F1F4E}C:\program files (x86)\bitcomposer games\air conflicts vietnam\acv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomposer games\air conflicts vietnam\acv.exe |
"UDP Query User{A306A6C9-795B-4CD2-A5D4-3FC8442A3ED7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{B577BEF1-CC2A-4189-9557-4BE3377A515A}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{BAF652D9-4505-4B9C-AF97-093CFA7E4036}D:\programs installed\bittorrent-7.2.1.exe" = protocol=17 | dir=in | app=d:\programs installed\bittorrent-7.2.1.exe |
"UDP Query User{DE40EE40-58CA-478A-9717-CDD30BD7FF65}C:\program files (x86)\bitcomposer games\air conflicts secret wars\acsw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomposer games\air conflicts secret wars\acsw.exe |
"UDP Query User{E254C3F6-0375-4701-B908-49491F8DEA7E}D:\mobile games\505games\1c\men of war\mow.exe" = protocol=17 | dir=in | app=d:\mobile games\505games\1c\men of war\mow.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{35B226DA-E3F6-21FD-31AB-0046C6E87043}" = ATI Problem Report Wizard
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{698EDD46-FC0B-926F-54DF-23B6BB20EDFC}" = AMD Drag and Drop Transcoding
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ADCB5F9E-EF88-6D61-EE2F-99F51DF1B6EF}" = AMD Media Foundation Decoders
"{B45B5123-C009-F8B4-FE93-45B42C8A786F}" = ATI AVIVO64 Codecs
"{E57289A3-B314-F00A-F0D0-7CB63E588CFF}" = AMD Accelerated Video Transcoding
"{FEB22B7A-7B05-4A49-3BA3-D24815D37FAE}" = ccc-utility64
"CCleaner" = CCleaner
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{170236F2-1F88-A116-DA64-3FEED17B9387}" = CCC Help Italian
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{2178EDD8-A3A6-50E3-407B-6629EA8E6ECE}" = AMD Catalyst Control Center
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{32957F2B-A371-151F-9DA1-7BCA54BA2C71}" = CCC Help Danish
"{398004A7-6198-B8AB-443A-D250FFA57446}" = CCC Help Greek
"{3A29665B-2304-A9F7-601D-86340BD29D57}" = CCC Help Korean
"{4310E447-8AF3-020C-06D0-CB317D1BC92B}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DF0CAAC-F479-1673-EE92-03FFB9A05C1A}" = CCC Help English
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6670AE0A-83FD-C514-C4EC-51618BEDCF04}" = Catalyst Control Center InstallProxy
"{6DD76706-759A-1D77-9D1B-39FFFEC203BE}" = CCC Help Hungarian
"{6DF3C5B5-AEA5-198E-289C-CAADC4A17C04}" = CCC Help Dutch
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{6F9B3984-08EB-19EE-5E93-E79FD0854596}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{82DA3D5E-0041-D8F7-6ACD-53A06C863FD4}" = CCC Help Swedish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{8E63AD00-6BEB-9E98-739E-C8EE42CF0419}" = CCC Help Norwegian
"{9011040D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9584BE1B-2FBE-4F45-13EA-6567F3E2D9A2}" = CCC Help Chinese Traditional
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{993609E5-B0A7-0270-BA78-385016D5A4FA}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C50B767-48BA-A567-0CFE-31620AE8FC97}" = CCC Help German
"{9E94C6F8-2B4E-D900-E73C-E7BCC7653188}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B80BE2E3-EA77-53D4-7A56-C53D452E6D50}" = HydraVision
"{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{bd8defa4-19fa-4964-9692-f1122d8a62d9}}_is1" = Apache: Air Assault
"{BEFD4139-C684-DBF8-33F2-7963161E2F10}" = CCC Help Russian
"{CFBC3C9F-C781-4A0A-4AC9-BEBDE9850C16}" = CCC Help Turkish
"{D17BE572-CBFB-2AA4-759B-E21F04093001}" = CCC Help Thai
"{D3C44AE6-7A77-6CB3-0708-C970C53E8136}" = Catalyst Control Center Localization All
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9E87CFE-894C-8FFB-31C2-61C6B640F2B2}" = CCC Help Finnish
"{E9F63F5F-00EF-516C-C7F6-ABD3DC174B5E}" = CCC Help Polish
"{EA3960CB-883C-5B18-FA85-7C36C320E4BC}" = Catalyst Control Center Graphics Previews Common
"{ED62231A-B71D-C39A-7CE0-B2C8388A67C2}" = CCC Help French
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FBC9A8BD-C74D-86B3-7818-D584C9174F48}" = CCC Help Portuguese
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"AccelerateTab_is1" = AccelerateTab
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"BSPlayer1" = BSPlayer
"Driver Booster_is1" = Driver Booster
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"IObit Surfing Protection_is1" = Surfing Protection
"IObitUninstall" = IObit Uninstaller
"Jurassic Park The Game" = Jurassic Park The Game
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"PunkBusterSvc" = PunkBuster Services
"QWlyQ29uZmxpY3RzVmlldG5hbQ==_is1" = Air Conflicts: Vietnam
"Smart Defrag 2_is1" = Smart Defrag 2
"SpeedFan" = SpeedFan (remove only)
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 49540" = Aliens: Colonial Marines
"Steam App 630" = Alien Swarm
"TVersity Codec Pack" = TVersity Codec Pack 1.7
"Yes Streamer" = Yes Streamer 1.3Beta

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-919280948-690444962-2289758078-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"AirConflictsSecretWars" = Air Conflicts Secret Wars

< End of report >

Edited by TripleTripe

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.