Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Certified-Toolbar on my browsers and MS Outlook [Solved]

Started by chermesh , Jan 19 2013 04:39 AM

  • This topic is locked This topic is locked

#31
gringo_pr
Posted 27 January 2013 - 07:43 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
  • 0

Advertisements

#32
chermesh
Posted 27 January 2013 - 01:11 PM

chermesh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
And, a point wasn't aware of, my IE9 is configured to use this [bleep] search engine with no way I could identify neither to delete nor to change from its preferred default search engine. only chrome is clean.
  • 0

#33
gringo_pr
Posted 27 January 2013 - 02:16 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
OK send me the new OTL scan
  • 0

#34
chermesh
Posted 27 January 2013 - 02:42 PM

chermesh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OTL.txt
=======

OTL logfile created on: 27/01/2013 22:21:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ran\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040d | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 32.17% Memory free
7.00 Gb Paging File | 4.12 Gb Available in Paging File | 58.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 488.58 Gb Total Space | 366.46 Gb Free Space | 75.00% Space Free | Partition Type: NTFS
Drive D: | 292.96 Gb Total Space | 213.53 Gb Free Space | 72.89% Space Free | Partition Type: NTFS
Drive E: | 149.96 Gb Total Space | 20.65 Gb Free Space | 13.77% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 493.56 Gb Free Space | 52.98% Space Free | Partition Type: NTFS

Computer Name: RAN-PC | User Name: Ran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ran\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DFX\DFX.exe ()
PRC - C:\Users\Ran\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Hola\app\hola_svc.exe (Hola Networks Ltd.)
PRC - C:\Program Files\Hola\app\hola.exe (Hola Networks Ltd.)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe ()
PRC - C:\Program Files\DFX\Universal\Apps\dfxItunesSong.exe ()
PRC - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files\BlueStacks\HD-SharedFolder.exe (BlueStack Systems)
PRC - C:\Program Files\BlueStacks\HD-BlockDevice.exe (BlueStack Systems)
PRC - C:\Program Files\BlueStacks\HD-Network.exe (BlueStack Systems)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.)
PRC - C:\Users\Ran\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
PRC - C:\Program Files\Hotspot Shield\bin\openvpntray.exe (AnchorFree Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink)
PRC - C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\vthumbPDVD12.exe (CyberLink)
PRC - C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink)
PRC - C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMediaInfoPDVD12.exe (CyberLink)
PRC - C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe (Condusiv Technologies)
PRC - C:\Program Files\1Password\Agile1pAgent.exe (AgileBits)
PRC - C:\Program Files\1Password\Agile1pService.exe (AgileBits)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\PC Tools Security\TFEngine\TFService.exe (PC Tools)
PRC - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Ghotit\Ghotit.Setup.Administration.exe (Ghotit Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\DFX\DFX.exe ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.56\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.56\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll ()
MOD - C:\Program Files\Common Files\DFX\Dlls\dfxShared32.dll ()
MOD - C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe ()
MOD - C:\Program Files\DFX\Universal\Apps\dfxItunesSong.exe ()
MOD - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Locale\en_IL\AcroTray.MEH ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\PC Tools Security\SpamMonitor\SMPlugin.dll ()
MOD - C:\Program Files\PC Tools Security\PCTUI\PCTUI.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()


========== Services (SafeList) ==========

SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe File not found
SRV - (hola_svc) -- C:\Program Files\Hola\app\hola_svc.exe (Hola Networks Ltd.)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (hola_updater) -- C:\Program Files\Hola\app\hola_updater.exe (Hola Networks Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (BstHdLogRotatorSvc) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
SRV - (BstHdAndroidSvc) -- C:\Program Files\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.)
SRV - (hshld) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.)
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (CyberLink PowerDVD 12 Media Server Service) -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink)
SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink)
SRV - (CLHNServiceForPowerDVD12) -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Diskeeper) -- C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe (Condusiv Technologies)
SRV - (Agile1Password) -- C:\Program Files\1Password\Agile1pService.exe (AgileBits)
SRV - (Guard Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (EaseUS Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (ThreatFire) -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (GhotitAdminSrv) -- C:\Program Files\Ghotit\Ghotit.Setup.Administration.exe (Ghotit Ltd.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (iReboot) -- C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (pctEFA) -- C:\Windows\System32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\Windows\System32\drivers\pctDS.sys (PC Tools)
DRV - (hola-drv) -- C:\Windows\System32\drivers\hola_drv.sys (Hola Networks Ltd.)
DRV - (hola_net) -- C:\Windows\System32\drivers\hola_net.sys (Hola Networks Ltd.)
DRV - (hola-mon-drv) -- C:\Windows\System32\drivers\hola_mon_drv.sys (Hola Networks Ltd.)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (BstHdDrv) -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys (BlueStack Systems)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.)
DRV - (HssDRV6) -- C:\Windows\System32\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (PCTSD) -- C:\Windows\System32\drivers\PCTSD.sys (PC Tools)
DRV - (pctgntdi) -- C:\Windows\System32\drivers\pctgntdi.sys (PC Tools)
DRV - (PCTCore) -- C:\Windows\System32\drivers\PCTCore.sys (PC Tools)
DRV - (PCTAppEvent) -- C:\Windows\System32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (Apowersoft_AudioDevice) -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (DFX11_1) -- C:\Windows\System32\drivers\dfx11_1.sys (Windows ® Win 7 DDK provider)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (DFX11_0) -- C:\Windows\System32\drivers\dfx11_0.sys (Windows ® Win 7 DDK provider)
DRV - (DKTLFSMF) -- C:\Windows\System32\drivers\DKTLFSMF.sys (Condusiv Technologies)
DRV - (ntk_PowerDVD12) -- C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys (Cyberlink Corp.)
DRV - (DKRtWrt) -- C:\Windows\System32\drivers\DKRtWrt.sys (Condusiv Technologies)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (Power Software Ltd)
DRV - (EUFDDISK) -- C:\Windows\System32\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBKMON) -- C:\Windows\System32\drivers\EUBKMON.sys ()
DRV - (EUDSKACS) -- C:\Windows\System32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBAKUP) -- C:\Windows\System32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (cbfs3) -- C:\Windows\System32\drivers\cbfs3.sys (EldoS Corporation)
DRV - (DKDFM) -- C:\Windows\System32\drivers\DKDFM.sys (Condusiv Technologies)
DRV - (VASDeviceDrm) -- C:\Windows\System32\drivers\vasdDev.sys (ShiningMorning Inc.)
DRV - (pctplsg) -- C:\Windows\System32\drivers\pctplsg.sys (PC Tools)
DRV - (pctplfw) -- C:\Windows\System32\drivers\pctplfw.sys (PC Tools)
DRV - (TFSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)
DRV - (pctNdisLW) -- C:\Windows\System32\drivers\pctNdisLW.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (PCTBD) -- C:\Windows\System32\drivers\PCTBD.sys (PC Tools)
DRV - (WsAudio_DeviceS(3) -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV - (WsAudio_DeviceS(2) -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV - (WsAudio_DeviceS(1) -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = he
IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\..\SearchScopes,DefaultScope = {12AC2231-07E9-4EA9-BBC6-C7C5AA97AC78}
IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\..\SearchScopes\{10B994B8-28A5-4E12-A42F-E1530C06076C}: "URL" = http://he.wikipedia....חד:חיפוש
IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\..\SearchScopes\{12AC2231-07E9-4EA9-BBC6-C7C5AA97AC78}: "URL" = http://search.certif...q={searchTerms}
IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\..\SearchScopes\{6C5A5A8A-4972-4A0D-BE86-D2514C10403F}: "URL" = http://en.wikipedia....i/{searchTerms}
IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\..\SearchScopes\{C5F50383-4BA7-4EC2-B8D6-D4B043096B29}: "URL" = http://search.condui...&ctid=CT2296690
IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555
IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://127.0.0.1:6853/wpad.pac?stamp=0

IE - HKU\S-1-5-21-3973298808-799549144-3886505039-1008\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.geekstogo...2|about:addons"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll File not found
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9193F654-D886-4fef-8894-A97EF6623104}: C:\Program Files\iSkysoft\Free Video Downlaoder\SVRFirefoxExt\ [2012/10/28 09:57:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}: C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ [2012/12/07 16:06:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013/01/12 17:17:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2013/01/22 19:39:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 23:07:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 23:07:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 23:07:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 23:07:07 | 000,000,000 | ---D | M]

[2012/10/19 01:00:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ran\AppData\Roaming\mozilla\Extensions
[2012/10/16 23:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ran\AppData\Roaming\mozilla\Firefox\extensions
[2012/10/16 23:19:24 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Ran\AppData\Roaming\mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/01/27 12:54:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ran\AppData\Roaming\mozilla\Firefox\Profiles\uju1ajim.default-1359230836986\extensions
[2013/01/27 12:54:19 | 001,519,274 | ---- | M] () (No name found) -- C:\Users\Ran\AppData\Roaming\mozilla\firefox\profiles\uju1ajim.default-1359230836986\extensions\[email protected]
[2013/01/19 17:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/18 23:07:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/01/18 23:07:32 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 19:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 19:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: DeeperWeb (Enabled)
CHR - default_search_provider: search_url = http://www.deeperweb.com/results.php?cx=!004415538554621685521%3Avgwa9iznfuo&cof=FORID%3A11%3BNB%3A1&ie=UTF-8&src=p2&q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Wondershare Video Convert Chrome Plugin (Enabled) = C:\Users\Ran\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp\6.0.0_0\npSVRChromePlugin.dll
CHR - plugin: Adobe Create PDF (Enabled) = C:\Users\Ran\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\plugin/npWCChromeExtnStub.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Ran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U11 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\system32\npDeployJava1.dll

O1 HOSTS File: ([2013/01/27 09:18:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (iSkysoft Video Downloader) - {133232D2-DAE3-4B6F-AAC2-17CD87495682} - C:\Program Files\iSkysoft\Free Video Downlaoder\SVRIEPlugin.dll (iSkySoft)
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Wondershare Video Converter Ultimate) - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CutePDF Form Filler Helper) - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Pro\CPFillerCo.dll (Acro Software Inc.)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IEButton Class) - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {650EB965-8A1D-41C9-A941-0578F5CFC569} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Agile1pAgent] C:\Program Files\1Password\Agile1pAgent.exe (AgileBits)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DFX] C:\Program Files\DFX\DFX.exe ()
O4 - HKLM..\Run: [GhotitMonitor] C:\Program Files\Ghotit\Ghotit.Setup.Administration.exe (Ghotit Ltd.)
O4 - HKLM..\Run: [hola] C:\Program Files\Hola\app\hola.exe (Hola Networks Ltd.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3973298808-799549144-3886505039-1000..\Run: [ADB84C058E375A28FC96CDDFE59DDB89C7543610._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3973298808-799549144-3886505039-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3973298808-799549144-3886505039-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3973298808-799549144-3886505039-1000..\Run: [GoogleChromeAutoLaunch_A11FB05A9E80780283AA19DAF68B649C] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3973298808-799549144-3886505039-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3973298808-799549144-3886505039-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3973298808-799549144-3886505039-1000..\Run: [SkyDrive] C:\Users\Ran\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3973298808-799549144-3886505039-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Ran\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\My Program.lnk = C:\Program Files\FingerPrint\FingerPrint.exe (Collobos Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3973298808-799549144-3886505039-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3973298808-799549144-3886505039-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O8 - Extra context menu item: Download with USDownloader - Reg Error: Value error. File not found
O8 - Extra context menu item: Save &image with Flash and Media Capture - res://C:\Program Files\MetaProducts Flash & Media Capture\FMCapt.dll/saveimg.htm File not found
O8 - Extra context menu item: Save &media files with Flash and Media Capture - res://C:\Program Files\MetaProducts Flash & Media Capture\FMCapt.dll/savemedia.htm File not found
O8 - Extra context menu item: Save Flash - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions)
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions)
O9 - Extra Button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : 1Password Ctrl+\ - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: שלח אל OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ש&לח אל OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ה&ערות מקושרות של OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ה&ערות מקושרות של OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Save Media files - {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.57.2.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D58FE94F-8666-451D-804A-718B381714ED}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE910E1D-AD83-4DDC-B269-81D2C035DAD8}: DhcpNameServer = 213.57.2.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/11/30 21:40:55 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/27 22:08:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ran\Desktop\OTL.exe
[2013/01/26 22:07:21 | 000,000,000 | ---D | C] -- C:\Users\Ran\Desktop\Old Firefox Data-1
[2013/01/26 22:03:59 | 000,000,000 | ---D | C] -- C:\Users\Ran\Desktop\Old Firefox Data
[2013/01/26 12:53:36 | 000,000,000 | ---D | C] -- C:\Users\Ran\Documents\מחברות של OneNote
[2013/01/24 09:32:52 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Local\Apps
[2013/01/23 19:56:34 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Local\44A43275-68CD-4C70-8F45-4EA6DC0B6572.aplzod
[2013/01/23 13:19:25 | 000,000,000 | -H-D | C] -- C:\SkyDriveTemp
[2013/01/23 11:38:47 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Roaming\GetRightToGo
[2013/01/23 11:38:47 | 000,000,000 | ---D | C] -- C:\Downloads
[2013/01/23 09:59:47 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ran\Desktop\HijackThis.exe
[2013/01/23 09:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/23 09:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/01/23 09:36:42 | 000,000,000 | ---D | C] -- C:\USERS\RAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Revo Uninstaller
[2013/01/23 09:19:11 | 000,000,000 | ---D | C] -- C:\Users\Ran\Start Menu
[2013/01/22 19:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools File and Registry Tool
[2013/01/22 19:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Registry Tool
[2013/01/22 19:42:41 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Roaming\PC Tools
[2013/01/22 19:42:38 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Roaming\Spam Monitor
[2013/01/22 19:39:40 | 000,056,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys
[2013/01/22 19:39:39 | 002,250,704 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2013/01/22 19:39:39 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2013/01/22 19:39:39 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2013/01/22 19:31:38 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2013/01/22 19:31:38 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2013/01/22 19:31:37 | 000,260,760 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2013/01/22 19:31:37 | 000,178,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2013/01/22 19:31:34 | 000,368,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2013/01/22 19:31:34 | 000,163,288 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2013/01/22 19:31:32 | 000,574,424 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2013/01/22 19:31:32 | 000,054,328 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2013/01/22 19:31:32 | 000,035,264 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2013/01/22 19:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2013/01/22 19:31:27 | 000,058,400 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdisLW.sys
[2013/01/22 19:31:26 | 000,125,888 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2013/01/22 19:31:26 | 000,091,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2013/01/22 19:31:26 | 000,032,936 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2013/01/22 19:31:25 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2013/01/22 19:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2013/01/22 12:52:17 | 000,000,000 | ---D | C] -- C:\USERS\RAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SpyHunter
[2013/01/22 12:52:16 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/01/22 12:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/01/22 12:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/01/21 22:33:28 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Local\CrashDumps
[2013/01/21 22:26:11 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Ran\Desktop\aswMBR.exe
[2013/01/21 17:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2013/01/21 17:05:31 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2013/01/21 17:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2013/01/21 17:03:30 | 000,202,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2013/01/21 17:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2013/01/21 17:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013/01/21 17:02:02 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Roaming\TestApp
[2013/01/21 11:42:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\True Sword 5
[2013/01/20 13:45:45 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ran\Desktop\tdsskiller.exe
[2013/01/19 19:08:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/19 19:08:12 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Local\temp
[2013/01/19 18:52:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/19 18:52:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/19 18:52:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/19 18:51:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/19 18:51:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/19 18:47:51 | 005,023,971 | R--- | C] (Swearware) -- C:\Users\Ran\Desktop\ComboFix.exe
[2013/01/19 18:04:10 | 000,000,000 | ---D | C] -- C:\Users\Ran\Desktop\RK_Quarantine
[2013/01/19 16:26:27 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Ran\Desktop\dds.scr
[2013/01/18 23:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/18 18:22:53 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Roaming\Condusiv_Technologies
[2013/01/18 18:22:53 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Local\Condusiv_Technologies
[2013/01/18 14:20:33 | 000,085,328 | ---- | C] (Condusiv Technologies) -- C:\Windows\System32\drivers\DKTLFSMF.sys
[2013/01/18 14:20:28 | 000,035,120 | ---- | C] (Condusiv Technologies) -- C:\Windows\System32\drivers\DKDFM.sys
[2013/01/18 14:20:10 | 000,044,496 | ---- | C] (Condusiv Technologies) -- C:\Windows\System32\drivers\DKRtWrt.sys
[2013/01/18 14:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Condusiv Technologies
[2013/01/18 14:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Diskeeper Corporation
[2013/01/18 14:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Condusiv Technologies
[2013/01/18 14:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Home Server
[2013/01/18 14:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\Condusiv Technologies
[2013/01/18 14:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\Diskeeper Setup Files
[2013/01/18 14:15:44 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Roaming\FTDownTango1bToolbar
[2013/01/18 14:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\FTDownTango1bToolbar
[2013/01/18 14:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango
[2013/01/18 13:53:28 | 000,000,000 | ---D | C] -- C:\Users\Ran\Documents\פיצוי ללא נזק
[2013/01/16 18:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/16 18:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/01/16 04:03:28 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2013/01/15 11:26:32 | 000,000,000 | ---D | C] -- C:\Users\Ran\Documents\חאלדי
[2013/01/12 17:28:35 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Roaming\SolidDocuments
[2013/01/12 15:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Readiris Pro 11 Mr.Underground Edition
[2013/01/12 15:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Readiris Pro 11 Mr.Underground Edition
[2013/01/11 22:26:32 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Roaming\Thinstall
[2013/01/11 10:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/01/10 15:28:08 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Roaming\Cocoon Software
[2013/01/10 15:28:06 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Local\WDSetup
[2013/01/10 15:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickMediaConverter
[2013/01/10 14:08:59 | 000,000,000 | ---D | C] -- C:\USERS\RAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PlayFLV
[2013/01/10 14:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayFLV
[2013/01/10 14:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\PlayFLV
[2013/01/10 00:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Movavi Video Suite 10 SE
[2013/01/09 22:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jetVideo
[2013/01/09 22:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\JetVideo
[2013/01/09 13:29:04 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 13:28:43 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/09 13:28:43 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/09 13:28:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 13:28:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 13:28:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 13:28:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 13:28:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 13:28:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 13:28:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 13:28:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 13:28:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 13:28:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 13:28:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 13:28:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 13:28:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 13:28:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 13:28:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 13:28:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 13:28:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 13:28:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 13:28:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 13:28:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 13:28:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 13:28:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 13:28:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 13:28:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 13:28:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 13:28:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 13:28:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 13:28:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 13:28:17 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/01/09 13:28:16 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/01/09 13:28:16 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/01/09 13:28:16 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/01/09 13:28:16 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/01/09 13:28:16 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/01/09 13:28:16 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/01/09 13:28:16 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/01/09 13:28:16 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/01/09 13:28:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/01/09 13:28:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/01/09 13:28:16 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/01/09 13:28:14 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/01/09 13:28:14 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/01/09 13:28:14 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/01/09 13:28:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/01/09 13:28:07 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/09 13:28:06 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/01/08 23:01:04 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Roaming\COWON
[2013/01/08 22:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COWON
[2013/01/08 22:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COWON Media Center - jetAudio
[2013/01/08 22:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\JetAudio
[2013/01/07 13:20:00 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Local\PutLockerDownloader
[2013/01/07 13:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\PutLockerDownloader
[2013/01/07 13:19:29 | 000,000,000 | ---D | C] -- C:\USERS\RAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PutLockerDownloader.com
[2013/01/06 14:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\Readiris Corporate 12
[2013/01/06 12:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/01/06 11:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\Readiris Pro 12
[2013/01/01 18:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/01 11:51:30 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Roaming\MetaProducts
[2013/01/01 11:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaProducts Flash and Media Capture
[2013/01/01 11:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MetaProducts
[2013/01/01 11:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\MetaProducts Flash & Media Capture
[2013/01/01 11:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\UnH Solutions
[2013/01/01 11:12:21 | 000,000,000 | ---D | C] -- C:\USERS\RAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Flash Saving Plugin
[2013/01/01 11:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Saving Plugin
[2012/12/31 10:40:01 | 000,000,000 | ---D | C] -- C:\Users\Ran\AppData\Roaming\XBMC
[2012/12/31 10:39:52 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2012/12/31 10:38:54 | 000,000,000 | ---D | C] -- C:\USERS\RAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\XBMC
[2012/12/31 10:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\XBMC
[2012/12/30 23:24:26 | 000,000,000 | ---D | C] -- C:\USERS\RAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Advanced Zip Repair
[2012/12/30 23:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\AZR
[2012/12/30 10:30:52 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
[2012/12/30 09:28:02 | 000,000,000 | ---D | C] -- C:\MediaServer
[2012/12/29 12:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2012/12/29 12:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2012/12/29 12:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\BlueStacks
[2012/06/06 06:06:50 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files\Common Files\atimpenc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ran\AppData\Local\*.tmp files -> C:\Users\Ran\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/27 22:27:28 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/27 22:27:28 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/27 22:19:38 | 001,912,767 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2013/01/27 22:16:51 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/27 22:16:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/27 22:16:33 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/27 22:08:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ran\Desktop\OTL.exe
[2013/01/27 21:36:18 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/27 21:16:05 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/27 15:02:23 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013/01/27 12:30:01 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\DFX.lnk
[2013/01/26 19:47:06 | 000,035,925 | ---- | M] () -- C:\Users\Ran\Desktop\bookmarks-2013-01-26.json
[2013/01/25 23:45:25 | 000,052,077 | ---- | M] () -- C:\Users\Ran\Desktop\excel-security.jpg
[2013/01/23 22:31:37 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013/01/23 20:49:53 | 000,001,107 | ---- | M] () -- C:\Users\Ran\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/01/23 17:22:01 | 000,093,844 | ---- | M] () -- C:\Users\Ran\Documents\אופן חישוב תמורה בעד עבודה בשעות נוספות - הילה פורת - עורך דין.pdf
[2013/01/23 13:14:17 | 000,452,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/23 10:42:31 | 000,909,728 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2013/01/23 10:42:29 | 000,342,168 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2013/01/23 10:42:27 | 000,017,848 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2013/01/23 09:59:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ran\Desktop\HijackThis.exe
[2013/01/22 23:25:57 | 000,001,399 | ---- | M] () -- C:\spyhunter.fix
[2013/01/22 19:46:15 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools File and Registry Tool.lnk
[2013/01/22 19:42:35 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SM.lock
[2013/01/22 14:32:17 | 000,024,119 | ---- | M] () -- C:\Users\Ran\Desktop\CTS5.jpg
[2013/01/22 14:31:12 | 000,029,196 | ---- | M] () -- C:\Users\Ran\Desktop\CTS4.jpg
[2013/01/22 14:30:02 | 000,022,119 | ---- | M] () -- C:\Users\Ran\Desktop\CTS3.jpg
[2013/01/22 14:29:18 | 000,055,854 | ---- | M] () -- C:\Users\Ran\Desktop\CTS2.jpg
[2013/01/22 14:28:11 | 000,021,380 | ---- | M] () -- C:\Users\Ran\Desktop\CTS1.jpg
[2013/01/22 12:52:17 | 000,002,244 | ---- | M] () -- C:\Users\Ran\Desktop\SpyHunter.lnk
[2013/01/22 00:20:35 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Hola.lnk
[2013/01/22 00:20:24 | 000,460,784 | ---- | M] (Hola Networks Ltd.) -- C:\Windows\System32\drivers\hola_drv.sys
[2013/01/22 00:20:24 | 000,072,560 | ---- | M] (Hola Networks Ltd.) -- C:\Windows\System32\drivers\hola_net.sys
[2013/01/22 00:20:24 | 000,070,768 | ---- | M] (Hola Networks Ltd.) -- C:\Windows\System32\drivers\hola_mon_drv.sys
[2013/01/21 23:14:11 | 013,462,931 | ---- | M] () -- C:\Users\Ran\Desktop\mbar-1.01.0.1016.zip
[2013/01/21 22:43:01 | 000,000,512 | ---- | M] () -- C:\Users\Ran\Desktop\MBR.dat
[2013/01/21 22:26:35 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Ran\Desktop\aswMBR.exe
[2013/01/20 13:45:49 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ran\Desktop\tdsskiller.exe
[2013/01/19 22:59:35 | 000,654,712 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/19 22:59:35 | 000,392,634 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2013/01/19 22:59:35 | 000,121,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/19 22:59:35 | 000,084,360 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
[2013/01/19 18:48:08 | 005,023,971 | R--- | M] (Swearware) -- C:\Users\Ran\Desktop\ComboFix.exe
[2013/01/19 17:51:09 | 000,764,416 | ---- | M] () -- C:\Users\Ran\Desktop\RogueKiller.exe
[2013/01/19 17:49:13 | 000,574,677 | ---- | M] () -- C:\Users\Ran\Desktop\adwcleaner.exe
[2013/01/19 16:30:53 | 000,000,000 | ---- | M] () -- C:\Users\Ran\defogger_reenable
[2013/01/19 16:30:03 | 000,000,181 | ---- | M] () -- C:\Users\Ran\Desktop\ Certified-Toolbar on my browsers and MS Outlook .url
[2013/01/19 16:26:37 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Ran\Desktop\dds.scr
[2013/01/19 16:24:28 | 000,881,914 | ---- | M] () -- C:\Users\Ran\Desktop\SecurityCheck.exe
[2013/01/19 16:22:23 | 000,050,477 | ---- | M] () -- C:\Users\Ran\Desktop\Defogger.exe
[2013/01/18 18:28:30 | 000,006,572 | ---- | M] () -- C:\Windows\System32\RW_AppData.dat
[2013/01/18 18:28:30 | 000,005,984 | ---- | M] () -- C:\Windows\System32\RW_FileType.dat
[2013/01/18 18:28:30 | 000,001,232 | ---- | M] () -- C:\Windows\System32\EvGr_Data{3971A78B-17D3-11E2-898B-806E6F6E6963}.dat
[2013/01/18 18:28:30 | 000,000,360 | ---- | M] () -- C:\Windows\System32\RW_FileFlag.dat
[2013/01/18 18:28:30 | 000,000,056 | ---- | M] () -- C:\Windows\System32\RW_{3971A7A0-17D3-11E2-898B-806E6F6E6963}.dat
[2013/01/18 18:28:30 | 000,000,056 | ---- | M] () -- C:\Windows\System32\RW_{3971A78C-17D3-11E2-898B-806E6F6E6963}.dat
[2013/01/18 18:28:30 | 000,000,056 | ---- | M] () -- C:\Windows\System32\RW_{3971A78B-17D3-11E2-898B-806E6F6E6963}.dat
[2013/01/18 18:28:30 | 000,000,056 | ---- | M] () -- C:\Windows\System32\RW_{3971A78A-17D3-11E2-898B-806E6F6E6963}.dat
[2013/01/18 18:28:30 | 000,000,056 | ---- | M] () -- C:\Windows\System32\RW_{3606609F-1EA6-11E2-AC08-00241D851148}.dat
[2013/01/18 18:28:30 | 000,000,016 | ---- | M] () -- C:\Windows\System32\EvGr_Data{3971A7A0-17D3-11E2-898B-806E6F6E6963}.dat
[2013/01/18 18:28:30 | 000,000,016 | ---- | M] () -- C:\Windows\System32\EvGr_Data{3971A78C-17D3-11E2-898B-806E6F6E6963}.dat
[2013/01/18 18:28:30 | 000,000,016 | ---- | M] () -- C:\Windows\System32\EvGr_Data{3971A78A-17D3-11E2-898B-806E6F6E6963}.dat
[2013/01/18 18:28:30 | 000,000,016 | ---- | M] () -- C:\Windows\System32\EvGr_Data{3606609F-1EA6-11E2-AC08-00241D851148}.dat
[2013/01/18 14:15:41 | 000,001,461 | ---- | M] () -- C:\Users\Ran\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare Video Converter Ultimate.lnk
[2013/01/18 14:15:40 | 000,001,941 | ---- | M] () -- C:\Users\Ran\Application Data\Microsoft\Internet Explorer\Quick Launch\jetVideo.lnk
[2013/01/18 14:15:40 | 000,001,440 | ---- | M] () -- C:\Users\Ran\Application Data\Microsoft\Internet Explorer\Quick Launch\iSkysoft Video Converter Ultimate.lnk
[2013/01/18 14:15:40 | 000,000,422 | ---- | M] () -- C:\Users\Ran\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/01/18 14:15:40 | 000,000,404 | ---- | M] () -- C:\Users\Ran\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/01/18 11:14:39 | 000,027,136 | ---- | M] () -- C:\Users\Ran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/18 10:34:54 | 001,015,121 | ---- | M] () -- C:\Users\Ran\Documents\הסמכה לרפואנים מחול.pdf
[2013/01/16 12:13:33 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/01/16 12:13:33 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/01/16 11:52:05 | 000,423,245 | ---- | M] () -- C:\Users\Ran\Desktop\16-01-2013 שולה בדיקות.jpg
[2013/01/15 17:36:13 | 000,102,022 | ---- | M] () -- C:\Users\Ran\Documents\אישור הזמנה ישרוטל-קתדרה 21-210212.pdf
[2013/01/15 15:26:01 | 000,053,619 | ---- | M] () -- C:\Users\Ran\Desktop\DSResConfirm.htm
[2013/01/15 09:33:52 | 000,004,515 | ---- | M] () -- C:\Users\Ran\Desktop\1Pass-Acro.jpg
[2013/01/14 22:33:49 | 000,016,898 | ---- | M] () -- C:\Users\Ran\Desktop\whatswrong.jpg
[2013/01/13 18:16:16 | 000,063,036 | ---- | M] () -- C:\Users\Ran\Desktop\Hola Config.jpg
[2013/01/12 15:28:08 | 000,000,184 | ---- | M] () -- C:\Windows\Readiris.ini
[2013/01/10 00:03:14 | 000,004,974 | ---- | M] () -- C:\ProgramData\tbythlfa.ktx
[2013/01/09 23:42:46 | 251,157,587 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/09 20:36:08 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/09 20:36:08 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/08 13:41:34 | 000,094,016 | ---- | M] () -- C:\Users\Ran\Documents\IRS-Form-W9-Shoula.pdf
[2013/01/08 13:39:51 | 000,094,001 | ---- | M] () -- C:\Users\Ran\Documents\IRS-Form-W9-Ran.pdf
[2013/01/08 11:18:23 | 000,047,030 | R--- | M] () -- C:\Users\Ran\Documents\בן גוריון לאשכול-בחורי ישיבות.jpg
[2013/01/08 10:31:18 | 000,178,534 | ---- | M] () -- C:\Users\Ran\Documents\קבלה ביטוח בריאות 0113-0513.pdf
[2013/01/06 12:33:07 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/03 07:18:52 | 000,015,360 | ---- | M] () -- C:\Windows\Launcher.exe
[2013/01/01 18:43:16 | 000,002,212 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
[2013/01/01 12:20:59 | 000,054,257 | ---- | M] () -- C:\Users\Ran\Documents\MyBills_Payment_Confirmation_1797757-דוח חנייה 301212.pdf
[2013/01/01 12:01:30 | 000,157,705 | ---- | M] () -- C:\Users\Ran\Documents\card_16961_rs.swf
[2012/12/29 12:39:08 | 000,001,771 | ---- | M] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
[2012/12/29 12:38:53 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\Apps.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ran\AppData\Local\*.tmp files -> C:\Users\Ran\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/26 19:47:06 | 000,035,925 | ---- | C] () -- C:\Users\Ran\Desktop\bookmarks-2013-01-26.json
[2013/01/25 23:44:59 | 000,052,077 | ---- | C] () -- C:\Users\Ran\Desktop\excel-security.jpg
[2013/01/23 17:22:01 | 000,093,844 | ---- | C] () -- C:\Users\Ran\Documents\אופן חישוב תמורה בעד עבודה בשעות נוספות - הילה פורת - עורך דין.pdf
[2013/01/22 23:25:57 | 000,001,399 | ---- | C] () -- C:\spyhunter.fix
[2013/01/22 19:46:15 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools File and Registry Tool.lnk
[2013/01/22 19:42:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SM.lock
[2013/01/22 19:39:39 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2013/01/22 19:39:39 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2013/01/22 19:39:39 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2013/01/22 19:39:39 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2013/01/22 19:39:39 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2013/01/22 14:32:00 | 000,024,119 | ---- | C] () -- C:\Users\Ran\Desktop\CTS5.jpg
[2013/01/22 14:30:59 | 000,029,196 | ---- | C] () -- C:\Users\Ran\Desktop\CTS4.jpg
[2013/01/22 14:29:48 | 000,022,119 | ---- | C] () -- C:\Users\Ran\Desktop\CTS3.jpg
[2013/01/22 14:29:02 | 000,055,854 | ---- | C] () -- C:\Users\Ran\Desktop\CTS2.jpg
[2013/01/22 14:27:40 | 000,021,380 | ---- | C] () -- C:\Users\Ran\Desktop\CTS1.jpg
[2013/01/22 12:52:17 | 000,002,244 | ---- | C] () -- C:\Users\Ran\Desktop\SpyHunter.lnk
[2013/01/21 23:14:01 | 013,462,931 | ---- | C] () -- C:\Users\Ran\Desktop\mbar-1.01.0.1016.zip
[2013/01/21 22:43:01 | 000,000,512 | ---- | C] () -- C:\Users\Ran\Desktop\MBR.dat
[2013/01/21 17:03:43 | 001,912,767 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2013/01/19 18:52:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/19 18:52:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/19 18:52:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/19 18:52:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/19 18:52:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/19 17:51:03 | 000,764,416 | ---- | C] () -- C:\Users\Ran\Desktop\RogueKiller.exe
[2013/01/19 17:49:08 | 000,574,677 | ---- | C] () -- C:\Users\Ran\Desktop\adwcleaner.exe
[2013/01/19 16:30:53 | 000,000,000 | ---- | C] () -- C:\Users\Ran\defogger_reenable
[2013/01/19 16:29:20 | 000,000,181 | ---- | C] () -- C:\Users\Ran\Desktop\ Certified-Toolbar on my browsers and MS Outlook .url
[2013/01/19 16:24:18 | 000,881,914 | ---- | C] () -- C:\Users\Ran\Desktop\SecurityCheck.exe
[2013/01/19 16:22:21 | 000,050,477 | ---- | C] () -- C:\Users\Ran\Desktop\Defogger.exe
[2013/01/18 18:28:30 | 000,006,572 | ---- | C] () -- C:\Windows\System32\RW_AppData.dat
[2013/01/18 18:28:30 | 000,005,984 | ---- | C] () -- C:\Windows\System32\RW_FileType.dat
[2013/01/18 18:28:30 | 000,001,232 | ---- | C] () -- C:\Windows\System32\EvGr_Data{3971A78B-17D3-11E2-898B-806E6F6E6963}.dat
[2013/01/18 18:28:30 | 000,000,360 | ---- | C] () -- C:\Windows\System32\RW_FileFlag.dat
[2013/01/18 18:28:30 | 000,000,056 | ---- | C] () -- C:\Windows\System32\RW_{3971A7A0-17D3-11E2-898B-806E6F6E6963}.dat
[2013/01/18 18:28:30 | 000,000,056 | ---- | C] () -- C:\Windows\System32\RW_{3971A78C-17D3-11E2-898B-806E6F6E6963}.dat
[2013/01/18 18:28:30 | 000,000,056 | ---- | C] () -- C:\Windows\System32\RW_{3971A78B-17D3-11E2-898B-806E6F6E6963}.dat
[2013/01/18 18:28:30 | 000,000,056 | ---- | C] () -- C:\Windows\System32\RW_{3971A78A-17D3-11E2-898B-806E6F6E6963}.dat
[2013/01/18 18:28:30 | 000,000,056 | ---- | C] () -- C:\Windows\System32\RW_{3606609F-1EA6-11E2-AC08-00241D851148}.dat
[2013/01/18 18:28:30 | 000,000,016 | ---- | C] () -- C:\Windows\System32\EvGr_Data{3971A7A0-17D3-11E2-898B-806E6F6E6963}.dat
[2013/01/18 18:28:30 | 000,000,016 | ---- | C] () -- C:\Windows\System32\EvGr_Data{3971A78C-17D3-11E2-898B-806E6F6E6963}.dat
[2013/01/18 18:28:30 | 000,000,016 | ---- | C] () -- C:\Windows\System32\EvGr_Data{3971A78A-17D3-11E2-898B-806E6F6E6963}.dat
[2013/01/18 18:28:30 | 000,000,016 | ---- | C] () -- C:\Windows\System32\EvGr_Data{3606609F-1EA6-11E2-AC08-00241D851148}.dat
[2013/01/18 14:15:46 | 000,015,360 | ---- | C] () -- C:\Windows\Launcher.exe
[2013/01/18 10:34:49 | 001,015,121 | ---- | C] () -- C:\Users\Ran\Documents\הסמכה לרפואנים מחול.pdf
[2013/01/16 11:47:13 | 000,423,245 | ---- | C] () -- C:\Users\Ran\Desktop\16-01-2013 שולה בדיקות.jpg
[2013/01/15 17:36:13 | 000,102,022 | ---- | C] () -- C:\Users\Ran\Documents\אישור הזמנה ישרוטל-קתדרה 21-210212.pdf
[2013/01/15 09:23:58 | 000,004,515 | ---- | C] () -- C:\Users\Ran\Desktop\1Pass-Acro.jpg
[2013/01/14 22:33:02 | 000,016,898 | ---- | C] () -- C:\Users\Ran\Desktop\whatswrong.jpg
[2013/01/13 18:15:42 | 000,063,036 | ---- | C] () -- C:\Users\Ran\Desktop\Hola Config.jpg
[2013/01/12 17:18:33 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
[2013/01/12 17:18:33 | 000,002,186 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
[2013/01/12 17:18:33 | 000,002,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
[2013/01/10 00:03:14 | 000,004,974 | ---- | C] () -- C:\ProgramData\tbythlfa.ktx
[2013/01/09 23:00:10 | 000,001,941 | ---- | C] () -- C:\Users\Ran\Application Data\Microsoft\Internet Explorer\Quick Launch\jetVideo.lnk
[2013/01/08 13:41:34 | 000,094,016 | ---- | C] () -- C:\Users\Ran\Documents\IRS-Form-W9-Shoula.pdf
[2013/01/08 13:39:51 | 000,094,001 | ---- | C] () -- C:\Users\Ran\Documents\IRS-Form-W9-Ran.pdf
[2013/01/08 11:16:43 | 000,047,030 | R--- | C] () -- C:\Users\Ran\Documents\בן גוריון לאשכול-בחורי ישיבות.jpg
[2013/01/08 10:31:17 | 000,178,534 | ---- | C] () -- C:\Users\Ran\Documents\קבלה ביטוח בריאות 0113-0513.pdf
[2013/01/06 12:33:03 | 000,002,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/06 11:52:41 | 000,000,184 | ---- | C] () -- C:\Windows\Readiris.ini
[2013/01/01 12:20:58 | 000,054,257 | ---- | C] () -- C:\Users\Ran\Documents\MyBills_Payment_Confirmation_1797757-דוח חנייה 301212.pdf
[2013/01/01 12:01:30 | 000,157,705 | ---- | C] () -- C:\Users\Ran\Documents\card_16961_rs.swf
[2012/12/29 12:39:08 | 000,001,771 | ---- | C] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
[2012/12/29 12:38:53 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\Apps.lnk
[2012/12/20 14:49:45 | 000,727,952 | ---- | C] () -- C:\Windows\System32\WSCM64.dll
[2012/12/20 14:49:44 | 000,159,120 | ---- | C] () -- C:\Windows\System32\WSCM32.dll
[2012/12/09 11:18:01 | 000,153,088 | ---- | C] () -- C:\Windows\System32\ISCM32.dll
[2012/12/07 15:42:46 | 000,157,696 | ---- | C] () -- C:\Windows\System32\IS_VideoConverterContextMenu.dll
[2012/11/27 15:33:40 | 000,027,136 | ---- | C] () -- C:\Users\Ran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/27 09:19:29 | 000,000,009 | ---- | C] () -- C:\Users\Ran\AppData\Local\~wmrg
[2012/11/25 16:32:00 | 000,002,212 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012/10/26 17:27:29 | 000,038,509 | ---- | C] () -- C:\Users\Ran\AppData\Roaming\ערכים מופרדים באמצעות פסיקים (Windows).ADR
[2012/10/24 12:42:58 | 001,936,528 | ---- | C] () -- C:\Windows\System32\ltmm15.dll
[2012/10/22 13:56:47 | 000,000,600 | ---- | C] () -- C:\Users\Ran\PUTTY.RND
[2012/10/20 13:16:18 | 000,000,022 | -HS- | C] () -- C:\Users\Ran\AppData\Roaming\Windows1569_SettingsRepository.bin
[2012/10/20 13:16:18 | 000,000,022 | -HS- | C] () -- C:\Windows\90C7D912BE2316.sys
[2012/10/19 18:58:14 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/10/17 09:58:57 | 000,081,920 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2012/10/17 09:58:57 | 000,049,152 | ---- | C] () -- C:\Windows\System32\uninscpw.exe
[2012/10/16 23:26:07 | 000,042,120 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2012/10/15 18:21:49 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/10/15 18:21:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/09/06 09:57:26 | 004,399,616 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/07/02 23:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/06/09 22:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/05/21 21:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\System32\mlc.dll
[2011/12/08 02:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/10/15 18:21:26 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 168 bytes -> C:\Users\Ran\Documents\תעודת זהות-רן.jpg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Ran\Documents\מרצה מצטיין תשמז-2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Ran\Documents\מרצה מצטיין תשמז-1.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 16 bytes -> C:\Users\Ran\Downloads:Shareaza.GUID
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >
  • 0

#35
chermesh
Posted 28 January 2013 - 12:26 AM

chermesh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Looks like I found a way to catch the culprit, at least to hold it temporarily.
I've deleted my firefox shortcut on the taskbar and started firefox from its source. A new shortcut showed on on the taskbar. I right clicked on this shortcut, and then rightclicked on the "Mozilla firefox" icon. There, I entered the path line and found the following contents:

"C:\Program Files\Mozilla Firefox\firefox.exe" http://search.certif...ortcut&tid=3201

I deleted the last part, and left only the following:

"C:\Program Files\Mozilla Firefox\firefox.exe"

Let's see now if the search.certified-toolbars shows up again.
  • 0

#36
gringo_pr
Posted 28 January 2013 - 12:31 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
good hunting that down - it looks like it was part of the shortcut


Let me know how things go
  • 0

#37
chermesh
Posted 28 January 2013 - 12:47 AM

chermesh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Yes, it was part of the shortcut which I missed.
I rebooted and firefox opened the way it should. Still, for some reason, I opened all three tas which were part of my most recent run of the program. I opened Option, and discovered the [bleep] tool is specified as my home page. I changed it to the default, and looks like it behaves normally.
Still, there may be traces of the pest in my system. Wonder if and where.
  • 0

#38
chermesh
Posted 29 January 2013 - 07:26 AM

chermesh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I'm bothered from an unidentified user on my system. Look at this picture:

http://sdrv.ms/Wpm5qk[

The right hand shows the security properties of the firefox.exe file in its base location. The second shows the information for the same program when drawn from the taskbar location. The second includes a S-1-5-21... user, which I can't delete since its propertied are inherited from a location I don't.

This happens with each and every program icon on the taskbar.
  • 0

#39
gringo_pr
Posted 29 January 2013 - 12:00 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
S-1-5-21 - I have seen these numbers before and they are safe it gets real geeky about what it is but it is part of the normal operation of windows
  • 0

#40
chermesh
Posted 29 January 2013 - 01:35 PM

chermesh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Dear Gringo,
Is it time to say

http://sdrv.ms/VlNHtr

Is there any last check you would like to suggest?
If not, I appreciate each and every bit of your time, effort, and expertise.

Ran
  • 0

Advertisements

#41
gringo_pr
Posted 29 January 2013 - 07:34 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Actually I want you to run this new tool that will search the computer for any other infected shortcuts and clean them - http://www.bleepingc...ortcut-cleaner/



wish we had this the other day :cool:
  • 0

#42
chermesh
Posted 30 January 2013 - 01:24 AM

chermesh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Well, I'm glad you've decided to run this tool.

See CS-Cleaner.txt
==============

Shortcut Cleaner 1.0.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
Program started at: 01/30/2013 09:15:47 AM.


Searching C:\Users\Ran\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Ran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
* Shortcut Cleaned: C:\Users\Ran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iSkysoft Video Converter Ultimate.lnk => C:\Program Files\iSkysoft\Video Converter Ultimate\VideoConverterUltimate.exe http://search.certif...ortcut&tid=3201
* Shortcut Cleaned: C:\Users\Ran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\jetVideo.lnk => C:\Program Files\JetVideo\JetVideo.exe http://search.certif...ortcut&tid=3201
* Shortcut Cleaned: C:\Users\Ran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk => C:\Windows\System32\control.exe http://search.certif...ortcut&tid=3201
* Shortcut Cleaned: C:\Users\Ran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Spam Motel.lnk => C:\Program Files\SpamMotel\SpamMotel.exe http://search.certif...ortcut&tid=3201
* Shortcut Cleaned: C:\Users\Ran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk => C:\Windows\explorer.exe http://search.certif...ortcut&tid=3201
* Shortcut Cleaned: C:\Users\Ran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk => C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 http://search.certif...ortcut&tid=3201
* Shortcut Cleaned: C:\Users\Ran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wondershare Video Converter Ultimate.lnk => C:\Program Files\Wondershare\Video Converter Ultimate\VideoConverterUltimate.exe http://search.certif...ortcut&tid=3201

Searching C:\Users\Public\Desktop\

Searching C:\Users\Ran\Desktop\

7 bad shortcuts found.

Program finished at: 01/30/2013 09:16:00 AM
Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)
  • 0

#43
gringo_pr
Posted 30 January 2013 - 01:42 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
That tool was made here at BC just for this infection and I found it yesterday

Now I feel good about saying we are done!!!!
  • 0

#44
chermesh
Posted 31 January 2013 - 11:37 AM

chermesh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Well, Gringo, there's still one point I'm unclear about, the S-1-5-21... user. You wrote me that these strange user aren't rare in legitimate circumstances. I got another response from a Hebrew MS Answers forum expert. He wrote that these users are common on systems connected to a domain, and relate to an unrecognized user, who created shortcut in the past. He believed that on a standalone pc, these users can reflect an illegitimate user. His recommendation is to change the name of the owner of my system and to get rid from the current owner.
What's your opinion? Can his answer satisfy your curiosity regarding this phenomenon?

Edited by chermesh, 31 January 2013 - 11:41 AM.

  • 0

#45
gringo_pr
Posted 31 January 2013 - 12:05 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

well you have got me here as I am no expert about windows and its finer points about how it works and what it needs to work. I Know I have seen it lots of times and that I leave it alone without any problems


what I would do is google search " S-1-5-21 " and see what it comes up with
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP