Jump to content


Photo

[RESOLVED] "TBHostSupport" "mysearchresults"


  • You cannot start a new topic
  • Please log in to reply
23 replies to this topic

#1 TripleTripe

TripleTripe

    Member

  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 07:19 AM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 09 December 2013 - 09:31 PM

Hey, Im sorry if this not in the right forum, I was not sure where post it, please forgive me If I worng, hope is right.

 

First, asking about a Galaxy 4.2.2 Android Device that Phone shuting down with no warning,

 

when playing a game or do "hard" App work, The Phone shuting down (Black screen like no active), but with Charge Connection, everything fine.

when connecting the Charge battery showing 0% than jump to the normal % was, more than 80-90% .

 

Do need change/replace/swap the Battery? thx.

 

 

Second, I want to ask what Best Anti-Virus for Laptop with Windows 8 , please? :)

 

 

Third and Last, (can be in about other forum, but is Important to answer, didnt sure where open new Topic- just asking here to know, please if you can, Thanks.

 

the laptop I talking about, didnt had any Malware protection and Anti Virus so far, and laptop was downloaded many things (connected to the internet),

did a first Full scan with Malwarebytes Anti Malware, and this pro found about a 185 Malwares, Rebooted and deleted successfully.

 

now,  do in the Laptop new quick or full scan, is Didn't found anything. Is this possible? some malwares was in the PC that we deleted them togther,

One is- "TBHostSupport" and Second- "mysearchresults" - both of them in the Laptop Quarantined.

 

I bring a log file if is can help, just need a specialist help because I not sure what they can Risk the Laptop connection about all they names and where they was detected, Im love all of you. your are the real best specialists I ever meet! wish no angry and just help with it, Im scared, thanks- remember: didnt want to open new Topic/ didnt sure where.

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version : v2013.12.09.06

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16438
ASUS :: IDAN [ administrator ]

Protection : Active

12/09/2013 17:55:04
mbam-log-2013-12-09 (17-55-04). txt

Scan type : Full Scan ( C : \ | D : \ | )
Scan options enabled : Memory | Startup | Registry | File System | Heuristics / Extra | Heuristics / Shuriken | PUP | PUM
Scan options disabled : P2P
Objects scanned : 363 597
Elapsed time : 1 hours, 2 minutes, 3 seconds

 

Memory Processes Infected: 2
C: \ Program Files (x86) \ SearchProtect \ bin \ CltMngSvc.exe (PUP.Optional.Conduit.A) -> 2152 -> deleted booting the computer.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ bin \ cltmng.exe (PUP.Optional.Conduit.A) -> 4988 -> deleted booting the computer.

 

Memory Models Infected: 5
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ bin \ InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> deleted booting the computer.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ bin \ FirefoxModule.dll (PUP.Optional.Conduit.A) -> deleted booting the computer.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ bin \ ChromeModule.dll (PUP.Optional.Conduit.A) -> deleted booting the computer.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> deleted booting the computer.
C: \ Users \ ASUS \ AppData \ Local \ TBHostSupport \ TBHostSupport.dll (PUP.Optional.Conduit) -> deleted booting the computer.

 

Registry Keys Infected : 28
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CltMngSvc (PUP.Optional.Conduit.A) -> quarantined and deleted successfully.
HKCR \ CLSID \ {7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> equarantined and deleted successfully.
HKCR \ TypeLib \ {FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab) -> quarantined and deleted successfully.
HKCR \ Interface \ {1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab) -> quarantined and deleted successfully.
HKCR \ DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab) -> quarantined and deleted successfully.
HKCR \ DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab) -> equarantined and deleted successfully.
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> quarantined and deleted successfully.
HKCU \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Settings \ {7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> quarantined and deleted successfully..
HKCU \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> equarantined and deleted successfully.
(PUP.Optional.DefaultTab) -> quarantined and deleted successfully.
HKLM \ SYSTEM \ CurrentControlSet \ Services \ DefaultTabSearch (PUP.Optional.DefaultTab) -> equarantined and deleted successfully.
HKCR \ AppID \ {38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> quarantined and deleted successfully.
HKCR \ CLSID \ {A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> equarantined and deleted successfully.
HKCR \ DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> quarantined and deleted successfully.
HKCR \ DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> quarantined and deleted successfully.
HKCU \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Settings \ {A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> equarantined and deleted successfully.
HKCU \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> quarantined and deleted successfully.
(PUP.Optional.DefaultTab.A) -> equarantined and deleted successfully.
HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Low Rights \ ElevationPolicy \ {B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> quarantined and deleted successfully.
HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Low Rights \ ElevationPolicy \ {BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> equarantined and deleted successfully.
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ SearchProtect (PUP.Optional.Conduit.A) -> quarantined and deleted successfully.
HKCR \ AppID \ DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> extradited and deleted successfully.
HKCU \ SOFTWARE \ DEFAULT TAB (PUP.Optional.DefaultTab.A) -> extradited and deleted successfully.
HKCU \ Software \ AppDataLow \ Software \ DefaultTab (PUP.Optional.DefaultTab.A) -> extradited and deleted successfully.
HKCU \ Software \ Conduit \ FF (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
HKCU \ SOFTWARE \ SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
HKLM \ SOFTWARE \ DEFAULT TAB (PUP.Optional.DefaultTab.A) -> extradited and deleted successfully.
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ DefaultTab (PUP.Optional.DefaultTab.A) -> quarantined and deleted successfully.

 

Registry Values ​​Infected : 7
HKCU \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run | SearchProtect (PUP.Optional.Conduit.A) -> Data : C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ bin \ cltmng.exe -> equarantined and deleted successfully.
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run | SearchProtectAll (PUP.Optional.Conduit.A) -> Data : C: \ Program Files (x86) \ SearchProtect \ bin \ cltmng.exe -> quarantined and deleted successfully.
HKCU \ SOFTWARE \ Default Tab | Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.8.0 - > extradited and deleted successfully.
HKCU \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run | BackgroundContainer (PUP.Optional.Conduit) -> Data: " C : \ Windows \ SysWOW64 \ Rundll32.exe " " C : \ Users \ ASUS \ AppData \ Local \ Conduit \ BackgroundContainer \ BackgroundContainer.dll ", DllRun -> extradited and deleted successfully.
HKCU \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run | TBHostSupport (PUP.Optional.Conduit) -> Data : "C: \ WINDOWS \ SysWOW64 \ Rundll32.exe" "C: \ Users \ ASUS \ AppData \ Local \ TBHostSupport \ TBHostSupport.dll ", DLLRunTBHostSupportPlugin -> extradited and deleted successfully.
HKCU \ Software \ SearchProtect | IELastInstalledTBHomepage (PUP.Optional.SearchProtect.A) -> Data: http://search.condui...2722&SSPV=TB_C5 - > extradited and deleted successfully.
HKLM \ SOFTWARE \ Default Tab | Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.8.0 - > extradited and deleted successfully.

 

Registry Data Items Infected: 1
HKCU \ SOFTWARE \ Microsoft \ Internet Explorer \ Main | Start Page (PUP.Optional.MySearchResults) -> Bad : ( http://www.mysearchr...om/?c=2402&t=15 ) Good : ( http://www . google.com) - > extradited and repaired successfully.

 

Folders Infected : 25
C: \ Users \ ASUS \ AppData \ Roaming \ Babylon (PUP.Optional.Babylon.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ lib (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ spbd (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ spbd \ images (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ spsd (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ spsd \ images (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ ffprotect (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ lib (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ spbd (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ spbd \ images (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ spsd (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ spsd \ images (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ lib (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ spbd (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ spbd \ images (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ spsd (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ spsd \ images (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ SProtectorRepository (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ DefaultTab (PUP.Optional.DefaultTab.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab (PUP.Optional.DefaultTab.A) -> deleted booting the computer.
C: \ Users \ ASUS \ AppData \ Local \ TBHostSupport (PUP.Optional.Conduit) -> deleted booting the computer.

 

Files Infected : 117
C: \ Program Files (x86) \ SearchProtect \ bin \ CltMngSvc.exe (PUP.Optional.Conduit.A) -> deleted booting the computer.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ bin \ cltmng.exe (PUP.Optional.Conduit.A) -> deleted booting the computer.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ bin \ InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> deleted booting the computer.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ bin \ FirefoxModule.dll (PUP.Optional.Conduit.A) -> deleted booting the computer.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ bin \ ChromeModule.dll (PUP.Optional.Conduit.A) -> deleted booting the computer.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> deleted booting the computer.
C: \ Program Files (x86) \ SearchProtect \ bin \ cltmng.exe (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ DefaultTab \ DefaultTabSearch.exe (PUP.Optional.DefaultTab) -> extradited and deleted successfully.
C: \ Downloads \ FacebookMessengerSetup_v1.2.205.0.exe (Trojan.Agent) -> extradited and deleted successfully.
C: \ Downloads \ SoftonicDownloader_for_google-earth.exe (PUP.Optional.Softonic) -> extradited and deleted successfully.
C: \ Downloads \ SoftonicDownloader_for_google-earth [0]. Exe (PUP.Optional.Softonic) -> extradited and deleted successfully.
C: \ Downloads \ SoftonicDownloader_for_skype.exe (PUP.Optional.Softonic) -> extradited and deleted successfully.
C: \ Downloads \ WallaLive.exe (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ FreeOnlineRadioPlayerRecorder_V1 \ FreeOnlineRadioPlayerRecorder_V1ToolbarHelper.exe (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ bin \ ChromeModule.dll (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ bin \ FirefoxModule.dll (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ bin \ InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ bin \ SPHook32.dll (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ bin \ SPHook64.dll (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ bin \ SPRunner.exe (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ bin \ SPTool64.exe (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ bin \ uninstall.exe (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Local \ Conduit \ CT2296690 \ WallaAutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Local \ Conduit \ CT3282722 \ FreeOnlineRadioPlayerRecorder_V1AutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Local \ Temp \ AU \ AutoUpdate.zip (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Local \ Temp \ AU \ SPUpdater.exe (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ DefaultTabStart.exe (PUP.Optional.DefaultTab) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ DefaultTabStart64.exe (PUP.Optional.DefaultTab) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ DefaultTabWrap.dll (PUP.Optional.DefaultTab) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ DefaultTabWrap64.dll (PUP.Optional.DefaultTab) -> deleted booting the computer.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ DTUpdate.exe (PUP.Optional.DefaultTab.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ bin \ CltMngSvc.exe (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ bin \ SPHook32.dll (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ bin \ SPHook64.dll (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ bin \ SPRunner.exe (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ bin \ SPTool64.exe (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ bin \ uninstall.exe (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ Downloads \ bsplayer264.1073.exe (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ Downloads \ nana_Photoshop_CS6_Hebrew___.exe (PUP.Optional.Conduit.A) -> extradited and deleted successfully.
D: \ SoftonicDownloader_for_bitcomet.exe (PUP.Optional.Softonic) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ Babylon \ log_file.txt (PUP.Optional.Babylon.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ dialogsApi.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ lib \ jquery.min.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ lib \ json2.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ spbd \ bubble.css (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ spbd \ bubble.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ spbd \ main.html (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ spbd \ images \ information.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ spbd \ images \ x-default-LTR.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ spbd \ images \ x-default-RTL.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ spbd \ images \ x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ spbd \ images \ x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ spsd \ main.html (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ spsd \ SearchProtector.css (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ spsd \ settings.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ spsd \ images \ ok-button.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ spsd \ images \ separation-line.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ Dialogs \ spsd \ images \ warning.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ ffprotect \ nsprotector.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ ffprotect \ abstraction.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ SearchProtect \ ffprotect \ application.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ dialogsApi.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ lib \ jquery.min.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ lib \ json2.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ spbd \ bubble.css (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ spbd \ bubble.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ spbd \ main.html (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ spbd \ images \ information.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ spbd \ images \ x-default-LTR.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ spbd \ images \ x-default-RTL.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ spbd \ images \ x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ spbd \ images \ x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ spsd \ main.html (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ spsd \ SearchProtector.css (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ spsd \ settings.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ spsd \ images \ ok-button.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ spsd \ images \ separation-line.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ Dialogs \ spsd \ images \ warning.png (PUP.Optional.SearchProtect.A) -> quarantined and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ nsprotector.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ abstraction.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ application.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ popupTransparent.xul (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ dialogsApi.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ lib \ jquery.min.js (PUP.Optional.SearchProtect.A) -> quarantined and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ lib \ json2.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ spbd \ bubble.css (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ spbd \ bubble.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ spbd \ main.html (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ spbd \ images \ information.png (PUP.Optional.SearchProtect.A) -> quarantined and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ spbd \ images \ x-default-LTR.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ spbd \ images \ x-default-RTL.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ spbd \ images \ x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ spbd \ images \ x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> quarantined and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ spsd \ main.html (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ spsd \ SearchProtector.css (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ spsd \ settings.js (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ spsd \ images \ ok-button.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ spsd \ images \ separation-line.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ Dialogs \ spsd \ images \ warning.png (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ SProtectorRepository \ EN (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ SearchProtect \ ffprotect \ SProtectorRepository \ searchProtectorData (PUP.Optional.SearchProtect.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ DefaultTab \ DefaultTab.crx (PUP.Optional.DefaultTab.A) -> extradited and deleted successfully.
C: \ Program Files (x86) \ DefaultTab \ uid (PUP.Optional.DefaultTab.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ addon.ico (PUP.Optional.DefaultTab.A) -> quarantined and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ amazon_ie.ico (PUP.Optional.DefaultTab.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ DefaultTabBHO.cfg (PUP.Optional.DefaultTab.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ DefaultTabUninstaller.exe (PUP.Optional.DefaultTab.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ DT.ico (PUP.Optional.DefaultTab.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ ebay_ie.ico (PUP.Optional.DefaultTab.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ facebook_ie.ico (PUP.Optional.DefaultTab.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ searchhere.ico (PUP.Optional.DefaultTab.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ search_here_ie.ico (PUP.Optional.DefaultTab.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ twitter_ie.ico (PUP.Optional.DefaultTab.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ uninstalldt.exe (PUP.Optional.DefaultTab.A) -> extradited and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ update.exe (PUP.Optional.DefaultTab.A) -> equarantined and deleted successfully.
C: \ Users \ ASUS \ AppData \ Roaming \ DefaultTab \ DefaultTab \ wikipedia_ie.ico (PUP.Optional.DefaultTab.A) -> quarantined and deleted successfully.
C: \ Users \ ASUS \ AppData \ Local \ TBHostSupport \ TBHostSupport.dll (PUP.Optional.Conduit) -> deleted booting the computer.

 

(End )

 

 

again, ONE and more BIG Thanks: For your help- you are my best! :)

 


Edited by TripleTripe, 09 December 2013 - 11:12 PM.


#2 Bighorn Re: [RESOLVED] "TBHostSupport" "mysearchresults"

Bighorn

    Member

  • Members
  • 1,067 posts
  • 64 topics
    • Time Online: 140d 14h 48m 32s
  • Joined September 23, 2006
  • Skin: IP.Board
  • Local time: 10:19 PM
  • Zodiac:Capricorn
  • Gender:Male
  • Location:Mountainous terrain N WY
  • Interests:Canon 60D D-SLR [not the older D60]
  • OS:other
  • Country:
Offline

Posted 09 December 2013 - 09:48 PM

For the first problem it does sound as if you need a new battery.

 

The other 2 questions should each be posted separately.

 

Edit: You are right bighorn. Moved topic/thread by rokytnji


"Stupidity is always astonishing, no matter how many times you encounter it."
God must love stupid people; He made so many.

Good judgment comes from experience and experience comes from poor judgment.
May you always have success in your quest to irritate those you despise.

It has yet to be proven that intelligence has any survival value.

The First Rule of Liberalism: Government Failure Always Justifies More Government
Giving money and power to government is like giving whiskey and car keys to teenage boys.


#3 Broni Re: [RESOLVED] "TBHostSupport" "mysearchresults"

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 36,019 posts
  • 2,176 topics
    • Time Online: 220d 21h 7m 29s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 08:19 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 09 December 2013 - 10:52 PM

Please, observe following rules:

  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

=====================================

 

Complete all steps listed here: http://www.smartestc...ease-read-this/

 

First, asking about a Galaxy 4.2.2 Android Device that Phone shuting down with no warning,

 

when playing a game or do "hard" App work, The Phone shuting down (Black screen like no active), but with Charge Connection, everything fine.

when connecting the Charge battery showing 0% than jump to the normal % was, more than 80-90% .

 

Do need change/replace/swap the Battery? thx.

 

Create new topic in "Mobile Devices" forum.

 

 

I want to ask what Best Anti-Virus for Laptop with Windows 8 , please? :)

 

There is not such thing as "best" AV program.

 

Windows 8 comes with preinstalled Windows Defender which is renamed Microsoft Security Essentials.

You should be fine with just that.


p22003266.jpg  p22003279.jpgp4279089.jpg


#4 TripleTripe Re: [RESOLVED] "TBHostSupport" "mysearchresults"

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 07:19 AM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 09 December 2013 - 11:08 PM

Create new topic in "Mobile Devices" forum.

 

 

just read me right please :)
Yes sir name of topic was: Question and Problem- I were put it there with both 3 questions on Topic for help, were transfer for here, after answer from Bighorn - sorry.

 

I tryed use and start the DDS downloaded, but is say "cannot run on modifaciton mode" something, Im on PC now brother Laptop sleep, will write direct words tomorrow.

 

There is not such thing as "best" AV program.

 

Windows 8 comes with preinstalled Windows Defender which is renamed Microsoft Security Essentials.

You should be fine with just that

 

fine ^^ there is no best, I will select one from: Avira - AVG - Avast (free anti virus).

about "Microsoft Security Essentials" , no sure where is placed, Im bad on Windows 8 just tryed and get "head pain"  ^^ will check for it in morning.

 

and about the log file I put, there no malware found now, just asked why is not found again :-)   in PC they back - Laptop removed ? cool.

just tell me if those still on the Laptop , you see how many founded, about 185 malwares.

 

thanks again for understanding for help.



#5 Broni Re: [RESOLVED] "TBHostSupport" "mysearchresults"

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 36,019 posts
  • 2,176 topics
    • Time Online: 220d 21h 7m 29s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 08:19 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 10 December 2013 - 12:02 AM

You just can't post 3 questions on different subjects in one topic.

Every issue should be addressed in appropriate forum.

Otherwise we create a mess.

 

Let me know about exact DDS error.


p22003266.jpg  p22003279.jpgp4279089.jpg


#6 TripleTripe Re: [RESOLVED] "TBHostSupport" "mysearchresults"

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 07:19 AM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 10 December 2013 - 07:13 AM

you are the man sir, didnt wanna create a mess, Im sorry.

I bring full DDS error massage:

 

DDS is not meant to run in 'compatibility mode'.

The program shall now exit.

                                                 OK button

 

 

what do it's mean?



#7 Broni Re: [RESOLVED] "TBHostSupport" "mysearchresults"

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 36,019 posts
  • 2,176 topics
    • Time Online: 220d 21h 7m 29s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 08:19 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 10 December 2013 - 10:00 PM

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.


p22003266.jpg  p22003279.jpgp4279089.jpg


#8 TripleTripe Re: [RESOLVED] "TBHostSupport" "mysearchresults"

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 07:19 AM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 10 December 2013 - 10:30 PM

did it on the Laptop, but first if can remember- is take slower cuz no normal PC, mouse- keyboard....

 

FRST log file-

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-12-2013
Ran by ASUS (administrator) on IDAN on 11-12-2013 00:14:55
Running from C:\Users\ASUS\Desktop\Important security files
Windows 8.1 (X64) OS Language: 040D
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Dropbox, Inc.) C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files\WindowsApps\Microsoft.Adera_2.5.0.30562_x86__8wekyb3d8bbwe\Adera.exe
(Microsoft Corporation) C:\Windows\System32\UserAccountBroker.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingApp.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [Facebook Update] - C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-29] (Facebook Inc.)
HKCU\...\Run: [AROReminder] - C:\Program Files (x86)\ARO 2013\ARO.exe [3157336 2013-05-22] (Support.com, Inc.)
HKCU\...\Run: [HP Deskjet 4620 series (NET)] - C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [TBHostSupport] - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Users\ASUS\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...R&#38;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {8B2FC1C6-CE90-4C69-BCA1-38F3D2FD7B2E} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...R&#38;pc=ASU2JS
SearchScopes: HKCU - DefaultScope {8B2FC1C6-CE90-4C69-BCA1-38F3D2FD7B2E} URL = http://search.condui...UM=2&SSPV=TB_C5
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {83D29B37-1EFF-445F-A8BA-2A397CB4F89C} URL = http://www.mysearchr...&q={searchTerms}
SearchScopes: HKCU - {8B2FC1C6-CE90-4C69-BCA1-38F3D2FD7B2E} URL = http://search.condui...UM=2&SSPV=TB_C5
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: No Name - {54B02808-B60E-44CD-A72D-9865117E4E62} -  No File
BHO-x32: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files (x86)\agat\AGForm\AGFormsHelper.dll (Agat software solutions)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Agat.AGForms.Toolbar.AGFormsToolbar - {8fe28f46-37ad-47b2-8258-34c128636ace} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\hyf2wif1.default
FF user.js: detected! => C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\hyf2wif1.default\user.js


FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\hyf2wif1.default\searchplugins\freeonlineradioplayerrecorder-v1-customized-web-search.xml
FF SearchPlugin: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\hyf2wif1.default\searchplugins\search-here.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\morfix-dic.xml
FF Extension: FreeOnlineRadioPlayerRecorder V1  - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\hyf2wif1.default\Extensions\{79b8e308-95a2-4044-932d-80e833a863cc}
FF Extension: BitComet 视频下载器 - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\hyf2wif1.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF Extension: SelectionLinks - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\hyf2wif1.default\Extensions\{F1A72553-1150-4065-9A42-983C72D96101}
FF Extension: addon - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\hyf2wif1.default\Extensions\addon@defaulttab.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======


CHR DefaultSearchKeyword: search.conduit.com
CHR DefaultSearchProvider: Conduit
CHR DefaultSearchURL: http://search.condui...=CT3282722&UM=2
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (BitCometAgent) - C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll (BitComet)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Facebook Desktop) - C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Extension: (FreeOnlineRadioPlayerRecorder V1) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicancafipiklohohmoognddncljhkio\10.22.5.510_1
CHR Extension: (Google Docs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13307_0
CHR Extension: (Gmail) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aicancafipiklohohmoognddncljhkio] - C:\Users\ASUS\AppData\Local\CRE\aicancafipiklohohmoognddncljhkio.crx
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx
CHR HKLM-x32\...\Chrome\Extension: [kiikhhgadnbgflpimindcjeicopihhfa] - C:\Program Files (x86)\OApps\chrome-sl.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-20] (Just Develop It)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-23] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146272 2013-08-22] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-23] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-11 00:14 - 2013-12-11 00:14 - 00000000 ____D C:\FRST
2013-12-10 00:43 - 2013-12-10 00:43 - 00000000 ____D C:\Users\ASUS\AppData\Local\TBHostSupport
2013-12-09 22:25 - 2013-12-09 22:25 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-09 22:25 - 2013-12-09 22:25 - 00000000 _____ C:\WINDOWS\setupact.log
2013-12-09 19:23 - 2013-12-11 00:14 - 00000000 ____D C:\Users\ASUS\Desktop\Important security files
2013-12-09 17:51 - 2013-12-09 17:51 - 00001086 _____ C:\Users\ASUS\Desktop\Your Unin-staller!.lnk
2013-12-09 17:50 - 2013-12-09 17:51 - 00000000 ____D C:\Program Files (x86)\Your Uninstaller! 7
2013-12-09 17:49 - 2013-12-09 17:49 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\URSoft
2013-12-09 17:48 - 2013-12-09 17:48 - 00002770 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2013-12-09 17:47 - 2013-12-09 18:48 - 00000000 ____D C:\Program Files\CCleaner
2013-12-09 17:42 - 2013-12-09 17:42 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\Malwarebytes
2013-12-09 17:41 - 2013-12-09 17:41 - 00001123 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-09 17:41 - 2013-12-09 17:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-09 17:41 - 2013-12-09 17:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-09 17:41 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-09 17:40 - 2013-12-09 17:40 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\WinRAR
2013-12-09 17:40 - 2013-12-09 17:40 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-12-09 17:40 - 2013-12-09 17:40 - 00000000 ____D C:\Program Files\WinRAR
2013-12-09 17:31 - 2013-12-09 17:31 - 00000000 ____D C:\Users\ASUS\AppData\Local\SearchProtect
2013-12-06 00:24 - 2013-12-10 22:32 - 00003904 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{71CCC8B4-73F1-49C0-93ED-657449A29E60}
2013-12-05 18:10 - 2013-12-05 18:10 - 00166029 _____ C:\Users\ASUS\Downloads\ps8.pptx
2013-12-01 15:19 - 2013-12-01 15:19 - 00017270 _____ C:\Users\ASUS\Downloads\ngusfiעבודה3.zip
2013-12-01 13:24 - 2013-12-01 13:24 - 00016089 _____ C:\Users\ASUS\Downloads\עבודה (1).zip
2013-12-01 12:02 - 2013-12-01 12:02 - 00000000 ____D C:\Users\ASUS\Downloads\עבודה3
2013-12-01 12:01 - 2013-12-01 12:01 - 00016089 _____ C:\Users\ASUS\Downloads\עבודה.zip
2013-11-24 23:35 - 2013-11-24 23:35 - 00000504 _____ C:\Users\ASUS\Desktop\קוד_חריטה notpad.txt
2013-11-24 11:23 - 2013-11-24 11:23 - 00000000 ____D C:\Users\ASUS\Downloads\Lathe_new_version
2013-11-24 11:22 - 2013-11-24 11:22 - 01723125 _____ C:\Users\ASUS\Downloads\Lathe_new_version.zip
2013-11-24 10:59 - 2013-11-24 11:00 - 02140273 _____ C:\Users\ASUS\Downloads\Turning 2013 rev B.pptx
2013-11-23 23:23 - 2013-11-23 23:23 - 00001396 _____ C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-23 23:23 - 2013-11-23 23:23 - 00000258 __RSH C:\Users\ASUS\ntuser.pol
2013-11-23 23:23 - 2013-11-23 23:23 - 00000020 ___SH C:\Users\ASUS\ntuser.ini
2013-11-23 20:03 - 2013-12-10 22:39 - 01209115 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-23 20:01 - 2013-11-23 20:01 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2013-11-23 19:48 - 2013-11-23 19:48 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-11-23 19:48 - 2013-11-23 19:48 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-11-23 19:45 - 2013-11-23 19:45 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2013-11-23 19:44 - 2013-12-08 11:12 - 00000000 ____D C:\Users\ASUS
2013-11-23 19:44 - 2013-11-23 20:01 - 00024768 _____ C:\WINDOWS\diagwrn.xml
2013-11-23 19:44 - 2013-11-23 20:01 - 00024768 _____ C:\WINDOWS\diagerr.xml
2013-11-23 19:44 - 2013-11-23 19:45 - 00000000 ___RD C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-11-23 19:44 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-23 19:44 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-11-23 19:44 - 2013-08-22 17:36 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-23 19:37 - 2013-11-23 19:37 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2013-11-23 19:37 - 2013-11-23 19:37 - 00000000 ____D C:\Program Files\Realtek
2013-11-23 19:35 - 2013-12-09 21:27 - 00000000 ___DC C:\WINDOWS\Panther
2013-11-23 19:35 - 2013-11-23 19:35 - 00000000 __SHD C:\Recovery
2013-11-23 19:30 - 2013-11-28 01:59 - 00000000 ____D C:\Windows.old
2013-11-23 19:30 - 2013-11-23 19:30 - 01341288 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-11-23 19:30 - 2013-11-23 19:30 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 18577408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 13176320 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 11674112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 01286552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 01018960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 00977408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 00872840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 23212544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 17142784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 12995584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 11220992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 06639616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 05769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 05765120 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 04599808 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 04240384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 04104704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 03934208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 03532288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02551640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 02332160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02328872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02166272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02134120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02065448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 01993728 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-11-23 19:28 - 2013-11-23 19:28 - 01926656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-11-23 19:28 - 2013-11-23 19:28 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01818112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01799944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01704448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01394176 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01373872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01362944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01200640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 01160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01156608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01147904 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01085952 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01067080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01019392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01011712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00888832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00883184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00762368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00708616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00700928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00699840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00578952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00523096 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00481392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00465960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00391512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00385528 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-11-23 19:28 - 2013-11-23 19:28 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00380656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00371032 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 00345552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-11-23 19:28 - 2013-11-23 19:28 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00317616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00270848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00258904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00235960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\miutils.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\miutils.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00171864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_8086.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\msched.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 00104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00088272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2013-11-23 19:28 - 2013-11-23 19:28 - 00057176 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ftp.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ftp.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 00044936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 00031064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2013-11-23 19:26 - 2013-11-23 19:26 - 01943536 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-11-23 19:26 - 2013-11-23 19:26 - 01581968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2013-11-23 19:26 - 2013-11-23 19:26 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-11-23 19:26 - 2013-11-23 19:26 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-11-23 19:26 - 2013-11-23 19:26 - 00136536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-11-23 19:25 - 2013-11-23 19:25 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2013-11-23 19:24 - 2013-11-23 19:50 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-11-23 19:24 - 2013-11-23 19:24 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2013-11-23 19:24 - 2013-11-23 19:24 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-11-23 19:24 - 2013-11-23 19:24 - 00000000 ____D C:\Program Files\MSBuild
2013-11-23 19:24 - 2013-11-23 19:24 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-11-23 19:23 - 2013-11-23 19:23 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2013-11-23 19:23 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2013-11-23 19:23 - 2013-08-03 06:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-23 19:23 - 2013-08-03 06:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2013-11-23 19:23 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2013-11-23 19:23 - 2013-08-03 06:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-11-23 19:23 - 2013-08-03 06:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2013-11-20 14:33 - 2013-11-20 14:33 - 02212864 _____ C:\Users\ASUS\Downloads\Lect 4 cutting tool technolgy short3 PDF.ppt
2013-11-20 14:32 - 2013-11-20 14:33 - 03838976 _____ C:\Users\ASUS\Downloads\Lect 3 meching thoery PDF 2.ppt
2013-11-18 01:50 - 2013-12-09 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 13:02 - 2013-11-16 13:02 - 00413696 _____ C:\Users\ASUS\Downloads\29102007144523@האופניים ומדע החומרים.ppt
2013-11-15 02:43 - 2013-11-15 02:43 - 00000000 ____D C:\Users\ASUS\AppData\Local\WhiteListing

==================== One Month Modified Files and Folders =======

2013-12-11 00:14 - 2013-12-11 00:14 - 00000000 ____D C:\FRST
2013-12-11 00:14 - 2013-12-09 19:23 - 00000000 ____D C:\Users\ASUS\Desktop\Important security files
2013-12-11 00:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2013-12-10 23:47 - 2013-05-10 21:10 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-10 22:39 - 2013-11-23 20:03 - 01209115 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-10 22:32 - 2013-12-06 00:24 - 00003904 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{71CCC8B4-73F1-49C0-93ED-657449A29E60}
2013-12-10 19:05 - 2013-03-29 15:00 - 00000934 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-494399399-1160236250-2542793645-1001UA.job
2013-12-10 17:09 - 2013-01-22 23:56 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-494399399-1160236250-2542793645-1001
2013-12-10 16:59 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-12-10 16:05 - 2013-03-29 15:00 - 00000912 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-494399399-1160236250-2542793645-1001Core.job
2013-12-10 15:21 - 2013-01-25 12:56 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\Dropbox
2013-12-10 00:43 - 2013-12-10 00:43 - 00000000 ____D C:\Users\ASUS\AppData\Local\TBHostSupport
2013-12-09 22:25 - 2013-12-09 22:25 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-09 22:25 - 2013-12-09 22:25 - 00000000 _____ C:\WINDOWS\setupact.log
2013-12-09 21:30 - 2013-05-10 21:10 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-09 21:27 - 2013-11-23 19:35 - 00000000 ___DC C:\WINDOWS\Panther
2013-12-09 21:27 - 2013-02-08 17:16 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\Media Player Classic
2013-12-09 21:27 - 2013-01-23 20:50 - 00000000 ____D C:\Users\ASUS\AppData\Local\CrashDumps
2013-12-09 21:09 - 2013-01-22 23:51 - 00000000 ___RD C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-09 20:34 - 2013-11-18 01:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-09 20:21 - 2013-02-13 14:04 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\BitComet
2013-12-09 20:20 - 2013-05-31 20:56 - 00000000 ____D C:\ProgramData\Google
2013-12-09 20:20 - 2013-05-10 21:10 - 00000000 ____D C:\Users\ASUS\AppData\Local\Google
2013-12-09 20:17 - 2013-02-25 20:22 - 00000000 ____D C:\Users\ASUS\AppData\Local\Conduit
2013-12-09 20:12 - 2013-02-25 20:22 - 00000000 ____D C:\Program Files (x86)\BS_Player
2013-12-09 19:11 - 2013-05-10 21:13 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-09 19:10 - 2013-01-25 13:00 - 00000000 ___RD C:\Users\ASUS\Dropbox
2013-12-09 19:10 - 2013-01-22 23:51 - 00000507 _____ C:\Users\ASUS\AppData\Roaming\sp_data.sys
2013-12-09 19:09 - 2013-05-10 21:10 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-09 19:09 - 2012-11-29 13:41 - 00000868 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-12-09 19:08 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-09 19:08 - 2013-08-22 15:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2013-12-09 19:08 - 2013-06-18 18:25 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\DefaultTab
2013-12-09 19:06 - 2013-06-18 18:29 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-12-09 19:06 - 2013-06-18 18:28 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\SearchProtect
2013-12-09 18:48 - 2013-12-09 17:47 - 00000000 ____D C:\Program Files\CCleaner
2013-12-09 18:25 - 2013-03-20 21:32 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\Skype
2013-12-09 17:51 - 2013-12-09 17:51 - 00001086 _____ C:\Users\ASUS\Desktop\Your Unin-staller!.lnk
2013-12-09 17:51 - 2013-12-09 17:50 - 00000000 ____D C:\Program Files (x86)\Your Uninstaller! 7
2013-12-09 17:51 - 2013-06-18 18:27 - 00001101 _____ C:\Users\ASUS\Desktop\MyPC Backup.lnk
2013-12-09 17:51 - 2013-06-18 18:27 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-09 17:49 - 2013-12-09 17:49 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\URSoft
2013-12-09 17:48 - 2013-12-09 17:48 - 00002770 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2013-12-09 17:42 - 2013-12-09 17:42 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\Malwarebytes
2013-12-09 17:41 - 2013-12-09 17:41 - 00001123 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-09 17:41 - 2013-12-09 17:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-09 17:41 - 2013-12-09 17:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-09 17:40 - 2013-12-09 17:40 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\WinRAR
2013-12-09 17:40 - 2013-12-09 17:40 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-12-09 17:40 - 2013-12-09 17:40 - 00000000 ____D C:\Program Files\WinRAR
2013-12-09 17:36 - 2013-09-30 06:12 - 01332650 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-09 17:36 - 2013-09-30 05:56 - 00417292 _____ C:\WINDOWS\system32\perfh00D.dat
2013-12-09 17:36 - 2013-09-30 05:56 - 00064760 _____ C:\WINDOWS\system32\perfc00D.dat
2013-12-09 17:31 - 2013-12-09 17:31 - 00000000 ____D C:\Users\ASUS\AppData\Local\SearchProtect
2013-12-08 13:43 - 2012-11-29 13:41 - 00000870 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-12-08 11:16 - 2013-03-20 21:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-08 11:16 - 2013-03-20 21:32 - 00000000 ____D C:\ProgramData\Skype
2013-12-08 11:12 - 2013-11-23 19:44 - 00000000 ____D C:\Users\ASUS
2013-12-06 14:42 - 2013-05-10 21:10 - 00003906 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 14:42 - 2013-05-10 21:10 - 00003670 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-05 18:10 - 2013-12-05 18:10 - 00166029 _____ C:\Users\ASUS\Downloads\ps8.pptx
2013-12-01 15:19 - 2013-12-01 15:19 - 00017270 _____ C:\Users\ASUS\Downloads\ngusfiעבודה3.zip
2013-12-01 13:24 - 2013-12-01 13:24 - 00016089 _____ C:\Users\ASUS\Downloads\עבודה (1).zip
2013-12-01 12:02 - 2013-12-01 12:02 - 00000000 ____D C:\Users\ASUS\Downloads\עבודה3
2013-12-01 12:01 - 2013-12-01 12:01 - 00016089 _____ C:\Users\ASUS\Downloads\עבודה.zip
2013-11-28 01:59 - 2013-11-23 19:30 - 00000000 ____D C:\Windows.old
2013-11-28 01:47 - 2013-01-22 23:48 - 00000000 ____D C:\Users\ASUS\AppData\Local\Packages
2013-11-27 19:20 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\restore
2013-11-24 23:35 - 2013-11-24 23:35 - 00000504 _____ C:\Users\ASUS\Desktop\קוד_חריטה notpad.txt
2013-11-24 11:23 - 2013-11-24 11:23 - 00000000 ____D C:\Users\ASUS\Downloads\Lathe_new_version
2013-11-24 11:22 - 2013-11-24 11:22 - 01723125 _____ C:\Users\ASUS\Downloads\Lathe_new_version.zip
2013-11-24 11:00 - 2013-11-24 10:59 - 02140273 _____ C:\Users\ASUS\Downloads\Turning 2013 rev B.pptx
2013-11-23 23:25 - 2013-01-22 23:52 - 00000000 ____D C:\Users\ASUS\Documents\Bluetooth Folder
2013-11-23 23:23 - 2013-11-23 23:23 - 00001396 _____ C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-23 23:23 - 2013-11-23 23:23 - 00000258 __RSH C:\Users\ASUS\ntuser.pol
2013-11-23 23:23 - 2013-11-23 23:23 - 00000020 ___SH C:\Users\ASUS\ntuser.ini
2013-11-23 23:23 - 2013-01-22 23:51 - 00000000 ___RD C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-23 20:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2013-11-23 20:01 - 2013-11-23 20:01 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2013-11-23 20:01 - 2013-11-23 19:44 - 00024768 _____ C:\WINDOWS\diagwrn.xml
2013-11-23 20:01 - 2013-11-23 19:44 - 00024768 _____ C:\WINDOWS\diagerr.xml
2013-11-23 20:01 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Registration
2013-11-23 19:55 - 2013-08-22 17:36 - 00000000 __RSD C:\WINDOWS\Media
2013-11-23 19:55 - 2013-08-22 17:36 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-23 19:51 - 2013-08-22 16:44 - 00473392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-11-23 19:50 - 2013-11-23 19:24 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-11-23 19:50 - 2013-09-30 05:58 - 00000000 ____D C:\WINDOWS\ShellNew
2013-11-23 19:50 - 2013-08-27 11:25 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-11-23 19:50 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2013-11-23 19:50 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-11-23 19:50 - 2013-06-18 18:27 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-11-23 19:50 - 2013-03-29 15:01 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2013-11-23 19:50 - 2013-01-25 12:57 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-23 19:48 - 2013-11-23 19:48 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-11-23 19:48 - 2013-11-23 19:48 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-11-23 19:48 - 2013-09-30 05:55 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2013-11-23 19:48 - 2013-09-30 05:55 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2013-11-23 19:48 - 2013-09-30 05:55 - 00000000 ____D C:\WINDOWS\system32\WCN
2013-11-23 19:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2013-11-23 19:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2013-11-23 19:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2013-11-23 19:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2013-11-23 19:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2013-11-23 19:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2013-11-23 19:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\spool
2013-11-23 19:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-11-23 19:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2013-11-23 19:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\IME
2013-11-23 19:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\he-IL
2013-11-23 19:48 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2013-11-23 19:48 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2013-11-23 19:48 - 2012-11-29 13:43 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2013-11-23 19:48 - 2012-07-26 07:37 - 00000000 ____D C:\Users\Default.migrated
2013-11-23 19:47 - 2013-08-22 17:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2013-11-23 19:47 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2013-11-23 19:47 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2013-11-23 19:47 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Resources
2013-11-23 19:47 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2013-11-23 19:47 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\IME
2013-11-23 19:47 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Help
2013-11-23 19:47 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System
2013-11-23 19:47 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-11-23 19:47 - 2012-08-02 15:28 - 00000000 ____D C:\ProgramData\PRICache
2013-11-23 19:45 - 2013-11-23 19:45 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2013-11-23 19:45 - 2013-11-23 19:44 - 00000000 ___RD C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-11-23 19:45 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2013-11-23 19:45 - 2012-07-26 10:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2013-11-23 19:37 - 2013-11-23 19:37 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2013-11-23 19:37 - 2013-11-23 19:37 - 00000000 ____D C:\Program Files\Realtek
2013-11-23 19:36 - 2013-08-22 15:36 - 00000000 __RHD C:\Users\Default
2013-11-23 19:35 - 2013-11-23 19:35 - 00000000 __SHD C:\Recovery
2013-11-23 19:31 - 2013-08-22 17:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2013-11-23 19:30 - 2013-11-23 19:30 - 01341288 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-11-23 19:30 - 2013-11-23 19:30 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 18577408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 13176320 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 11674112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 01286552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 01018960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 00977408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 00872840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2013-11-23 19:29 - 2013-11-23 19:29 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2013-11-23 19:29 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-11-23 19:29 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Camera
2013-11-23 19:28 - 2013-11-23 19:28 - 23212544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 17142784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 12995584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 11220992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 06639616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 05769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 05765120 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 04599808 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 04240384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 04104704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 03934208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 03532288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02551640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 02332160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02328872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02166272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02134120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 02065448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 01993728 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-11-23 19:28 - 2013-11-23 19:28 - 01926656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-11-23 19:28 - 2013-11-23 19:28 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01818112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01799944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01704448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01394176 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01373872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01362944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01200640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 01160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01156608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01147904 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01085952 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01067080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01019392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 01011712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00888832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00883184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00762368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00708616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00700928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00699840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00578952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00523096 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00481392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00465960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00391512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00385528 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-11-23 19:28 - 2013-11-23 19:28 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00380656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00371032 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 00345552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-11-23 19:28 - 2013-11-23 19:28 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00317616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00270848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00258904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00235960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\miutils.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\miutils.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00171864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_8086.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\msched.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 00104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00088272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2013-11-23 19:28 - 2013-11-23 19:28 - 00057176 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ftp.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ftp.exe
2013-11-23 19:28 - 2013-11-23 19:28 - 00044936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2013-11-23 19:28 - 2013-11-23 19:28 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-11-23 19:28 - 2013-11-23 19:28 - 00031064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2013-11-23 19:28 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-11-23 19:28 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2013-11-23 19:26 - 2013-11-23 19:26 - 01943536 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-11-23 19:26 - 2013-11-23 19:26 - 01581968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2013-11-23 19:26 - 2013-11-23 19:26 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-11-23 19:26 - 2013-11-23 19:26 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-11-23 19:26 - 2013-11-23 19:26 - 00136536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-11-23 19:25 - 2013-11-23 19:25 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2013-11-23 19:24 - 2013-11-23 19:24 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2013-11-23 19:24 - 2013-11-23 19:24 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-11-23 19:24 - 2013-11-23 19:24 - 00000000 ____D C:\Program Files\MSBuild
2013-11-23 19:24 - 2013-11-23 19:24 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-11-23 19:23 - 2013-11-23 19:23 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2013-11-23 18:52 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-11-23 18:09 - 2013-08-27 11:25 - 00008088 _____ C:\WINDOWS\system32\lvcoinst.log
2013-11-20 16:31 - 2013-01-29 22:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-20 14:33 - 2013-11-20 14:33 - 02212864 _____ C:\Users\ASUS\Downloads\Lect 4 cutting tool technolgy short3 PDF.ppt
2013-11-20 14:33 - 2013-11-20 14:32 - 03838976 _____ C:\Users\ASUS\Downloads\Lect 3 meching thoery PDF 2.ppt
2013-11-19 12:21 - 2013-01-23 01:11 - 00267936 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2013-11-18 21:56 - 2013-11-04 17:18 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\HpUpdate
2013-11-16 13:02 - 2013-11-16 13:02 - 00413696 _____ C:\Users\ASUS\Downloads\29102007144523@האופניים ומדע החומרים.ppt
2013-11-16 11:28 - 2013-07-30 17:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-16 11:25 - 2013-01-23 20:50 - 82896128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-15 13:54 - 2013-01-25 12:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-15 02:43 - 2013-11-15 02:43 - 00000000 ____D C:\Users\ASUS\AppData\Local\WhiteListing

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-09 22:23

==================== End Of Log ============================

 

 

Additional log file:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-12-2013
Ran by ASUS at 2013-12-11 00:17:18
Running from C:\Users\ASUS\Desktop\Important security files
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

ACDSee (x32)
Adobe AIR (x32 Version: 3.8.0.870)
Adobe Download Assistant (x32 Version: 1.2.2)
Adobe Flash Player 11 Plugin (x32 Version: 11.6.602.180)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
ARO 2013 (Version: 8.0)
ASUS Instant Connect (x32 Version: 1.2.8)
ASUS InstantOn (x32 Version: 3.0.2)
ASUS LifeFrame3 (x32 Version: 3.1.5)
ASUS Live Update (x32 Version: 3.1.8)
ASUS Power4Gear Hybrid (Version: 2.0.4)
ASUS Smart Gesture (x32 Version: 1.0.35)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.03.0004)
ASUS Tutor (x32 Version: 1.0.6)
ASUS WebStorage Sync Agent (x32 Version: 1.1.9.120)
AsusVibe2.0 (x32 Version: 2.0.10.168)
ATK Package (x32 Version: 1.0.0022)
Bing Bar (x32 Version: 7.2.241.0)
BitComet 1.35 (x32 Version: 1.35)
BS.Player FREE (x32 Version: 2.64.1073)
BSPlayer (x32)
CCleaner (Version: 4.08)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dropbox (HKCU Version: 2.4.6)
E-GOV.IL Sign&Verify Software - AGForm toolbar (x32 Version: 13.2.0.0)
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0)
Free Video To Audio Converter 2012 4.5.1 (x32)
Google Chrome (x32 Version: 27.0.1453.110)
Google Earth (x32 Version: 7.1.1.1580)
Google Update Helper (x32 Version: 1.3.22.3)
HP Deskjet 4620 series עזרה (x32 Version: 6.0.0)
HP Update (x32 Version: 5.003.003.001)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
Intel® Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354)
Intel® Management Engine Components (x32 Version: 8.1.0.1252)
Intel® Processor Graphics (x32 Version: 9.17.10.2828)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Java 7 Update 11 (64-bit) (Version: 7.0.110)
Java Auto Updater (x32 Version: 2.0.6.1)
Java SE Development Kit 7 Update 11 (64-bit) (Version: 1.7.0.110)
Java™ 6 Update 27 (x32 Version: 6.0.270)
K-Lite Codec Pack 7.2.0 (Full) (x32 Version: 7.2.0)
Malwarebytes Anti-Malware גירסה 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 he) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MyPC Backup  (Version: ) <==== ATTENTION
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.206)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6710)
Realtek PCIE Card Reader (x32 Version: 6.1.8400.27023)
SelectionLinks (x32 Version: 1.0)
Shared C Run-time for x64 (Version: 10.0.0)
Skype Click to Call (x32 Version: 6.11.13307)
Skype™ 6.11 (x32 Version: 6.11.102)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
WinFlash (x32 Version: 2.41.1)
WinRAR 4.00 (64-bit) (Version: 4.00.0)
Your Uninstaller! 7 (x32 Version: 7.5.2013.2)
חבילת התקני Windows. - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (Version: 10/29/2012 1.0.0.148)
מחקר לשיפור המוצרים של HP Deskjet 4620 series (Version: 28.0.1315.0)
תוכנת התקן בסיסי מסוג ‎HP Deskjet 4620 series (Version: 28.0.1315.0)

==================== Restore Points  =========================

27-11-2013 17:20:08 Windows Update
01-12-2013 10:46:43 Windows Update
05-12-2013 17:37:41 Windows Update
08-12-2013 20:22:08 Windows Update

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {30841F4B-8DE0-4530-91E6-E49E3A9043FA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-494399399-1160236250-2542793645-1001UA => C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-29] (Facebook Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3CEC2C58-7817-4259-98D3-53509E425F8E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5202E74F-DA6B-45F3-A2F4-B5B58C7C636A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {5C74C26D-BFF3-4063-98CF-91AE3210616D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-494399399-1160236250-2542793645-1001Core => C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-29] (Facebook Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8C08E159-7895-4590-82E0-8441209B0FE7} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => C:\Windows\System32\AppXDeploymentClient.dll [2013-09-30] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A7B2DD9D-67F0-411F-AE76-EFA7DEB2A254} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {AE7517AE-C25C-4AAF-9B24-0400269F9ED8} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {B41E4F12-B267-4998-BFD4-00047E9ABB31} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {BBF2FF1C-7695-4D83-9FEE-3AD524BBF0F0} - System32\Tasks\HPCustParticipation HP Deskjet 4620 series => C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {CFC78394-90EB-4062-940F-7167128766FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-10] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F7EA883F-029A-4124-A371-7848A5D5F6FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-10] (Google Inc.)
Task: {FF98C0EA-85B3-4814-82EB-91F4F9268487} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-494399399-1160236250-2542793645-1001Core.job => C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-494399399-1160236250-2542793645-1001UA.job => C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-12-09 17:40 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-08-29 05:15 - 2012-08-15 19:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-10 20:28 - 2012-08-10 20:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-10 20:23 - 2012-08-10 20:23 - 00021504 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\he-IL\BtTray.he-IL.dll
2013-09-20 00:37 - 2013-09-20 00:37 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2013-09-20 00:32 - 2013-09-20 00:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2013-12-01 22:18 - 2013-12-01 22:18 - 00028160 _____ () C:\Users\ASUS\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.PerfTrack\5bf99992f103eeb416af8751401af835\Microsoft.PerfTrack.ni.dll
2013-11-28 23:46 - 2013-11-28 23:46 - 00347136 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\e0e7493cf161f0e0899caa7eb5e0e259\Windows.Globalization.ni.dll
2013-11-28 23:46 - 2013-11-28 23:46 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\432868bf54b081b16eaf68729020b30a\Windows.Foundation.ni.dll
2013-11-28 23:46 - 2013-11-28 23:46 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\e8f8737bea4f0df4b88bbc4bf24fa2a8\Windows.System.ni.dll
2013-11-28 23:46 - 2013-11-28 23:46 - 01782272 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\600862031eb4d4cfdc6f4d2025a7990e\Windows.ApplicationModel.ni.dll
2013-11-28 23:46 - 2013-11-28 23:46 - 01278464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\4c323000d6c8d1d462abb0968333c937\Windows.Storage.ni.dll
2013-11-28 23:46 - 2013-11-28 23:46 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\0ff25bd7c20be35c2e915bb82db13b72\Windows.UI.ni.dll
2013-12-01 22:18 - 2013-12-01 22:18 - 02203136 _____ () C:\Users\ASUS\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.B2e1870ee#\d9df48ed6d335db63d752502fb9cf025\Microsoft.Bing.AppEx.Telemetry.ni.dll
2013-11-28 23:46 - 2013-11-28 23:46 - 00632320 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Security\4f00f54318cefa03d2a77a61e842ffca\Windows.Security.ni.dll
2013-11-28 23:46 - 2013-11-28 23:46 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\45eee6d0ec199bb4a183edf3d8f2370f\Windows.Networking.ni.dll
2013-12-01 22:18 - 2013-12-01 22:18 - 00113664 _____ () C:\Users\ASUS\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\SqliteWrapper\e777100ba81b8c242072ce919b808f6f\SqliteWrapper.ni.dll
2013-11-27 01:08 - 2013-11-27 01:08 - 00485816 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.1.203_x64__8wekyb3d8bbwe\SqliteWrapper.dll
2013-11-27 01:08 - 2013-11-27 01:08 - 00660920 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.1.203_x64__8wekyb3d8bbwe\Sqlite3.dll
2013-11-28 23:46 - 2013-11-28 23:46 - 01383936 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Web\2b0972e005263c87498242eb8f69480d\Windows.Web.ni.dll
2013-11-28 23:46 - 2013-11-28 23:46 - 00467456 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\e06f4482547bc7feaa453c9e02585f52\Windows.Graphics.ni.dll
2013-12-01 22:17 - 2013-12-01 22:17 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\4e1b0dc15d072d992e08612cd74a34db\Windows.Data.ni.dll
2013-11-28 23:46 - 2013-11-28 23:46 - 02019840 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Devices\aaa76dfc70840ddd1028b4e1783ec5aa\Windows.Devices.ni.dll
2011-08-15 22:12 - 2011-08-15 22:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
2012-04-16 13:42 - 2012-04-16 13:42 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
2011-08-15 22:12 - 2011-08-15 22:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-15 22:15 - 2011-08-15 22:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 18:41 - 2011-08-17 18:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 18:48 - 2011-08-17 18:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
2011-08-17 18:48 - 2011-08-17 18:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 21:23 - 2011-08-15 21:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
2012-04-16 13:41 - 2012-04-16 13:41 - 00484864 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
2012-04-16 13:56 - 2012-04-16 13:56 - 00500032 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-04-16 13:38 - 2012-04-16 13:38 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
2011-07-19 18:05 - 2011-07-19 18:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
2011-08-15 22:17 - 2011-08-15 22:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
2011-07-19 18:04 - 2011-07-19 18:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll
2012-08-24 19:17 - 2012-08-24 19:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\ASUS\AppData\Roaming\Dropbox\bin\libcef.dll
2012-11-29 13:39 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-11-28 01:41 - 2013-11-28 01:41 - 00031232 _____ () C:\Program Files\WindowsApps\Microsoft.Adera_2.5.0.30562_x86__8wekyb3d8bbwe\UbiquityNativeServiceComponent.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2013 05:30:44 PM) (Source: Application Hang) (User: )
Description: The program wwahost.exe version 6.3.9600.16431 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 508

Start Time: 01cef502b1840978

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\wwahost.exe

Report Id: d0dfe66c-61ad-11e3-bec8-dc85de9c9ef6

Faulting package full name: Microsoft.BingTravel_3.0.1.202_x64__8wekyb3d8bbwe

Faulting package-relative application ID: AppexTravel

Error: (12/10/2013 04:16:56 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (12/09/2013 07:53:57 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (12/09/2013 07:25:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.

Error: (12/09/2013 07:22:20 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (12/09/2013 07:10:31 PM) (Source: Application Error) (User: )
Description: ‏‏שם יישום שחלות בו תקלות: ARO.exe, גירסה: 9.1.19.0, חותמת זמן: 0x5178ccd0
שם מודול שחלות בו תקלות: ARO.exe, גירסה: 9.1.19.0, חותמת זמן: 0x5178ccd0
קוד חריגה: 0xc0000005
היסט תקלה: 0x00029b6a
מזהה תהליך שחלות בו תקלות: 0xf70
שעת ההפעלה של היישום שחלות בו תקלות: 0xARO.exe0
נתיב היישום שחלות בו תקלות: ARO.exe1
נתיב המודול שחלות בו תקלות: ARO.exe2
מזהה דוח: ARO.exe3
שם מלא של החבילה שחלות בה תקלות: ARO.exe4
מזהה יישום יחסי לחבילה שחלות בה תקלות: ARO.exe5

Error: (12/09/2013 06:28:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.

Error: (12/09/2013 06:28:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.

Error: (12/09/2013 06:28:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.

Error: (12/09/2013 05:33:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.

System errors:
=============
Error: (12/10/2013 06:42:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80070103: Intel Corporation driver update for Intel® HD Graphics 3000.

Error: (12/10/2013 05:10:42 PM) (Source: DCOM) (User: Idan)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/10/2013 05:10:12 PM) (Source: DCOM) (User: Idan)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/10/2013 04:59:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80070003: Intel Corporation driver update for Intel® HD Graphics 3000.

Error: (12/10/2013 04:59:25 PM) (Source: DCOM) (User: Idan)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/10/2013 04:58:51 PM) (Source: DCOM) (User: Idan)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/10/2013 04:22:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80070103: Intel Corporation driver update for Intel® HD Graphics 3000.

Error: (12/10/2013 03:22:43 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/10/2013 09:36:12 AM) (Source: DCOM) (User: Idan)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/10/2013 09:35:41 AM) (Source: DCOM) (User: Idan)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Microsoft Office Sessions:
=========================
Error: (12/10/2013 05:30:44 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.1643150801cef502b18409784294967295C:\WINDOWS\system32\wwahost.exed0dfe66c-61ad-11e3-bec8-dc85de9c9ef6Microsoft.BingTravel_3.0.1.202_x64__8wekyb3d8bbweAppexTravel

Error: (12/10/2013 04:16:56 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (12/09/2013 07:53:57 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (12/09/2013 07:25:09 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Users\ASUS\Desktop\Important security files\esetsmartinstaller_enu.exe

Error: (12/09/2013 07:22:20 PM) (Source: Microsoft-Windows-LocationProvider)(User: NT AUTHORITY)
Description: -2147024883

Error: (12/09/2013 07:10:31 PM) (Source: Application Error)(User: )
Description: ARO.exe9.1.19.05178ccd0ARO.exe9.1.19.05178ccd0c000000500029b6af7001cef5018a15a22dC:\Program Files (x86)\ARO 2013\ARO.exeC:\Program Files (x86)\ARO 2013\ARO.exece747d68-60f4-11e3-bec8-dc85de9c9ef6

Error: (12/09/2013 06:28:42 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\Downloads\SoftonicDownloader_for_skype.exe

Error: (12/09/2013 06:28:42 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\Downloads\SoftonicDownloader_for_google-earth.exe

Error: (12/09/2013 06:28:42 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\Downloads\SoftonicDownloader_for_google-earth[0].exe

Error: (12/09/2013 05:33:10 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestD:\SoftonicDownloader_for_bitcomet.exe

==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 3979.79 MB
Available physical RAM: 2418.88 MB
Total Pagefile: 7051.79 MB
Available Pagefile: 4726.5 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.11 GB) (Free:151.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:397.87 GB) (Free:330.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 04A53D1B)

Partition: GPT Partition Type
==================== End Of Log ============================

 

 

here they are. tell me if malwares still here, was scared of 185 of them, waiting orders.



#9 Broni Re: [RESOLVED] "TBHostSupport" "mysearchresults"

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 36,019 posts
  • 2,176 topics
    • Time Online: 220d 21h 7m 29s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 08:19 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 10 December 2013 - 10:43 PM

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attached Files


p22003266.jpg  p22003279.jpgp4279089.jpg


#10 TripleTripe Re: [RESOLVED] "TBHostSupport" "mysearchresults"

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 07:19 AM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 10 December 2013 - 10:52 PM

copy, here is the fix new log file:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-12-2013 01
Ran by ASUS at 2013-12-11 00:51:08 Run:1
Running from C:\Users\ASUS\Desktop\Important security files\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [TBHostSupport] - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Users\ASUS\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
C:\Users\ASUS\AppData\Local\TBHostSupport
HKLM-x32\...\Run: [] - [x]
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Program Files (x86)\MyPC Backup
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
SearchScopes: HKCU - DefaultScope {8B2FC1C6-CE90-4C69-BCA1-38F3D2FD7B2E} URL = http://search.condui...UM=2&SSPV=TB_C5
SearchScopes: HKCU - {83D29B37-1EFF-445F-A8BA-2A397CB4F89C} URL = http://www.mysearchr...&q={searchTerms}
SearchScopes: HKCU - {8B2FC1C6-CE90-4C69-BCA1-38F3D2FD7B2E} URL = http://search.condui...UM=2&SSPV=TB_C5
BHO-x32: No Name - {54B02808-B60E-44CD-A72D-9865117E4E62} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR DefaultSearchKeyword: search.conduit.com
CHR DefaultSearchProvider: Conduit
CHR DefaultSearchURL: http://search.condui...=CT3282722&UM=2
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-20] (Just Develop It)
MyPC Backup  (Version: ) <==== ATTENTION

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport => Value deleted successfully.
C:\Users\ASUS\AppData\Local\TBHostSupport => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
[4836] C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe => Process closed successfully.
C:\Program Files (x86)\MyPC Backup => Moved successfully.
C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk => Moved successfully.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{83D29B37-1EFF-445F-A8BA-2A397CB4F89C} => Key deleted successfully.
HKCR\CLSID\{83D29B37-1EFF-445F-A8BA-2A397CB4F89C} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B2FC1C6-CE90-4C69-BCA1-38F3D2FD7B2E} => Key deleted successfully.
HKCR\CLSID\{8B2FC1C6-CE90-4C69-BCA1-38F3D2FD7B2E} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54B02808-B60E-44CD-A72D-9865117E4E62} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{54B02808-B60E-44CD-A72D-9865117E4E62} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
CHR DefaultSearchKeyword: search.conduit.com ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Conduit ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://search.condui...=CT3282722&UM=2 ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKCU\SOFTWARE\Policies\Google => Key deleted successfully.
BackupStack => Service deleted successfully.

==== End of Fixlog ====

 

 

ready sir, make the call :) thx a lot!



#11 Broni Re: [RESOLVED] "TBHostSupport" "mysearchresults"

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 36,019 posts
  • 2,176 topics
    • Time Online: 220d 21h 7m 29s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 08:19 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 10 December 2013 - 10:57 PM

Good :)

 

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

p22002970.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

p22002970.gif Download OTL to your Desktop.
Alternate download: http://www.itxassoci...T-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

P. S. I'll be gone for a while.


p22003266.jpg  p22003279.jpgp4279089.jpg


#12 TripleTripe Re: [RESOLVED] "TBHostSupport" "mysearchresults"

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 07:19 AM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 10 December 2013 - 11:56 PM

ok 2/3 completed. pasting logs fies:

 

# AdwCleaner v3.015 - Report created 11/12/2013 at 01:27:39
# Updated 10/12/2013 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : ASUS - IDAN
# Running from : C:\Users\ASUS\Desktop\Important security files\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BackupStack

***** [ Files / Folders ] *****

Folder Deleted : C:\Searchprotect
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Users\ASUS\AppData\Local\Conduit
Folder Deleted : C:\Users\ASUS\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\ASUS\AppData\Local\Searchprotect
Folder Deleted : C:\Users\ASUS\AppData\Local\WhiteListing
Folder Deleted : C:\Users\ASUS\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\ASUS\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\ASUS\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\ASUS\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\hyf2wif1.default\Smartbar
Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\hyf2wif1.default\ValueApps
Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\hyf2wif1.default\CT3282722
Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\hyf2wif1.default\Extensions\{79b8e308-95a2-4044-932d-80e833a863cc}
Folder Deleted : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicancafipiklohohmoognddncljhkio
File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\hyf2wif1.default\Extensions\addon@defaulttab.com.xpi
File Deleted : C:\END
File Deleted : C:\Users\ASUS\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\hyf2wif1.default\defaulttab.config
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\hyf2wif1.default\searchplugins\search-here.xml
File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\hyf2wif1.default\user.js
File Deleted : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKCU\Software\Google\Chrome\Extensions\aicancafipiklohohmoognddncljhkio
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aicancafipiklohohmoognddncljhkio
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2296690
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282722
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384

-\\ Mozilla Firefox v25.0.1 (he)

[ File : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\hyf2wif1.default\prefs.js ]

Line Deleted : user_pref("CT3282722.1000082.isPlayDisplay", "true");

Line Deleted : user_pref("CT3282722.3282722a130039643157408893000000paramsGK0.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzg2NTQxMDg3NTMyLCJ1cGRhdGVSZXNwVGltZSI6MTM4NjU0MTA4ODc4OSwiZGF0YSI6eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3[...]
Line Deleted : user_pref("CT3282722.CT3282722ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyNTQzODElMjIlMkMlMjJ0aXRsZSUyMiUzQSUyMiV1MjczMCUyMCV1MDVEOCV1MDVENSV1MDVFNCV1MDVFMSUyMCV1MDVEQyV1MDVENSV1MDVEOC[...]
Line Deleted : user_pref("CT3282722.CT3282722current_term.enc", "");
Line Deleted : user_pref("CT3282722.CT3282722sdate.enc", "Mw==");
Line Deleted : user_pref("CT3282722.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282722.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282722.FF19Solved", "true");
Line Deleted : user_pref("CT3282722.Facebook_Mode.enc", "Mg==");
Line Deleted : user_pref("CT3282722.Facebook_User_Locale.enc", "ZW4=");
Line Deleted : user_pref("CT3282722.Facebook_ctid_Connect_send_new.enc", "c2VuZGVk");
Line Deleted : user_pref("CT3282722.FirstTime", "true");
Line Deleted : user_pref("CT3282722.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3282722.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3282722.PG_ENABLE.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3282722.RSS_Pub_Config.enc", "eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vMjIvMzI4L0NUMzI4MjcyMi9TaGFyaW5nL3RlbXAvNjM0NDQyNDUyMzYyMDE4ODI5XzI0UFgucG5nIiwiY29tcG9uZW50S[...]
Line Deleted : user_pref("CT3282722.RSSapp3282722a130039643157408893000000embeddedVersion.enc", "Mi40LjA=");
Line Deleted : user_pref("CT3282722.RSSapp3282722a130039643157408893000000lastReportTime.enc", "MTM4NjU0MTA4ODg0NSA=");
Line Deleted : user_pref("CT3282722.RSSapp3282722a130039643157408893000000newFeeds.enc", "bmV3RmVlZHM=");

Line Deleted : user_pref("CT3282722.UserID", "UN17786242661578525");
Line Deleted : user_pref("CT3282722._key_cl_active", "%BE%BB%B8%B6%BA%BF%E7%B8%B3%EA%BA%BF%BD%B3%BA%B6%EA%B6%B3%E7%BC%E8%E8%B3%E8%BA%B8%E9%EB%E9%E7%B9%EC%E7%BC%BE");
Line Deleted : user_pref("CT3282722._key_cl_active.enc", "ODUyMDQ5YTItZDQ5Ny00MGQwLWE2YmItYjQyY2VjYTNmYTY4");
Line Deleted : user_pref("CT3282722.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3282722.autoDisableScopes", -1);
Line Deleted : user_pref("CT3282722.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3282722.cb_experience_000.enc", "MjEz");
Line Deleted : user_pref("CT3282722.cb_firstuse0100.enc", "MQ==");
Line Deleted : user_pref("CT3282722.cb_user_id_000.enc", "Q0I4NDU0NDYxMTk5MTlfMTM3NTUxMzEzMDcyOF9GaXJlZm94");
Line Deleted : user_pref("CT3282722.cbfirsttime.enc", "VHVlIEp1bCAwMiAyMDEzIDA4OjE4OjI5IEdNVCswMzAw");
Line Deleted : user_pref("CT3282722.countryCode", "IL");
Line Deleted : user_pref("CT3282722.defaultSearch", "true");
Line Deleted : user_pref("CT3282722.embeddedsData", "[{\"appId\":\"130039643153976796\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3282722.enableAlerts", "true");
Line Deleted : user_pref("CT3282722.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3282722.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3282722.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3282722.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3282722.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3282722.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3282722.fixUrls", true);
Line Deleted : user_pref("CT3282722.fullUserID", "UN17786242661578525.IN.20130618192853");
Line Deleted : user_pref("CT3282722.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWd[...]
Line Deleted : user_pref("CT3282722.hxxp___rsspub_conduitapps_com.APP_WIN_FEATURES.enc", "b3BlbnBvc2l0aW9uPWFsaWdubWVudDpCLGhzY3JvbGw9bm8sdnNjcm9sbD1ubyxzYXZlbG9jYXRpb249MCxzYXZlcmVzaXplZHNpemU9MCxyZXNpemFibGU9bm8="[...]
Line Deleted : user_pref("CT3282722.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc", "b3BlbnBvc2l0aW9uPW9mZnNldDo1MDs1MCxzYXZlbG9jYXRpb249MCxyZXNpemFibGU9bm8sc2Nyb2xsYmFycz1ubyx0aXRsZW[...]
Line Deleted : user_pref("CT3282722.installDate", "18/06/2013 19:28:54");
Line Deleted : user_pref("CT3282722.installId", "conduitinstaller.exe");
Line Deleted : user_pref("CT3282722.installSessionId", "-1");
Line Deleted : user_pref("CT3282722.installSp", "TRUE");
Line Deleted : user_pref("CT3282722.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3282722.installUsage", "2013-06-18T20:33:07.5898956+03:00");
Line Deleted : user_pref("CT3282722.installUsageEarly", "2013-06-18T20:32:44.1115946+03:00");
Line Deleted : user_pref("CT3282722.installerVersion", "1.4.3.0");
Line Deleted : user_pref("CT3282722.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3282722.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282722.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3282722.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3282722.keyword", "true");

Line Deleted : user_pref("CT3282722.lastVersion", "10.22.5.510");
Line Deleted : user_pref("CT3282722.mam_gk_appStateReportTime", "%B7%B9%BE%BB%B8%B7%BE%B7%BF%BD%BE%BB%B9");
Line Deleted : user_pref("CT3282722.mam_gk_appStateReportTime.enc", "MTM4NTIxODE5Nzg1Mw==");
Line Deleted : user_pref("CT3282722.mam_gk_appState_Clarity_Active", "%F5%F4");
Line Deleted : user_pref("CT3282722.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Deleted : user_pref("CT3282722.mam_gk_appState_CouponBuddy.enc", "b2Zm");
Line Deleted : user_pref("CT3282722.mam_gk_appState_Easytobook.enc", "b2Zm");
Line Deleted : user_pref("CT3282722.mam_gk_appState_Easytobook_targeted.enc", "b2Zm");
Line Deleted : user_pref("CT3282722.mam_gk_appState_PriceGong.enc", "b2Zm");
Line Deleted : user_pref("CT3282722.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
Line Deleted : user_pref("CT3282722.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Deleted : user_pref("CT3282722.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3282722.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3282722.mam_gk_currentVersion", "%B7%B4%B7%B7%B4%BA%B4%B8");
Line Deleted : user_pref("CT3282722.mam_gk_currentVersion.enc", "MS4xMS40LjI=");
Line Deleted : user_pref("CT3282722.mam_gk_eventsCache.enc", "eyIwMDMwMTYxZi0xMDZlLTRhMjEtYWFjYi0yMzU2NWMxODgyMWIiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
Line Deleted : user_pref("CT3282722.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3282722.mam_gk_first_time", "%B7");
Line Deleted : user_pref("CT3282722.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3282722.mam_gk_gadgetOpen.enc", "MA==");
Line Deleted : user_pref("CT3282722.mam_gk_globalKeysMigratedToLocalStorage", "%B7");
Line Deleted : user_pref("CT3282722.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ==");
Line Deleted : user_pref("CT3282722.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3282722.mam_gk_lastLoginTime", "%B7%B9%BE%BB%B8%B7%BE%B8%B6%BB%BC%BA%B7");
Line Deleted : user_pref("CT3282722.mam_gk_lastLoginTime.enc", "MTM4NTIxODIwNTY0MQ==");
Line Deleted : user_pref("CT3282722.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0Ijoi15DXmdep15XXqCJ9LCJkbWJveDEiOnsiVGV4dCI6IteU16LXoden15RcbteU15nXldee15nXqiJ9LCJkbWJveDIiOnsiVGV4dCI6Itee16nXnNeV15dcbteX15nX[...]
Line Deleted : user_pref("CT3282722.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3282722.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3282722.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiSUwiLCJpc1dlbGNvbWVFeHBl[...]
Line Deleted : user_pref("CT3282722.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMDIiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjU0XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
Line Deleted : user_pref("CT3282722.mam_gk_settings1.11.4.2", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Deleted : user_pref("CT3282722.mam_gk_settings1.11.4.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMjMiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjU0XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
Line Deleted : user_pref("CT3282722.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiSUwiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3282722.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiSUwiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3282722.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3282722.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Deleted : user_pref("CT3282722.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3282722.mam_gk_stamp", "%BB%BA%E5%B6");
Line Deleted : user_pref("CT3282722.mam_gk_stamp.enc", "NTRfMA==");
Line Deleted : user_pref("CT3282722.mam_gk_userId", "%B6%BA%B6%EC%B8%B7%E7%EA%B3%BD%E7%BC%BD%B3%BA%E7%E8%EB%B3%BF%BC%BD%E8%B3%E8%BA%BA%E7%E9%BF%EC%B8%BE%E9%B8%E7");
Line Deleted : user_pref("CT3282722.mam_gk_userId.enc", "MDQwZjIxYWQtN2E2Ny00YWJlLTk2N2ItYjQ0YWM5ZjI4YzJh");
Line Deleted : user_pref("CT3282722.mam_gk_user_approval_interacted", "%B7");
Line Deleted : user_pref("CT3282722.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3282722.mam_gk_welcomeDialogMode", "%B7");
Line Deleted : user_pref("CT3282722.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3282722.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3282722.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%25D7%259E%25D7%2599%25D7%25A7%25D7%259E%25D7%25A8%25D7%25A7%26p[...]
Line Deleted : user_pref("CT3282722.openThankYouPage", "false");
Line Deleted : user_pref("CT3282722.openUninstallPage", "true");

Line Deleted : user_pref("CT3282722.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3282722.originalSearchEngine", "");
Line Deleted : user_pref("CT3282722.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3282722.revertSettingsEnabled", "FALSE");
Line Deleted : user_pref("CT3282722.search.searchAppId", "130039643153976796");
Line Deleted : user_pref("CT3282722.search.searchCount", "2");
Line Deleted : user_pref("CT3282722.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3282722.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3282722.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3282722.searchRevert", "FALSE");
Line Deleted : user_pref("CT3282722.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3282722.searchUserMode", "2");
Line Deleted : user_pref("CT3282722.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282722.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282722.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3282722\"}");

Line Deleted : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FreeOnlineRadioPlayerRecorder V1 \"}");
Line Deleted : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282722.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3282722.serviceLayer_services_Configuration_lastUpdate", "1386502200136");
Line Deleted : user_pref("CT3282722.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1386540782600");
Line Deleted : user_pref("CT3282722.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1386540782758");
Line Deleted : user_pref("CT3282722.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "1386540782753");
Line Deleted : user_pref("CT3282722.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1386540782769");
Line Deleted : user_pref("CT3282722.serviceLayer_services_app.twitter.user-google_lastUpdate", "1386540782497");
Line Deleted : user_pref("CT3282722.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1386540782493");
Line Deleted : user_pref("CT3282722.serviceLayer_services_app.twitter.user-time_lastUpdate", "1386540782596");
Line Deleted : user_pref("CT3282722.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1386540782774");
Line Deleted : user_pref("CT3282722.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1386027909856");
Line Deleted : user_pref("CT3282722.serviceLayer_services_appsMetadata_lastUpdate", "1386502196510");
Line Deleted : user_pref("CT3282722.serviceLayer_services_clientErrorLog_lastUpdate", "1379954157060");
Line Deleted : user_pref("CT3282722.serviceLayer_services_getTwitterExtraInfo_lastUpdate", "1386540887891");
Line Deleted : user_pref("CT3282722.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1386332007398");
Line Deleted : user_pref("CT3282722.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1371576764479");
Line Deleted : user_pref("CT3282722.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1371576788686");
Line Deleted : user_pref("CT3282722.serviceLayer_services_location_lastUpdate", "1371738656285");
Line Deleted : user_pref("CT3282722.serviceLayer_services_login_10.16.2.509_lastUpdate", "1371802706776");
Line Deleted : user_pref("CT3282722.serviceLayer_services_login_10.16.2.9_lastUpdate", "1371576788406");
Line Deleted : user_pref("CT3282722.serviceLayer_services_login_10.16.4.519_lastUpdate", "1373940761435");
Line Deleted : user_pref("CT3282722.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377623788103");
Line Deleted : user_pref("CT3282722.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378748655475");
Line Deleted : user_pref("CT3282722.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380568262771");
Line Deleted : user_pref("CT3282722.serviceLayer_services_login_10.20.1.508_lastUpdate", "1382615996437");
Line Deleted : user_pref("CT3282722.serviceLayer_services_login_10.21.1.507_lastUpdate", "1384899007302");
Line Deleted : user_pref("CT3282722.serviceLayer_services_login_10.22.3.518_lastUpdate", "1385218201574");
Line Deleted : user_pref("CT3282722.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386530285404");
Line Deleted : user_pref("CT3282722.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1386332010608");
Line Deleted : user_pref("CT3282722.serviceLayer_services_searchAPI_lastUpdate", "1386502199540");
Line Deleted : user_pref("CT3282722.serviceLayer_services_serviceMap_lastUpdate", "1386502196391");
Line Deleted : user_pref("CT3282722.serviceLayer_services_toolbarContextMenu_lastUpdate", "1386502196655");
Line Deleted : user_pref("CT3282722.serviceLayer_services_toolbarSettings_lastUpdate", "1386537456742");
Line Deleted : user_pref("CT3282722.serviceLayer_services_translation_lastUpdate", "1386502196416");
Line Deleted : user_pref("CT3282722.settingsINI", true);
Line Deleted : user_pref("CT3282722.shouldFirstTimeDialog", "true");
Line Deleted : user_pref("CT3282722.showToolbarPermission", "false");
Line Deleted : user_pref("CT3282722.smartbar.CTID", "CT3282722");
Line Deleted : user_pref("CT3282722.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3282722.smartbar.homepage", "true");
Line Deleted : user_pref("CT3282722.smartbar.toolbarName", "FreeOnlineRadioPlayerRecorder V1 ");
Line Deleted : user_pref("CT3282722.startPage", "true");
Line Deleted : user_pref("CT3282722.toolbarBornServerTime", "18-6-2013");
Line Deleted : user_pref("CT3282722.toolbarCurrentServerTime", "8-12-2013");
Line Deleted : user_pref("CT3282722.toolbarLoginClientTime", "Tue Jun 18 2013 20:33:08 GMT+0300");
Line Deleted : user_pref("CT3282722.url_history0001.enc", "aHR0cDovL3d3dy5taWttYWsuY28uaWwvYmxvZz9pZD03MjQ6OjpjbGlja2hhbmRsZXI6OjoxMzg2NTExNjI2MDczLCwsaHR0cDovL3d3dy5taWttYWsuY28uaWwvYmxvZz9pZD03MjQ6OjpjbGlja2hhbmRs[...]
Line Deleted : user_pref("CT3282722.versionFromInstaller", "10.16.2.9");
Line Deleted : user_pref("CT3282722_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386541512453,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "FreeOnlineRadioPlayerRecorder V1 Customized Web Search");

Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3282722");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "FreeOnlineRadioPlayerRecorder V1 Customized Web Search");


Line Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search Here|Search Here\", \"window_content\":[...]

Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3282722");


Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3282722");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3282722");
Line Deleted : user_pref("smartbar.machineId", "+EVPYJMU2ZIYGC9NIR4IRIVP0DETFIQMTPIOLZA6BVHAO5ZIHFFAWEGYIQZ98T/8EVXE86KMYFWICWIO2Y8K3Q");

Line Deleted : user_pref("valueApps.CT3282722._key_cl_active", "38353230343961322D643439372D343064302D613662622D623432636563613366613638");
Line Deleted : user_pref("valueApps.CT3282722._key_cl_active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_appStateReportTime", "31333836353330323833363432");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_appStateReportTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_appState_Clarity_Active", "6F6E");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_appState_Clarity_Active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_appState_CouponBuddy", "6F6666");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_appState_CouponBuddy.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_appState_Easytobook", "6F6666");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_appState_Easytobook.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_appState_Easytobook_targeted", "6F6666");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_appState_Easytobook_targeted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_appState_PriceGong", "6F6666");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_appState_PriceGong.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_appsConfig.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_calledSetupService", "31");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_calledSetupService.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_currentBadgeValue", "30");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_currentBadgeValue.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_currentVersion", "312E31312E352E31");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_eventsCache.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_existingUsersRecoveryDone", "31");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_existingUsersRecoveryDone.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_first_time", "31");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_first_time.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_gadgetOpen", "30");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_gadgetOpen.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_installer_preapproved", "66616C7365");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_installer_preapproved.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_lastLoginTime", "31333836353330323837313738");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_lastLoginTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_localization.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_mamEnabled", "74727565");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_mamEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_newApps", "5B5D");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_newApps.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_pgUnloadedOnce", "74727565");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_pgUnloadedOnce.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_settings1.10.4.0.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_settings1.11.4.2.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_settings1.11.5.1.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_showWelcomeGadget", "66616C7365");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_showWelcomeGadget.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_stamp", "35345F30");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_stamp.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_userId", "30343066323161642D376136372D346162652D393637622D623434616339663238633261");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_userId.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_user_approval_interacted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_welcomeDialogMode", "31");
Line Deleted : user_pref("valueApps.CT3282722.mam_gk_welcomeDialogMode.storedInFile", false);

-\\ Google Chrome v27.0.1453.110

[ File : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [32219 octets] - [11/12/2013 01:14:44]
AdwCleaner[S0].txt - [32506 octets] - [11/12/2013 01:27:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [32567 octets] ##########

 

 

 

JTR log file:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8.1 x64
Ran by ASUS on Wed 12/11/2013 at  1:37:57.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\ASUS\appdata\local\cre"

 

~~~ FireFox

Successfully deleted the following from C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\hyf2wif1.default\prefs.js

user_pref("extensions.defaulttab.installdate", 1345654586);
user_pref("extensions.defaulttab.lastUsed", 1379762302);
user_pref("extensions.defaulttab.useNewTabWhiteList", false);
Emptied folder: C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\hyf2wif1.default\minidumps [17 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/11/2013 at  1:48:20.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

OTL left to post.



#13 TripleTripe Re: [RESOLVED] "TBHostSupport" "mysearchresults"

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 07:19 AM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 11 December 2013 - 12:25 AM

OTL log files:

 

 

 

OTL logfile created on: 11/12/2013 02:04:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ASUS\Desktop\Important security files
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16438)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy
 
3.89 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 64.85% Memory free
6.89 Gb Paging File | 5.40 Gb Available in Paging File | 78.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.11 Gb Total Space | 152.11 Gb Free Space | 54.50% Space Free | Partition Type: NTFS
Drive D: | 397.87 Gb Total Space | 330.96 Gb Free Space | 83.18% Space Free | Partition Type: NTFS
 
Computer Name: IDAN | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/11 02:00:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\Important security files\OTL.exe
PRC - [2013/12/06 14:39:50 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/11/02 00:29:06 | 029,769,432 | ---- | M] (Dropbox, Inc.) -- C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/08/06 16:33:16 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/07/23 02:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/07 20:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2012/10/31 12:09:50 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012/08/24 19:17:14 | 000,107,192 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012/08/24 19:17:10 | 000,192,000 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012/08/10 19:37:48 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012/08/06 16:56:14 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012/08/06 16:56:12 | 001,126,784 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
PRC - [2012/08/03 18:31:12 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012/07/25 11:53:18 | 001,558,176 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012/07/23 20:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2012/07/17 18:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/06 13:23:40 | 000,322,208 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012/06/27 14:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
PRC - [2012/05/28 12:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012/04/16 13:55:02 | 000,648,512 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
PRC - [2012/04/13 12:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2011/11/21 16:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/11/28 23:42:47 | 000,978,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b66c3a9184d6f58a4ea4c9fda959ae1\System.Configuration.ni.dll
MOD - [2013/11/24 22:48:14 | 005,463,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9e55130078215e51257977a651b0696b\System.Xml.ni.dll
MOD - [2013/11/24 22:48:11 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\eac55000ab752ad6469e74bc2031a3ef\System.Windows.Forms.ni.dll
MOD - [2013/11/24 22:48:03 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\e846f72e7c00312a5d9c04e7f70fa4a8\System.Drawing.ni.dll
MOD - [2013/11/24 22:47:27 | 007,993,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\5a86b00da9227fe7c9a1f6ca95c1850c\System.ni.dll
MOD - [2013/11/24 22:47:21 | 011,499,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0cc1da9cd31b490f4ec04cb6c2aa0519\mscorlib.ni.dll
MOD - [2013/11/24 22:47:13 | 007,803,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\7c74d7aeea0b6338a41a568338ac0d44\System.Xml.ni.dll
MOD - [2013/11/24 22:47:08 | 001,874,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\38576feb5219017651ccabc47d762721\System.Xaml.ni.dll
MOD - [2013/11/24 22:47:07 | 012,856,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\5bfb986816df97dad53f0f8805034c13\System.Windows.Forms.ni.dll
MOD - [2013/11/24 22:46:36 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\7fc996267c8fdbf5f4a99648b2b4a764\System.Drawing.ni.dll
MOD - [2013/11/24 22:46:20 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\4de0819b5866a864a353b401accbe99f\System.Configuration.ni.dll
MOD - [2013/11/24 22:46:19 | 018,744,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\43edf387058448969f5b045416e7a61f\PresentationFramework.ni.dll
MOD - [2013/11/24 22:46:19 | 000,463,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\09a79e2680eb455c3bd86986a1a3ebc6\PresentationFramework.Aero2.ni.dll
MOD - [2013/11/24 22:46:06 | 011,027,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\cd8b0635d40858825092519b467e2051\PresentationCore.ni.dll
MOD - [2013/11/24 22:45:59 | 003,957,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\360aceaa71f85cd70876356d6f4a5019\WindowsBase.ni.dll
MOD - [2013/11/24 22:45:49 | 010,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\7fb8b50f254a60f46417d8698735943a\System.ni.dll
MOD - [2013/11/23 19:29:06 | 017,376,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\f53cfbc3ae73aedfcdab4e4cfe531a4b\mscorlib.ni.dll
MOD - [2013/11/02 00:27:52 | 003,558,400 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/08/23 21:01:44 | 025,100,288 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/08/17 02:06:21 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_he_b77a5c561934e089\mscorlib.resources.dll
MOD - [2013/08/17 02:06:21 | 000,221,184 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_he_b77a5c561934e089\System.resources.dll
MOD - [2013/03/07 20:32:40 | 021,014,960 | ---- | M] () -- C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013/03/07 20:32:38 | 000,292,272 | ---- | M] () -- C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013/03/07 20:32:38 | 000,179,632 | ---- | M] () -- C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2012/08/24 19:17:08 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2012/04/16 13:56:26 | 000,500,032 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
MOD - [2012/04/16 13:42:40 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
MOD - [2012/04/16 13:41:50 | 000,484,864 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
MOD - [2012/04/16 13:38:16 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
MOD - [2011/08/17 18:48:24 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
MOD - [2011/08/17 18:48:22 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
MOD - [2011/08/17 18:41:36 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
MOD - [2011/08/15 22:15:44 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
MOD - [2011/08/15 22:12:04 | 002,603,520 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
MOD - [2011/08/15 22:12:04 | 001,006,592 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
MOD - [2011/08/15 21:23:00 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/11/23 19:28:09 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/11/23 19:28:09 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/11/23 19:28:09 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/11/23 19:28:09 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/11/23 19:28:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/09/30 06:11:32 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/09/30 06:11:32 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/09/30 06:11:31 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/09/30 06:11:31 | 000,261,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/08/22 14:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 14:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 13:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 13:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 13:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 13:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 13:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 12:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 12:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 12:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 11:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 11:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/08/22 11:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 11:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 11:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 11:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 11:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 11:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 11:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 11:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 11:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 11:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/04/20 16:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2013/11/18 01:51:46 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/30 06:11:30 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/22 05:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 04:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/08/06 16:33:16 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/23 02:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe -- (BBUpdate)
SRV - [2013/07/23 02:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe -- (BBSvc)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/16 08:40:12 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/08/10 20:28:14 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2012/08/10 19:37:48 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012/07/23 20:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/27 14:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012/04/13 12:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/21 16:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/12/28 10:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files (x86)\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/11/23 19:28:09 | 000,371,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/11/23 19:28:09 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/11/23 19:28:09 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/23 19:28:08 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/11/23 19:26:10 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/09/30 06:11:30 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/30 06:11:30 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/09/30 06:11:30 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/30 06:11:30 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/09/30 05:58:23 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/09/30 05:58:18 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 15:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 15:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 14:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 14:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 14:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 14:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 14:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 14:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 14:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 14:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 14:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 14:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 14:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 14:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 14:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 14:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 14:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 14:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 14:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 14:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 14:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 14:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 14:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 14:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 14:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 14:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 14:43:31 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/08/22 14:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 14:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 14:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 14:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 14:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 14:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 14:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 14:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 14:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 14:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/08/22 14:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/08/22 14:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/08/22 13:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 13:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 13:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 13:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 13:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 13:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 13:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 13:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 13:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 13:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 13:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 13:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 13:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 13:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 13:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 13:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 13:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 13:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 13:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 13:36:37 | 000,224,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/08/22 13:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 13:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 13:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 13:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 12:27:46 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2013/08/22 10:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/13 01:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 02:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 20:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 21:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 16:46:17 | 000,591,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/06/18 16:45:02 | 003,680,256 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/31 12:10:00 | 000,061,824 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012/08/15 19:53:06 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/10 20:09:46 | 000,567,808 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/08/10 20:09:44 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/08/10 20:09:42 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/08/10 20:09:42 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/08/10 20:09:42 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/08/10 20:09:40 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/08/10 20:09:40 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/08/10 20:09:40 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/08/02 05:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012/07/24 05:16:28 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/02 17:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 01:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/13 12:23:58 | 000,294,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/05/31 05:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV - [2011/09/07 11:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&#38;pc=ASU2JS
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-494399399-1160236250-2542793645-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKU\S-1-5-21-494399399-1160236250-2542793645-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-494399399-1160236250-2542793645-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-494399399-1160236250-2542793645-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-494399399-1160236250-2542793645-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7BB042753D-F57E-4e8e-A01B-7379A6D4CEFB%7D:1.35
FF - prefs.js..extensions.enabledAddons: %7BF1A72553-1150-4065-9A42-983C72D96101%7D:1.5
FF - prefs.js..extensions.enabledAddons: addon%40defaulttab.com:2.2.41
FF - prefs.js..extensions.enabledAddons: %7B79b8e308-95a2-4044-932d-80e833a863cc%7D:10.22.5.510
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/18 01:50:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/18 01:50:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/18 01:50:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/18 01:50:42 | 000,000,000 | ---D | M]
 
[2013/01/29 22:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Extensions
[2013/12/11 01:28:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\hyf2wif1.default\extensions
[2013/06/01 19:44:33 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\hyf2wif1.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2013/06/18 18:24:58 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\hyf2wif1.default\extensions\{F1A72553-1150-4065-9A42-983C72D96101}
[2013/08/26 22:26:04 | 000,001,138 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\hyf2wif1.default\searchplugins\freeonlineradioplayerrecorder-v1-customized-web-search.xml
[2013/11/18 01:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/11/18 01:50:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/18 01:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/11/18 01:50:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/18 01:51:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HYF2WIF1.DEFAULT\EXTENSIONS\{79B8E308-95A2-4044-932D-80E833A863CC}
File not found (No name found) -- C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HYF2WIF1.DEFAULT\EXTENSIONS\ADDON@DEFAULTTAB.COM.XPI
[2012/01/12 10:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2013/07/23 17:12:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = http://www.google.com
CHR - homepage: http://www.google.co.il/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - Extension: Google Docs = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: \u05DB\u05D5\u05E0\u05DF Google = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: \u05D7\u05D9\u05E4\u05D5\u05E9 Google = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13307_0\
CHR - Extension: Gmail = C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/08/22 15:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (AGFormHelperObj Class) - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files (x86)\agat\AGForm\AGFormsHelper.dll (Agat software solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKU\S-1-5-21-494399399-1160236250-2542793645-1001..\Run: [AROReminder] C:\Program Files (x86)\ARO 2013\ARO.exe (Support.com, Inc.)
O4 - HKU\S-1-5-21-494399399-1160236250-2542793645-1001..\Run: [Facebook Update] C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-494399399-1160236250-2542793645-1001..\Run: [HP Deskjet 4620 series (NET)] C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-494399399-1160236250-2542793645-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &הורד עם BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)


O8:64bit: - Extra context menu item: הורד ה&כל עם BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &הורד עם BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)


O8 - Extra context menu item: הורד ה&כל עם BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8414394C-62E6-40C0-8754-0ACF72313A4C}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95505E84-CF24-4964-8278-B6163E15FE93}: DhcpNameServer = 192.168.0.6
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/11 01:37:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/12/11 01:14:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/11 00:14:47 | 000,000,000 | ---D | C] -- C:\FRST
[2013/12/09 19:23:51 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\Important security files
[2013/12/09 17:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
[2013/12/09 17:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Your Uninstaller! 7
[2013/12/09 17:49:57 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\URSoft
[2013/12/09 17:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/12/09 17:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/12/09 17:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/12/09 17:42:04 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Malwarebytes
[2013/12/09 17:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/09 17:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/09 17:41:35 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2013/12/09 17:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/09 17:40:47 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\WinRAR
[2013/12/09 17:40:23 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/12/09 17:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/12/09 17:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/11/23 19:44:16 | 000,000,000 | --SD | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft
[2013/11/23 19:44:16 | 000,000,000 | R--D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/11/23 19:44:16 | 000,000,000 | R--D | C] -- C:\Users\ASUS\Favorites
[2013/11/23 19:44:16 | 000,000,000 | R--D | C] -- C:\Users\ASUS\Desktop
[2013/11/23 19:44:16 | 000,000,000 | R--D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/11/23 19:44:16 | 000,000,000 | R--D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/11/23 19:44:16 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData
[2013/11/23 19:44:16 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Temp
[2013/11/23 19:44:16 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Microsoft
[2013/11/23 19:44:16 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/11/23 19:37:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2013/11/23 19:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/11/23 19:37:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/11/23 19:35:24 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/11/23 19:35:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2013/11/23 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013/11/23 19:24:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2013/11/23 19:24:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2013/11/23 19:24:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\XPSViewer
[2013/11/23 19:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/11/23 19:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/11/18 01:50:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/11 01:47:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/11 01:32:42 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/11 01:32:00 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/11 01:30:52 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/11 01:30:29 | 000,000,507 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\sp_data.sys
[2013/12/11 01:30:02 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013/12/11 01:29:59 | 3338,485,760 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/11 01:29:59 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/12/11 01:05:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-494399399-1160236250-2542793645-1001UA.job
[2013/12/10 16:05:07 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-494399399-1160236250-2542793645-1001Core.job
[2013/12/09 21:12:37 | 000,001,310 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/12/09 17:51:14 | 000,001,086 | ---- | M] () -- C:\Users\ASUS\Desktop\Your Unin-staller!.lnk
[2013/12/09 17:41:52 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/09 17:36:50 | 001,332,650 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013/12/09 17:36:50 | 000,722,476 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013/12/09 17:36:50 | 000,417,292 | ---- | M] () -- C:\WINDOWS\SysNative\perfh00D.dat
[2013/12/09 17:36:50 | 000,135,592 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013/12/09 17:36:50 | 000,064,760 | ---- | M] () -- C:\WINDOWS\SysNative\perfc00D.dat
[2013/12/08 13:43:03 | 000,000,870 | ---- | M] () -- C:\WINDOWS\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013/12/07 18:14:03 | 000,209,858 | ---- | M] () -- C:\Users\ASUS\Desktop\פתרון תרגיל 5 (1).pdf
[2013/11/23 23:23:03 | 000,000,258 | RHS- | M] () -- C:\Users\ASUS\ntuser.pol
[2013/11/23 20:01:46 | 000,024,768 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2013/11/23 20:01:45 | 000,024,768 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2013/11/23 20:01:25 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013/11/23 19:51:31 | 000,473,392 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013/11/23 19:28:09 | 000,385,528 | ---- | M] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013/11/20 15:15:54 | 000,895,244 | ---- | M] () -- C:\Users\ASUS\Documents\שיעור 4 פונקציית ההוצאות ועקומת ההיצע.pdf
 
========== Files Created - No Company Name ==========
 
[2013/12/09 17:51:14 | 000,001,086 | ---- | C] () -- C:\Users\ASUS\Desktop\Your Unin-staller!.lnk
[2013/12/09 17:41:52 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/07 18:14:03 | 000,209,858 | ---- | C] () -- C:\Users\ASUS\Desktop\פתרון תרגיל 5 (1).pdf
[2013/11/23 23:23:27 | 000,001,396 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/11/23 23:23:03 | 000,000,258 | RHS- | C] () -- C:\Users\ASUS\ntuser.pol
[2013/11/23 20:01:25 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013/11/23 19:48:39 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/11/23 19:44:08 | 000,024,768 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2013/11/23 19:44:08 | 000,024,768 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2013/11/23 19:28:09 | 000,385,528 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013/11/20 15:15:49 | 000,895,244 | ---- | C] () -- C:\Users\ASUS\Documents\שיעור 4 פונקציית ההוצאות ועקומת ההיצע.pdf
[2013/11/04 17:16:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/08/22 17:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 17:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 16:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 09:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 05:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/22 05:17:46 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/08/22 01:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/22 01:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/05/13 21:30:51 | 000,335,872 | ---- | C] () -- C:\WINDOWS\SysWow64\ldf252.dll
[2013/05/13 09:14:45 | 000,003,584 | ---- | C] () -- C:\Users\ASUS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/25 12:56:28 | 000,175,616 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2013/01/25 12:56:27 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2013/01/25 12:56:18 | 000,644,608 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll
[2013/01/25 12:56:18 | 000,243,200 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll
[2013/01/25 12:56:18 | 000,073,216 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll
[2013/01/23 22:51:11 | 000,007,605 | ---- | C] () -- C:\Users\ASUS\AppData\Local\Resmon.ResmonCfg
[2013/01/22 23:51:33 | 000,000,507 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\sp_data.sys
[2012/08/29 05:15:32 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2012/08/29 05:15:12 | 000,064,512 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2012/08/29 05:15:09 | 000,963,388 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2012/08/04 20:52:38 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/08/04 20:52:38 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012/04/20 15:59:44 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2013/11/23 19:53:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/23 19:29:25 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/23 19:29:25 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 11:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 04:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 11:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/05/13 21:32:02 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\ACD Systems
[2013/01/22 23:51:39 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\ASUS WebStorage
[2013/12/09 20:21:57 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\BitComet
[2013/02/27 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\BSplayer
[2013/02/25 20:27:08 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\BSplayer Pro
[2013/07/29 12:56:31 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/12/11 01:31:18 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Dropbox
[2013/08/11 10:27:45 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Free Online Radio Player Recorder
[2013/06/20 16:40:15 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Sammsoft
[2013/12/09 17:49:57 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\URSoft
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:1CE11B51

< End of report >

 

 

Extras log file:

 

OTL Extras logfile created on : 11.12.2013 02:04:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C: \ Users \ ASUS \ Desktop \ Important security files
64bit-An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16438)
Locale: 0000040D | Country: Israel | Language: ENG | Date Format : dd / MM / yyyy
 

3.89 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 64.85 % Memory free
6.89 Gb Paging File | 5.40 Gb Available in Paging File | 78.44 % Paging File free
Paging file location ( s ) : ? : \ Pagefile.sys [ binary data ]
 

% SystemDrive % = C : | % SystemRoot% = C : \ WINDOWS | % ProgramFiles % = C : \ Program Files (x86 )
Drive C : | 279.11 Gb Total Space | 152.11 Gb Free Space | 54.50 % Space Free | Partition Type: NTFS
Drive D : | 397.87 Gb Total Space | 330.96 Gb Free Space | 83.18 % Space Free | Partition Type: NTFS
 

Computer Name: IDAN | User Name: ASUS | Logged in as Administrator .
Boot Mode : Normal | Scan Mode : All users | Quick Scan | Include 64bit Scans
Company Name Whitelist : On | Skip Microsoft Files : On | No Company Name Whitelist : On | File Age = 30 Days
 

[color = # E56717] ========== Extra Registry (SafeList) ========== [/ color]
 
 

[color = # E56717] ========== File Associations ========== [/ color]
 

[b] 64bit: [/ b] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ <extension>]
. html [@ = htmlfile] - C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE (Microsoft Corporation)
. url [@ = InternetShortcut] - C: \ WINDOWS \ SysNative \ rundll32.exe (Microsoft Corporation)
 

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ <extension>]
. cpl [@ = cplfile] - C: \ WINDOWS \ SysWow64 \ control.exe (Microsoft Corporation)
. html [@ = htmlfile] - C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE (Microsoft Corporation)
 

[HKEY_USERS \ S-1-5-21-494399399-1160236250-2542793645-1001 \ SOFTWARE \ Classes \ <extension>]
. html [@ = FirefoxHTML] - C: \ Program Files (x86) \ Mozilla Firefox \ firefox.exe (Mozilla Corporation)
 

[color = # E56717] ========== Shell Spawning ========== [/ color]
 

[b] 64bit: [/ b] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ <key> \ shell \ [command] \ command]
batfile [open] - "% 1"% *
cmdfile [open] - "% 1"% *
comfile [open] - "% 1"% *
exefile [ open ] - " % 1 " % *
helpfile [ open ] - Reg Error : Key error .
htmlfile [open] - "C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE"% 1 (Microsoft Corporation)
htmlfile [opennew] - "C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE"% 1 (Microsoft Corporation)
htmlfile [print] - "C: \ WINDOWS \ system32 \ rundll32.exe" "C: \ WINDOWS \ system32 \ mshtml.dll", PrintHTML "% 1" (Microsoft Corporation)
http [ open ] - " C : \ Program Files \ Internet Explorer \ IEXPLORE.EXE " % 1 (Microsoft Corporation )
https [ open ] - " C : \ Program Files \ Internet Explorer \ IEXPLORE.EXE " % 1 (Microsoft Corporation )
inffile [install] -% SystemRoot% \ System32 \ InfDefaultInstall.exe "% 1" (Microsoft Corporation)
InternetShortcut [open] - "C: \ WINDOWS \ system32 \ rundll32.exe" "C: \ WINDOWS \ system32 \ ieframe.dll", OpenURL% l (Microsoft Corporation)
InternetShortcut [print] - "C: \ Windows \ System32 \ rundll32.exe" "C: \ Windows \ System32 \ mshtml.dll", PrintHTML "% 1" (Microsoft Corporation)
piffile [ open ] - " % 1 " % *
regfile [merge] - Reg Error: Key error.
scrfile [config] - "% 1"
scrfile [install] - rundll32.exe desk.cpl, InstallScreenSaver% l
scrfile [open] - "% 1" / S
txtfile [edit] - Reg Error: Key error.
Unknown [openas] -% SystemRoot% \ system32 \ OpenWith.exe "% 1" (Microsoft Corporation)
Directory [ACDBrowse] - "C: \ PROGRA ~ 1 \ ACDSYS ~ 1 \ ACDSee \ ACDSee.exe" "% 1" (ACD Systems, Ltd.)
Directory [cmd] - cmd.exe / s / k pushd "% V" (Microsoft Corporation)
Directory [ FIND ] - % SystemRoot % \ Explorer.exe (Microsoft Corporation )
Folder [ open ] - % SystemRoot % \ Explorer.exe (Microsoft Corporation )
Folder [ explore ] - Reg Error : Value error .
Drive [ the find ] - % SystemRoot % \ Explorer.exe (Microsoft Corporation )
Applications \ iexplore.exe [ open ] - " C : \ Program Files \ Internet Explorer \ IEXPLORE.EXE " % 1 (Microsoft Corporation )
CLSID \ {871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] - "C: \ Program Files \ Internet Explorer \ iexplore.exe" (Microsoft Corporation)
 

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ <key> \ shell \ [command] \ command]
batfile [open] - "% 1"% *
cmdfile [open] - "% 1"% *
comfile [open] - "% 1"% *
cplfile [cplopen] -% SystemRoot% \ System32 \ control.exe "% 1",% * (Microsoft Corporation)
exefile [ open ] - " % 1 " % *
helpfile [ open ] - Reg Error : Key error .
htmlfile [open] - "C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE"% 1 (Microsoft Corporation)
htmlfile [opennew] - "C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE"% 1 (Microsoft Corporation)
http [ open ] - " C : \ Program Files \ Internet Explorer \ IEXPLORE.EXE " % 1 (Microsoft Corporation )
https [ open ] - " C : \ Program Files \ Internet Explorer \ IEXPLORE.EXE " % 1 (Microsoft Corporation )
inffile [install] -% SystemRoot% \ System32 \ InfDefaultInstall.exe "% 1" (Microsoft Corporation)
piffile [ open ] - " % 1 " % *
regfile [merge] - Reg Error: Key error.
scrfile [config] - "% 1"
scrfile [install] - rundll32.exe desk.cpl, InstallScreenSaver% l
scrfile [open] - "% 1" / S
txtfile [edit] - Reg Error: Key error.
Unknown [openas] -% SystemRoot% \ system32 \ OpenWith.exe "% 1" (Microsoft Corporation)
Directory [ACDBrowse] - "C: \ PROGRA ~ 1 \ ACDSYS ~ 1 \ ACDSee \ ACDSee.exe" "% 1" (ACD Systems, Ltd.)
Directory [cmd] - cmd.exe / s / k pushd "% V" (Microsoft Corporation)
Directory [ FIND ] - % SystemRoot % \ Explorer.exe (Microsoft Corporation )
Folder [ open ] - % SystemRoot % \ Explorer.exe (Microsoft Corporation )
Folder [ explore ] - Reg Error : Value error .
Drive [ the find ] - % SystemRoot % \ Explorer.exe (Microsoft Corporation )
Applications \ iexplore.exe [ open ] - " C : \ Program Files \ Internet Explorer \ IEXPLORE.EXE " % 1 (Microsoft Corporation )
CLSID \ {871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] - Reg Error: Value error.
 

[color = # E56717] ========== Security Center Settings ========== [/ color]
 

[ b] 64bit : [ / b ] [ HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center ]
"cval" = 1
 

[ b] 64bit : [ / b ] [ HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring ]
 

[ b] 64bit : [ / b ] [ HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Svc ]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 

[ b] 64bit : [ / b ] [ HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Svc \ Upgrade ]
"UpgradeTime" = [binary data]
 

[ b] 64bit : [ / b ] [ HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Svc \ Vol ]
 

[ HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center ]
 

[ HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Svc ]
 

[ HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Svc \ Upgrade ]
"UpgradeTime" = Reg Error: Unknown registry data type - File not found
 

[color = # E56717] ========== Firewall Settings ========== [/ color]
 


"EnableFirewall" = 1
"DisableNotifications" = 0
 


"EnableFirewall" = 1
"DisableNotifications" = 0
 


"EnableFirewall" = 1
"DisableNotifications" = 0
 

[color = # E56717] ========== Authorized Applications List ========== [/ color]
 
 

[color = # E56717] ========== Vista Active Open Ports Exception List ========== [/ color]
 


"{9266501D-907E-4A8D-87E3-D89E2AB359A8}" = lport = 6004 | protocol = 17 | dir = in | app = c: \ program files (x86) \ microsoft office \ office14 \ outlook.exe |
 

[color = # E56717] ========== Vista Active Application Exception List ========== [/ color]
 


"{053DCAF4-F5F1-4551-B923-FB17B34FC89C}" = dir = in | |
"{0B56465F-4D80-4596-A9F7-BE3213A2512B}" = dir = out | |
"{0E8918C9-B4F5-46F4-A971-08B6A65950DD}" = dir = in | |
"{110A033B-CD42-4E65-8BDD-B5BFA3149FAE}" = dir = in | app = c: \ program files \ hp \ hp deskjet 4620 series \ bin \ digitalwizards.exe |
"{132A1696-B048-4B42-8AD2-A9EFFED081AA}" = dir = out | |
"{152D8487-2F65-409E-8851-7A3CA17390D5}" = dir = out | name = check point vpn |
"{1950D692-8861-4E86-94F5-22CE82D3E580}" = protocol = 17 | dir = in | app = c: \ users \ asus \ appdata \ roaming \ dropbox \ bin \ dropbox.exe |
"{2036B00E-6C54-4F8D-B211-3570B47F97A1}" = dir = out | |
"{281D86AA-2F3D-4004-9F7F-0712EBB034A9}" = dir = out | |
"{293B4510-A09E-4218-B234-DE5A042481C4}" = dir = out | |
"{2B67C580-E93A-4B5F-A042-A7525E049E63}" = dir = out | name = f5 vpn |
"{2E86D8CE-53FC-4E1C-936A-B542BD6BCFC0}" = dir = out | |
"{2EA476ED-8AA1-4D6D-A8C3-1646C5F9792B}" = dir = out | |
"{39A871A2-13E7-4B04-9A97-AA83B6BC7E60}" = dir = out | |
"{3A387D04-1739-4205-9374-28309FA0CB5A}" = dir = out | |
"{3C2969BC-4201-4CA1-A8B9-7B77B949A6BB}" = dir = out | name = windows_ie_ac_001 |
"{4064F0B5-7F5B-4CC8-A612-4AB9287F1F47}" = dir = out | |
"{418C1D59-50AB-4FFD-8E59-F4388AD6A885}" = dir = out | name = wordament |
"{41982C69-561A-4DFB-BB40-7B5CE2760BD4}" = dir = out | |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir = in | name = checkpoint.vpn |
"{483AD206-47B4-4656-AE29-403190A73C4F}" = dir = out | |
"{4D819ADC-3A9E-48A7-BB63-57ED8BA66F1E}" = dir = out | name = juniper networks junos pulse |
"{51EB2045-35F8-4E4D-9A96-C97E8F6F1E0E}" = dir = out | |
"{541F358B-7BF8-42CF-A802-45747DC7B0B4}" = dir = in | name = juniper networks junos pulse |
"{54625575-E7E7-4794-BBDE-254AE3365C75}" = dir = in | app = c: \ program files \ hp \ hp deskjet 4620 series \ bin \ hpnetworkcommunicatorcom.exe |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir = in | name = @ {c: \ windows \ winstore \ resources.pri? Ms-resource :/ / winstore / resources / displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir = in | name = sonicwall.mobileconnect |
"{58CD7216-F4B6-488B-B3F2-557CEFC159E6}" = dir = in | name = sonicwall mobile connect |
"{59986E8F-0A0A-473E-AFFE-4084011EEFEC}" = dir = in | name = microsoft solitaire collection |
"{5DEBDB53-A44A-46E7-B5CD-5E551AEE25C7}" = dir = out | |
"{5EA00EDB-B76C-49B2-A041-8F5E65387732}" = dir = in | |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir = out | name = sonicwall.mobileconnect |
"{5FCD5813-EC0D-4763-863F-AD99BE3EBB2B}" = protocol = 6 | dir = in | app = c: \ program files (x86) \ microsoft office \ office14 \ groove.exe |
"{6170F95F-3004-42C4-86C3-10EC13729542}" = protocol = 6 | dir = in | app = c: \ program files (x86) \ bitcomet \ bitcomet.exe |
"{6D4927B2-868B-4B1A-BC38-3425A5A1F9F9}" = dir = out | |
"{72B01E82-6CD4-4CF2-B7AD-0C355647F4DD}" = dir = out | |
"{76240B96-C1EB-4C56-BE93-A16D5260105C}" = dir = out | name = taptiles |
"{773B921F-7558-4C68-81B9-E50578E2052E}" = protocol = 17 | dir = in | app = c: \ program files (x86) \ microsoft office \ office14 \ groove.exe |
"{77D10272-4599-4656-BAD6-A927B73565F7}" = dir = in | app = c: \ program files \ hp \ hp deskjet 4620 series \ bin \ hpnetworkcommunicator.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir = out | name = @ {c: \ windows \ winstore \ resources.pri? Ms-resource :/ / winstore / resources / displayname} |
"{8B61458C-3BBB-46AB-9CFE-F2A8AE346EE7}" = dir = in | app = c: \ program files \ hp \ hp deskjet 4620 series \ bin \ sendafax.exe |
"{946B879C-F8DE-4257-95B2-1A2545E68148}" = dir = out | |
"{96E359F6-32C5-46E6-BE4D-7D53CC52DEF9}" = dir = in | name = check point vpn |
"{9A2AE31A-6D7A-418E-9BE3-D2A458522A19}" = dir = in | |
"{9B562A31-CAC4-4A1E-A1D8-229B0C1FE055}" = dir = in | name = skype |
"{9DDB396C-035D-411B-8FB6-D4721E681042}" = protocol = 6 | dir = in | app = c: \ program files (x86) \ microsoft office \ office14 \ onenote.exe |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir = out | name = @ {c: \ windows \ winstore \ resources.pri? Ms-resource :/ / winstore / resources / displayname} |
"{A0BEB4B6-6138-4E07-BE57-BFE0E95B8169}" = dir = out | name = windows_ie_ac_001 |
"{A45D2F4B-C40B-41DF-BC6E-5AAD07FEC9D3}" = dir = out | name = fresh paint |
"{A6880375-A1E5-4C32-8F69-5F14C8F41742}" = dir = in | name = f5 vpn |
"{AF2F96C4-1C54-49B5-A579-09F8BE7EDC64}" = dir = in | app = c: \ program files \ hp \ hp deskjet 4620 series \ bin \ faxapplications.exe |
"{B5B003FA-0CF9-4FF1-A3CD-BA12CD6A676C}" = dir = out | |
"{BC39CC1B-C9B9-4419-BF5F-E44F94D7FB62}" = dir = out | |
"{BCF87B17-1E74-4D45-8C6A-CB1EA0BCC9FE}" = dir = out | |
"{C409237B-C528-4B38-987B-23EF8AF9454C}" = dir = out | name = sonicwall mobile connect |
"{C5493D52-C51E-47FF-8648-7525CD3DAB93}" = dir = out | name = microsoft solitaire collection |
"{C5DC1D0D-2BA9-4B47-8D9C-ADEADFA9F15F}" = dir = in | app = c: \ program files (x86) \ skype \ phone \ skype.exe |
"{C602D8BA-38FF-41C0-8504-A20657C6863B}" = dir = out | |
"{C86788A3-126A-4429-AA1D-FFD231DA1559}" = dir = out | |
"{CA90C941-59D0-46ED-BF84-3FD866A0E176}" = dir = out | name = skype |
"{CABB85DE-B4BF-4498-89A5-DF12ED58BC4F}" = protocol = 17 | dir = in | app = c: \ program files (x86) \ microsoft office \ office14 \ onenote.exe |
"{D2A7C8B7-BC88-4ACB-A2C1-A3959C19E51B}" = dir = out | name = adera |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir = out | name = junipernetworks.junospulsevpn |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir = out | name = checkpoint.vpn |
"{DC1AB551-95F3-448E-B459-D611948049BE}" = protocol = 6 | dir = in | app = c: \ users \ asus \ appdata \ roaming \ dropbox \ bin \ dropbox.exe |
"{DCCDBF52-4E0D-4ED4-AA06-CDEA62559892}" = protocol = 17 | dir = in | app = c: \ program files (x86) \ bitcomet \ bitcomet.exe |
"{E6B1117A-1F35-4558-8FD9-041E394D7BCF}" = dir = in | app = c: \ program files \ hp \ hp deskjet 4620 series \ bin \ devicesetup.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir = in | name = @ {c: \ windows \ winstore \ resources.pri? Ms-resource :/ / winstore / resources / displayname} |
"{E8CDF6F1-6AFD-4673-91B9-483F158BC9EE}" = dir = out | name = windows_ie_ac_001 |
"{EA25EDF9-B2A4-4781-985C-4155F0347F13}" = dir = in | name = taptiles |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir = in | name = junipernetworks.junospulsevpn |
"{EE51AB10-7651-4384-B4B4-4424F3A9221C}" = dir = out | |
"{F00CBF08-4FDC-4A56-954C-C4D962045473}" = dir = out | |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir = out | name = f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir = in | name = f5.vpn.client |
"{FBC14E04-30D0-4CF1-BA70-BB875D935BD9}" = dir = in | |
"{FEBB625F-52C6-4D0B-A612-90E31AB0A9F1}" = dir = out | |
"TCP Query User {26F28D84-F6C5-473A-8CB9-2D3A521F4B16} C: \ program files (x86) \ bitcomet \ bitcomet.exe" = protocol = 6 | dir = in | app = c: \ program files (x86) \ bitcomet \ bitcomet.exe |
"TCP Query User {B8D19A4F-A18C-4971-A637-C4CB7971FBFA} C: \ users \ asus \ appdata \ roaming \ dropbox \ bin \ dropbox.exe" = protocol = 6 | dir = in | app = c: \ users \ asus \ appdata \ roaming \ dropbox \ bin \ dropbox.exe |
"TCP Query User {C5B8E758-328A-4757-A957-9BE3D9F4B747} C: \ program files (x86) \ mozilla firefox \ plugin-container.exe" = protocol = 6 | dir = in | app = c: \ program files ( x86) \ mozilla firefox \ plugin-container.exe |
"UDP Query User {109CAF21-0BAD-4363-8405-1A9CA9407E39} C: \ program files (x86) \ mozilla firefox \ plugin-container.exe" = protocol = 17 | dir = in | app = c: \ program files ( x86) \ mozilla firefox \ plugin-container.exe |
"UDP Query User {90856850-0BA4-403C-B5C0-657C66B3BA38} C: \ program files (x86) \ bitcomet \ bitcomet.exe" = protocol = 17 | dir = in | app = c: \ program files (x86) \ bitcomet \ bitcomet.exe |
"UDP Query User {CED20CC7-A844-4C9C-AF9F-2BB16C2B057F} C: \ users \ asus \ appdata \ roaming \ dropbox \ bin \ dropbox.exe" = protocol = 17 | dir = in | app = c: \ users \ asus \ appdata \ roaming \ dropbox \ bin \ dropbox.exe |
 

[color = # E56717] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [/ color]
 

64bit : [ HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall ]
"{126C0518-1D11-41D9-B2AA-E05255487FEB}" = research to improve products HP Deskjet 4620 series
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C + + 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C + + 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170110}" = Java SE Development Kit 7 Update 11 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C + + 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9F86DBBD-5F63-43D7-AE20-3E46D53A77A8}" = Basic Device Software HP Deskjet 4620 series
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{EF79C448-6946-4D71-8134-03407888C054}" ​​= Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel ® Trusted Connect Service Client
"ARO 2013_is1" = ARO 2013
" C01F56FBD9B141017E63E2A1A141E59934D4DC67 " = Windows devices package . - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
" CCleaner " = CCleaner
" WinRAR archiver " = WinRAR 4.00 ( 64-bit)
 

[ HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall ]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}" = Google Earth
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java ™ 6 Update 27
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype ™ 6.11
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel ® Management Engine Components
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{83CCE06B-9BFC-4673-8FF3-1BF983DBF617}" = HP Deskjet 4620 series Help
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88880887-285F-4260-989B-8B22020D756F}" = E-GOV.IL Sign & Verify Software - AGForm toolbar
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel ® Manageability Engine Firmware Recovery Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.8) MUI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = IRIS OCR
"{D322A9E3-758B-4D60-A7C4-65C88FD378D0}" = Bing Bar
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C + + 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel ® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel ® SDK for OpenCL - CPU Only Runtime Package
" ACDSee " = ACDSee
" Adobe AIR " = Adobe AIR
" Adobe Flash Player Plugin " = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage Sync Agent
" BitComet " = BitComet 1.35
"BSPlayer1" = BSPlayer
"BSPlayerf" = BS.Player FREE
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Free Video To Audio Converter 2012_is1" = Free Video To Audio Converter 2012 4.5.1
" Google Chrome " = Google Chrome
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 25.0.1 (x86 he)" = Mozilla Firefox 25.0.1 (x86 he)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"sl-dlc" = SelectionLinks
"YU2010_is1" = Your Uninstaller! 7
 

[color = # E56717] ========== HKEY_USERS Uninstall List ========== [/ color]
 


" Dropbox " = Dropbox
 

[color = # E56717] ========== Last 20 Event Log Errors ========== [/ color]
 

[ Application Events]
Error - 14/08/2013 09:05:49 | Computer Name = Idan | Source = Customer Experience Improvement Program | ID = 1008
Description =
 

Error - 15/08/2013 08:52:34 | Computer Name = Idan | Source = Customer Experience Improvement Program | ID = 1008
Description =
 

Error - 08/17/2013 10:29:21 | Computer Name = Idan | Source = Customer Experience Improvement Program | ID = 1008
Description =
 

Error - 18/08/2013 05:00:13 | Computer Name = Idan | Source = Application Error | ID = 1000
Description = Name of the ovary implementation failures : FlashPlayerPlugin_11_6_602_180.exe version :
 
11.6.602.180 , time stamp : 0x51301434 Module Name ovarian jams : unknown , version : 0.0.0.0 ,
 
Time stamp : 0x00000000 Exception code : 0xc0000005 fault offset : 0x027f76c8 apply process ID
 
The fault : 0x1b27c startup time of the application apply the fault : 0x01ce9663d31c232d application path
 
Apply the fault : C: \ Windows \ SysWOW64 \ Macromed \ Flash \ FlashPlayerPlugin_11_6_602_180.exe
Path
 
Apply the fault module : unknown report id : 97214e5f-07e4-11e3-bead-08606e519ae9 Name
Ovarian full package which faults : Application ID in ovarian bundle relative fault :
 

Error - 22/08/2013 11:58:26 | Computer Name = Idan | Source = Application Error | ID = 1000
Description = Name of the ovary implementation failures : chrome.exe , version : 27.0.1453.110 , stamp
 
Time: 0x51a566a7 where the ovary module fault : npDefaultTabSearch.dll_unloaded version :
 
0.0.0.0 , time stamp : 0x510b3ade Exception Code : 0xc00001a5 shift malfunction : 0x5c9811c0 process ID
 
Apply the fault : 0x530b4 startup time of the application apply the fault : 0x01ce99d5a61b6d95 Path
 
Apply the fault application : C : \ Program Files (x86 ) \ Google \ Chrome \ Application \ chrome.exe
Path
 
Apply the fault module : npDefaultTabSearch.dll Report ID : ad847343-0b43-11e3-bead-08606e519ae9
There
 
Ovarian full package which faults : Application ID in ovarian bundle relative fault :
 

Error - 22/08/2013 12:07:19 | Computer Name = Idan | Source = Application Error | ID = 1000
Description = Name of the ovary implementation failures : DefaultTabSearch.exe , version : 0.0.0.0 , stamp
 
Time: 0x511246e7 where the ovary module fault : DefaultTabSearch.exe , version : 0.0.0.0 , stamp
 
Time: 0x511246e7 abnormal code : 0xc0000005 fault offset : 0x00002c60 apply process detects the fault :
 
0x6f8 startup time of the application apply the fault : 0x01ce9f51aad0639e apply the application path
 
Fault : C: \ Program Files (x86) \ DefaultTab \ DefaultTabSearch.exe module path ovarian
The fault : C: \ Program Files (x86) \ DefaultTab \ DefaultTabSearch.exe Report ID : eb64d779-0b44-11e3-beae-08606e519ae9
There
 
Ovarian full package which faults : Application ID in ovarian bundle relative fault :
 

Error - 22/08/2013 12:08:42 | Computer Name = Idan | Source = Application Error | ID = 1000
Description = Name of the ovary implementation failures : ARO.exe , version : 9.1.19.0 , time stamp : 0x5178ccd0
There
 
Apply the fault module : ARO.exe , version : 9.1.19.0 , time stamp : 0x5178ccd0 Exception code :
 
0xc0000005 fault offset : 0x00029b6a apply process detects the fault : 0x1300 startup time of the application
 
Apply the fault : 0x01ce9f51c645a40e apply the application path failures : C : \ Program Files
(x86) \ ARO 2013 \ ARO.exe apply the module path failures : C: \ Program Files (x86) \ ARO 2013 \ ARO.exe
ID
 
Report : 1cd2adae-0b45-11e3-beae-08606e519ae9 full name of the package that apply in troubleshooting : ID
Application package relations apply in troubleshooting :
 

Error - 22/08/2013 12:55:38 | Computer Name = Idan | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 10.0.9200.16660 stopped interacting
 
with Windows and was closed. To see if more information about the problem is available ,
 
check the problem history in the Action Center control panel . Process ID: 1340 Start
 
Time: 01ce9f51c6fd3bae Termination Time: 125 Application Path: C: \ Program Files \ Internet
 
Explorer \ iexplore.exe Report Id: a9d9bb60-0b4b-11e3-beae-08606e519ae9 Faulting package
 
full name: Faulting package-relative application ID:
 

Error - 22/08/2013 13:03:42 | Computer Name = Idan | Source = Application Error | ID = 1000
Description = Name of the ovary implementation failures : ARO.exe , version : 9.1.19.0 , time stamp : 0x5178ccd0
There
 
Apply the fault module : ARO.exe , version : 9.1.19.0 , time stamp : 0x5178ccd0 Exception code :
 
0xc0000005 fault offset : 0x00029b6a apply process detects the fault : 0xc10 startup time of the application
 
Apply the fault : 0x01ce9f5981d9eaf5 apply the application path failures : C : \ Program Files
(x86) \ ARO 2013 \ ARO.exe apply the module path failures : C: \ Program Files (x86) \ ARO 2013 \ ARO.exe
ID
 
Report : cbadfd75-0b4c-11e3-beaf-08606e519ae9 full name of the package that apply in troubleshooting : ID
Application package relations apply in troubleshooting :
 

Error - 25/08/2013 03:16:08 | Computer Name = Idan | Source = Customer Experience Improvement Program | ID = 1008
Description =
 

[ System Events]
Error - 14/10/2013 17:35:03 | Computer Name = Idan | Source = Service Control Manager | ID = 7023
Description = service - Windows Modules Installer stopped with the following error : % % 19
 

Error - 14/10/2013 17:36:29 | Computer Name = Idan | Source = Service Control Manager | ID = 7009
Description = The system has reached a period of time ( 30000 milliseconds ) while waiting for connecting
 
Computer Service Backup ( Backup MyPC ) .
 

Error - 14/10/2013 17:36:29 | Computer Name = Idan | Source = Service Control Manager | ID = 7000
Description = Running Service Computer Backup ( Backup MyPC ) failed due to the following error :
   
% % 1053
 

Error - 14/10/2013 17:36:42 | Computer Name = Idan | Source = Service Control Manager | ID = 7034
Description = DefaultTabSearch service terminated unexpectedly . This event took place for the
 
The first .
 

Error - 14/10/2013 17:38:37 | Computer Name = Idan | Source = DCOM | ID = 10010
Description =
 

Error - 14/10/2013 17:38:37 | Computer Name = Idan | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Failed to initialize CBS client . Last error : 0x80080005
 

Error - 14/10/2013 17:41:50 | Computer Name = Idan | Source = Service Control Manager | ID = 7034
Description = DefaultTabSearch service terminated unexpectedly . This event took place for the
 
The first .
 

Error - 10/16/2013 03:26:30 | Computer Name = Idan | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:25:13 on 16/10/2013 was unexpected.
 

Error - 10/16/2013 03:26:54 | Computer Name = Idan | Source = Service Control Manager | ID = 7030
Description = service - DefaultTabSearch marked as an interactive service . However, the configuration
 
The system is set to not allow interactive services . This service may not function properly .
 

Error - 10/16/2013 04:59:37 | Computer Name = Idan | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:57:37 on 16/10/2013 was unexpected.
 
 

< End of report >

 

 

here both files- thanks you man
 



#14 Broni Re: [RESOLVED] "TBHostSupport" "mysearchresults"

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 36,019 posts
  • 2,176 topics
    • Time Online: 220d 21h 7m 29s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 08:19 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 11 December 2013 - 02:43 AM

p22002970.gif Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll File not found
CHR - default_search_provider: Conduit (Enabled)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:1CE11B51

:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.


NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
 

Last scans....

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassoci...T-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


p22002970.gif Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.


p22003266.jpg  p22003279.jpgp4279089.jpg


#15 TripleTripe Re: [RESOLVED] "TBHostSupport" "mysearchresults"

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 07:19 AM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 11 December 2013 - 08:32 AM

OTL log file:

 

 

 

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2\ deleted successfully.
Use Chrome's Settings page to remove the default_search_provider items.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\FRST\Quarantine\TBHostSupport folder moved successfully.
C:\FRST\Quarantine\MyPC Backup\~updates folder moved successfully.
C:\FRST\Quarantine\MyPC Backup\x86 folder moved successfully.
C:\FRST\Quarantine\MyPC Backup\x64 folder moved successfully.
C:\FRST\Quarantine\MyPC Backup\Resources\cache folder moved successfully.
C:\FRST\Quarantine\MyPC Backup\Resources folder moved successfully.
C:\FRST\Quarantine\MyPC Backup\log folder moved successfully.
C:\FRST\Quarantine\MyPC Backup\Database folder moved successfully.
C:\FRST\Quarantine\MyPC Backup\Config folder moved successfully.
C:\FRST\Quarantine\MyPC Backup folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ASUS
->Temp folder emptied: 2512274 bytes
->Temporary Internet Files folder emptied: 49366344 bytes
->Java cache emptied: 14086 bytes
->FireFox cache emptied: 91959064 bytes
->Google Chrome cache emptied: 392177078 bytes
->Flash cache emptied: 58096 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default.migrated
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53028 bytes
RecycleBin emptied: 208740185 bytes
 
Total Files Cleaned = 710.00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: ASUS
->Java cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Default.migrated
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: ASUS
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Default.migrated
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12112013_100251

Files\Folders moved on Reboot...
C:\Users\ASUS\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

 

System Check log file:

 

 

 Results of screen317's Security Check version 0.99.77 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 27 
 Java version out of Date!
 Adobe Flash Player  11.6.602.180 
 Adobe Reader 10.1.8 Adobe Reader out of Date! 
 Mozilla Firefox (25.0.1)
 Google Chrome 27.0.1453.110 
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

 

FSS log file:

 

 

Farbar Service Scanner Version: 05-12-2013
Ran by ASUS (administrator) on 11-12-2013 at 10:31:21
Running from "C:\Users\ASUS\Desktop\Important security files"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll
[2013-08-22 15:25] - [2013-08-22 15:25] - 0029184 ____A (Microsoft Corporation) 6E2271ED0C3E95B8E29F3752B91B9E84

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-11-23 19:28] - [2013-11-23 19:28] - 2551640 ____A (Microsoft Corporation) 6617F44D2432C529B2249A0498B6B40A

C:\Windows\System32\dnsrslvr.dll
[2013-11-23 19:28] - [2013-11-23 19:28] - 0255488 ____A (Microsoft Corporation) 5BAF7714E68F93515A937A3FA8587EF9

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2013-11-23 19:26] - [2013-11-23 19:26] - 0828416 ____A (Microsoft Corporation) 6468B696C65775D51A06615830E0E79D

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-11-23 19:28] - [2013-11-23 19:28] - 3532288 ____A (Microsoft Corporation) 86D0BF4F792053A50D6EE43DFA5837A5

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll
[2013-11-23 19:28] - [2013-11-23 19:28] - 0433664 ____A (Microsoft Corporation) F4414F57DF2CECB8FC969AA43A6B0D50

C:\Windows\System32\iphlpsvc.dll
[2013-11-23 19:28] - [2013-11-23 19:28] - 0903168 ____A (Microsoft Corporation) DFC4050D58565ADBEE793A8D4AEBDAE6

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

 



#16 TripleTripe Re: [RESOLVED] "TBHostSupport" "mysearchresults"

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 07:19 AM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 11 December 2013 - 08:39 AM

TFS results:

 

 

Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: All Users
 
User: ASUS
->Temp folder emptied: 1200127 bytes
->Temporary Internet Files folder emptied: 10733290 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default.migrated
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16759 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 0 bytes
Process complete!
 
Total Files Cleaned = 11.00 mb

 

 

now left ESET online scan, will post if found some
 



#17 TripleTripe Re: [RESOLVED] "TBHostSupport" "mysearchresults"

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 07:19 AM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 11 December 2013 - 08:37 PM

ESET didn't found any bad thing, ready for next step mate :)



#18 Broni Re: [RESOLVED] "TBHostSupport" "mysearchresults"

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 36,019 posts
  • 2,176 topics
    • Time Online: 220d 21h 7m 29s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 08:19 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 11 December 2013 - 09:52 PM

p22002970.gif Update Firefox to the latest 26.0 version.

 

p22002970.gif Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

 

p22002970.gif Update Adobe Reader

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader and install one of two free alternatives:

- Foxit PDF Reader from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

- PDF-XChange Viewer: http://www.tracker-s...-xchange-viewer

 

p22002970.gif 1. Update your Java version here: http://www.java.com/...load/manual.jsp
Alternate download: http://www.filehippo.com/search?q=java

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

 

======================================

 

Your computer is clean p3879546.jpg

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:


:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.


2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.


If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla....US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/v...nning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingc.../topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingc...er-safe-online/

14. Please, let me know, how your computer is doing.

p22003266.jpg  p22003279.jpgp4279089.jpg


#19 TripleTripe Re: [RESOLVED] "TBHostSupport" "mysearchresults"

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 07:19 AM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 12 December 2013 - 06:59 PM

roger that sir, please know it im with you, but brother didnt give the Laptop to update.. will do man.

I report the news when can, thx you alot my friend.



#20 Broni Re: [RESOLVED] "TBHostSupport" "mysearchresults"

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 36,019 posts
  • 2,176 topics
    • Time Online: 220d 21h 7m 29s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 08:19 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 12 December 2013 - 07:30 PM

p22003888.gif


p22003266.jpg  p22003279.jpgp4279089.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users