postai Posted August 28, 2013 ID:721775 Share Posted August 28, 2013 Hi, I noticed yesterday that sometimes my Firefox browser redirects my Google searches to some other commercial sites. I think I saw the string TLBSearch on the address bar. Following your instructions, I ran Malwarebytes, but it didn't find anything. Here is the dds.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2Run by Noam Hazon at 12:13:11 on 2013-08-28Microsoft Windows 7 Professional 6.1.7601.1.1255.972.1033.18.7889.5941 [GMT 3:00].AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\ibmpmsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\WUDFHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exeC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ThinkPad\Bluetooth Software\btwdins.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files\Lenovo\Communications Utility\CAMMUTE.exeC:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exeC:\Program Files\Lenovo\Communications Utility\vcamsvc.exeC:\Program Files\LENOVO\VIRTSCRL\lvvsst.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeC:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exeC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\LENOVO\HOTKEY\MICMUTE.exeC:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exeC:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskhost.exeC:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\rundll32.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXEC:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXEC:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Program Files\Lenovo\Communications Utility\TpKnrres.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Microsoft Mouse and Keyboard Center\itype.exeC:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\ThinkPad\Bluetooth Software\BTTray.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Integrated Camera\Monitor.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exeC:\Program Files (x86)\Lenovo\Access Connections\ACTray.exeC:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Dolby Home Theater v4\pcee4.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Windows\system32\rundll32.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXEC:\Program Files\Windows Media Player\wmpnetwk.exeC:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\SysWOW64\RunDll32.exeC:\Windows\system32\taskmgr.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exeC:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exeC:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exeC:\Program Files (x86)\MathType\MathType.exeC:\Windows\system32\taskhost.exeC:\Windows\SysWOW64\rundll32.exeC:\Windows\System32\WUDFHost.exeC:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exeBHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\IPS\IPSBHO.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [Google Update] "C:\Users\Noam Hazon\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [Viber] "C:\Users\Noam Hazon\AppData\Local\Viber\Viber.exe" StartMinimizeduRun: [Pcgaei] rundll32 "C:\Users\Noam Hazon\AppData\Roaming\rasmontr1.dll",CvqmppockmRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"mRun: [integrated Camera_Monitor] C:\Program Files (x86)\Integrated Camera\monitor.exemRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitormRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /bootmRun: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exemRun: [intel AppUp® center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [MobileAccess] C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe -silentExitIfNotFirstmRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostartmRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: DisableCAD = dword:1IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000IE: LastPass - C:\Users\Noam Hazon\AppData\LocalLow\LastPass\context.html?cmd=lastpassIE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105IE: מילוי טפסים של LastPass - C:\Users\Noam Hazon\AppData\LocalLow\LastPass\context.html?cmd=fillformsIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204TCP: NameServer = 132.70.1.18 132.70.1.37 132.70.9.100TCP: Interfaces\{7379C14D-391D-461F-922D-CBF58C2483E0} : DHCPNameServer = 132.70.1.18 132.70.1.37 132.70.9.100TCP: Interfaces\{B5BB61C8-7C09-4E2A-B869-7FB7954A847A}\145534F51344 : DHCPNameServer = 192.168.17.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllNotify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dllSSODL: WebCheck - <orphaned>SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dllSTS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dllLSA: Notification Packages = scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGinamASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dllx64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -sx64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exex64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exex64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServicesx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"x64-Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dllx64-SSODL: WebCheck - <orphaned>x64-SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dllx64-STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dllx64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLHosts: 74.208.10.249 gs.apple.com.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Noam Hazon\AppData\Roaming\Mozilla\Firefox\Profiles\pcf62fa2.default\FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dllFF - plugin: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dllFF - plugin: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Noam Hazon\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Users\Noam Hazon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Noam Hazon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Noam Hazon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Noam Hazon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Users\Noam Hazon\AppData\Roaming\Mozilla\plugins\npo1d.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2013-07-23 21:50; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.============= SERVICES / DRIVERS ===============.R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2012-10-25 29512]R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-10-25 16152]R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymDS64.sys [2011-7-17 451192]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymEFA64.sys [2011-8-28 931448]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20130822.011\BHDrvx64.sys [2013-8-27 1393240]R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20130826.001\IDSviA64.sys [2013-8-27 513184]R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-27 33344]R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\Ironx64.sys [2011-9-14 171128]R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\symnets.sys [2011-9-9 386168]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-25 167736]R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2013-8-14 58664]R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2013-2-11 127072]R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-8-14 73000]R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2013-8-14 187688]R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-12-16 136288]R2 MacheenService;Macheen Service;C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe [2013-4-17 32480]R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-10-25 101888]R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [2011-9-21 137224]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-5-8 583968]R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2013-2-11 145808]R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2013-2-11 125504]R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-19 84080]R2 WebUpdate4;Web Update Wizard Service V4;C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [2013-1-16 278800]R2 WMCoreService;Mobile Broadband Service;C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [2012-10-25 689560]R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-2-8 3386608]R3 AX88178;ASIX AX88178 USB2.0 to Gigabit Ethernet Adapter;C:\Windows\System32\drivers\ax88178.sys [2012-10-22 62976]R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\System32\drivers\BazisVirtualCDBus.sys [2011-6-4 198480]R3 ecnssndis; Mobile Broadband Driver;C:\Windows\System32\drivers\wwuss64.sys [2012-10-25 26664]R3 ecnssndisfltr; Mobile Broadband Driver Filter;C:\Windows\System32\drivers\wwussf64.sys [2012-10-25 29736]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-2-12 138912]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-9 342528]R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-10-25 356120]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-10-25 788760]R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-4-20 25528]R3 l36wgps; Mobile Broadband GPS Port;C:\Windows\System32\drivers\l36wgps64.sys [2012-12-9 103184]R3 l36wscard; Mobile Broadband USIM Port;C:\Windows\System32\drivers\l36wscard.sys [2013-6-16 61992]R3 Mbm3CBus;H5321 gw Mobile Broadband Device (WDM);C:\Windows\System32\drivers\Mbm3CBus.sys [2013-6-16 443208]R3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);C:\Windows\System32\drivers\Mbm3DevMt.sys [2013-6-16 453960]R3 Mbm3mdfl; Mobile Broadband Modem Port Filter;C:\Windows\System32\drivers\Mbm3mdfl.sys [2013-6-16 21832]R3 Mbm3Mdm; Mobile Broadband Modem Port Driver;C:\Windows\System32\drivers\Mbm3Mdm.sys [2013-6-16 506184]R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-10-25 1667368]R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-7-23 44784]R3 SPUVCbv;SPUVCb Driver Service;C:\Windows\System32\drivers\SPUVCBv_x64.sys [2012-5-22 3056248]R3 SSCBFS3;SugarSync CallBack File System driver v3;C:\Windows\System32\drivers\sscbfs3.sys [2013-4-14 347904]R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-7 40248]R3 tvtvcamd;Camera Plus (VGA Resolution Maximum);C:\Windows\System32\drivers\tvtvcamd.sys [2012-10-25 27432]R3 WwanUsbServ;Mobile Broadband Driver;C:\Windows\System32\drivers\WwanUsbMp64.sys [2013-6-16 281840]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-5-30 144992]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-10-25 163368]S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-10-25 594472]S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-10-25 39976]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2013-3-30 320576]S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-4-20 35256]S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-2-8 273136]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-10-25 1664808]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-15 19456]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-15 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-15 30208]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-15 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184].=============== Created Last 30 ================.2013-08-28 08:53:45 -------- d-----w- C:\Users\Noam Hazon\AppData\Roaming\Malwarebytes2013-08-28 08:53:37 -------- d-----w- C:\ProgramData\Malwarebytes2013-08-28 08:53:36 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-08-28 08:53:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-27 13:07:59 458752 --sha-r- C:\Users\Noam Hazon\AppData\Roaming\rasmontr1.dll2013-08-25 12:26:26 -------- d-----w- C:\Users\Noam Hazon\.pdfsam2013-08-25 12:24:12 -------- d-----w- C:\Program Files\PDF Split And Merge Enhanced2013-08-22 12:24:31 -------- d-----w- C:\Users\Noam Hazon\AppData\Roaming\Design Science2013-08-22 12:22:38 -------- d-----w- C:\Program Files (x86)\MathType2013-08-21 00:40:23 17139080 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe2013-08-19 19:39:33 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-08-19 19:39:33 -------- d-----w- C:\Program Files\iTunes2013-08-19 19:39:33 -------- d-----w- C:\Program Files\iPod2013-08-19 19:39:33 -------- d-----w- C:\Program Files (x86)\iTunes2013-08-14 10:39:44 151552 ----a-w- C:\Windows\jpegtran.exe2013-08-14 10:39:44 106496 ----a-w- C:\Windows\jhead.exe2013-08-14 08:11:04 4774272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll2013-08-14 08:11:04 4774272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll.==================== Find3M ====================.2013-08-21 07:16:54 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-21 07:16:54 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-06-26 03:55:00 29512 ----a-w- C:\Windows\System32\drivers\DZHDD64.SYS2013-06-26 03:55:00 2812712 ----a-w- C:\Windows\System32\PWMCP64V.cpl2013-06-26 03:55:00 2692904 ------w- C:\Windows\PWMBTHLV.EXE2013-06-26 03:55:00 20736 ----a-w- C:\Windows\System32\drivers\TPPWR64V.SYS2013-06-23 07:39:07 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-06-23 07:39:07 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-06-23 07:39:07 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2012-12-09 21:34:16 14794312 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe.============= FINISH: 12:13:20.64 =============== And here is the attach file: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 13/11/2012 15:33:08System Uptime: 27/08/2013 06:14:53 (30 hours ago).Motherboard: LENOVO | | 34602SGProcessor: Intel® Core i5-3427U CPU @ 1.80GHz | CPU Socket - U3E1 | 1801/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 211 GiB total, 64.438 GiB free.Q: is FIXED (NTFS) - 18 GiB total, 7.343 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP78: 14/08/2013 15:56:07 - Windows UpdateRP79: 14/08/2013 17:46:03 - Windows UpdateRP80: 22/08/2013 11:53:54 - Scheduled CheckpointRP81: 25/08/2013 15:24:02 - Installed PDF Split And Merge EnhancedRP82: 28/08/2013 10:53:09 - Windows Update.==== Installed Programs ======================.פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקיםAbsolute ReminderAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.03)Apple Application SupportApple Mobile Device SupportApple Software UpdateBeyond Compare 3.3.8BlueGriffon version 1.6.2BonjourCreate Recovery MediaD3DX10Definition Update for Microsoft Office 2010 (KB982726) 64-Bit EditionDisable AMT Profile Synchronization Pop-up for Windows XP/Vista/7Dolby Home Theater v4DropboxEvernote v. 4.2.3Extended Asian Language font pack for Adobe Reader XIGoogle Calendar SyncGoogle ChromeGoogle Talk PluginGoogle Toolbar for Internet ExplorerGoogle Update HelperGPL GhostscriptGSview 5.0Integrated CameraIntel AppUp® centerIntel® Control CenterIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® PROSet/Wireless WiFi Software DriverIntel® SDK for OpenCL - CPU Only Runtime PackageIntel® USB 3.0 eXtensible Host Controller DriverIntel® WiDiIntel® Wireless DisplayIntel® PROSet/Wireless SoftwareIntel® PROSet/Wireless WiFi SoftwareIntel® Trusted Connect Service ClientiTunesJava 7 Update 25Java Auto UpdaterJunk Mail filter updateLastPass(uninstall only)Lenovo Auto Scroll UtilityLenovo Mobile AccessLenovo Mobile Broadband ActivationLenovo Patch UtilityLenovo Patch Utility 64 bitLenovo Power Management DriverLenovo RegistrationLenovo SimpleTapLenovo Solution CenterLenovo System UpdateLenovo USB 2.0 Ethernet AdapterLenovo User GuideLenovo Warranty InformationLenovo WelcomeLinkedIn Outlook ConnectorMalwarebytes Anti-Malware version 1.75.0.1300MathType 6Mesh RuntimeMessage Center PlusMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Mouse and Keyboard CenterMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 32-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 32-bit MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219MiKTeX 2.9Mobile Broadband DriversMozilla Firefox 23.0.1 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64Notepad++On Screen DisplayPDF Split And Merge EnhancedPhoenixRCPower ManagerPuTTY version 0.62QuickTimeRapidBoot ShieldRealtek High Definition Audio DriverRegistry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7RICOH_Media_Driver_v2.14.18.01Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit EditionSKTimeStampSkype Click to CallSkype™ 6.6Splashtop Software UpdaterSplashtop StreamerSugarSyncSumatraPDFSymantec Endpoint ProtectionThinkPad Bluetooth with Enhanced Data Rate SoftwareThinkPad UltraNav DriverThinkVantage Access ConnectionsThinkVantage Communications UtilityThinkVantage Fingerprint SoftwareThinkVantage GPSUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2760631) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2825640) 64-Bit EditionUSB-0401ViberVIP AccessVLC media player 2.0.8WinCDEmuWindows Driver Package - Intel (ISCT) System (08/23/2011 1.0.5.0)Windows Driver Package - Intel System (01/11/2012 9.3.0.1020)Windows Driver Package - Intel System (08/26/2011 9.3.0.1011)Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011)Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20)Windows Driver Package - Synaptics (SmbDrv) System (07/05/2012 16.2.5.0)Windows Driver Package - Synaptics (SynTP) Mouse (07/05/2012 16.2.5.0)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinEdt 7WinEdt 8WinRAR 4.00 (64-bit)WinSCP 5.1.2Xmarks for IEגלריית התמונות של Windows Live.==== Event Viewer Messages From Past Week ========.28/08/2013 09:41:21, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LENOVO.CAMMUTE service.27/08/2013 18:24:02, Error: AX88178 [17] -27/08/2013 17:20:27, Error: bowser [8003] - The master browser has received a server announcement from the computer SASSONO-TOSH that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B5BB61C8-7C09-4E2A-B869-7FB7954A847A}. The master browser is stopping or an election is being forced.26/08/2013 18:24:36, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.26/08/2013 18:24:36, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.26/08/2013 10:59:19, Error: NetBT [4321] - The name "HOME :0" could not be registered on the interface with IP address 10.170.191.139. The computer with the IP address 10.170.186.14 did not allow the name to be claimed by this computer.25/08/2013 23:18:24, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).25/08/2013 09:09:37, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom22/08/2013 09:49:23, Error: NetBT [4321] - The name "HOME :0" could not be registered on the interface with IP address 10.170.189.62. The computer with the IP address 10.170.187.137 did not allow the name to be claimed by this computer..==== End Of File =========================== Thanks! Link to post Share on other sites More sharing options...
MrCharlie Posted August 28, 2013 ID:721837 Share Posted August 28, 2013 Welcome to the forum. Please download and run RogueKiller 32 Bit to your desktop. RogueKiller 64 Bit <---use this one for 64 bit systems Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes) P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. MrC Note: Please read all of my instructions completely including these. Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
postai Posted August 28, 2013 Author ID:721875 Share Posted August 28, 2013 Here is the log: RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Noam Hazon [Admin rights]Mode : Scan -- Date : 08/28/2013 17:22:41| ARK || FAK || MBR |¤¤¤ Bad processes : 2 ¤¤¤[sUSP PATH][DLL] rundll32.exe -- C:\Users\Noam Hazon\AppData\Roaming\rasmontr1.dll [-] -> rundll32.exe KILLED [TermProc][sUSP PATH][DLL] rundll32.exe -- C:\Users\Noam Hazon\AppData\Roaming\rasmontr1.dll [-] -> rundll32.exe KILLED [TermProc]¤¤¤ Registry Entries : 9 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Noam Hazon\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKCU\[...]\Run : Viber ("C:\Users\Noam Hazon\AppData\Local\Viber\Viber.exe" StartMinimized [-][x]) -> FOUND[RUN][sUSP PATH] HKCU\[...]\Run : Pcgaei (rundll32 "C:\Users\Noam Hazon\AppData\Roaming\rasmontr1.dll",Cvqmppock [x][-][x]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1744595492-4274406084-2480981552-1000\[...]\Run : Google Update ("C:\Users\Noam Hazon\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1744595492-4274406084-2480981552-1000\[...]\Run : Viber ("C:\Users\Noam Hazon\AppData\Local\Viber\Viber.exe" StartMinimized [-][x]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1744595492-4274406084-2480981552-1000\[...]\Run : Pcgaei (rundll32 "C:\Users\Noam Hazon\AppData\Roaming\rasmontr1.dll",Cvqmppock [x][-][x]) -> FOUND[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 4 ¤¤¤[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1744595492-4274406084-2480981552-1000UA.job : C:\Users\Noam Hazon\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1744595492-4274406084-2480981552-1000Core.job : C:\Users\Noam Hazon\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1744595492-4274406084-2480981552-1000Core : C:\Users\Noam Hazon\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1744595492-4274406084-2480981552-1000UA : C:\Users\Noam Hazon\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts74.208.10.249 gs.apple.com¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: SanDisk SD5SG2256G1052E +++++--- User ---[MBR] 4b196b127e009c1a5865049e524ceebb[bSP] 03dc9b7a3754631ea7ae9aca9f221b7b : MBR Code unknownPartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 216504 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 446474240 | Size: 18000 Mo3 - [XXXXXX] OS/2-HIBER (0x84) [HIDDEN!] Offset (sectors): 483338240 | Size: 8192 MoUser = LL1 ... OK!User != LL2 ... KO!--- LL2 ---[MBR] c896cc4acf1e72bd424966d22357aa10[bSP] 4b4bebe8c85c4c4fac14771184d88eca : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 216504 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 446474240 | Size: 18000 Mo3 - [XXXXXX] OS/2-HIBER (0x84) [HIDDEN!] Offset (sectors): 483338240 | Size: 8192 MoFinished : << RKreport[0]_S_08282013_172241.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted August 28, 2013 ID:721886 Share Posted August 28, 2013 Run RogueKiller again and click ScanWhen the scan completes > click on the Registry tabPut a check next to all of these and uncheck the rest: (if found) [RUN][sUSP PATH] HKCU\[...]\Run : Pcgaei (rundll32 "C:\Users\Noam Hazon\AppData\Roaming\rasmontr1.dll",Cvqmppock [x][-][x]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1744595492-4274406084-2480981552-1000\[...]\Run : Pcgaei (rundll32 "C:\Users\Noam Hazon\AppData\Roaming\rasmontr1.dll",Cvqmppock [x][-][x]) -> FOUNDNow click Delete on the right hand column under Options-------------Next click on the Processes tab and put a check next to these and uncheck the rest. (if found) [sUSP PATH][DLL] rundll32.exe -- C:\Users\Noam Hazon\AppData\Roaming\rasmontr1.dll [-] -> rundll32.exe KILLED [TermProc][sUSP PATH][DLL] rundll32.exe -- C:\Users\Noam Hazon\AppData\Roaming\rasmontr1.dll [-] -> rundll32.exe KILLED [TermProc]Now click Delete on the right hand column under Options-------------Then..........Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed:Bottom right corner of this page.New window that comes up.~~~~~~~~~~~~~~~~~~~~~~~Note:If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet accessWindows UpdateWindows FirewallIf there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.Just run fixdamage.exe.Verify that they are now functioning normally.MrC Link to post Share on other sites More sharing options...
postai Posted August 28, 2013 Author ID:721899 Share Posted August 28, 2013 OK, the scan of mbar.exe didn't find any problem, so no cleanup was needed.I am attaching the logs.mbar-log-2013-08-28 (18-25-40).txtsystem-log.txt Link to post Share on other sites More sharing options...
MrCharlie Posted August 28, 2013 ID:721912 Share Posted August 28, 2013 OK, please do this: Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.If you agree with everything listed to be removed in the folders section........... Double click on AdwCleaner.exe to run the tool again.Click on the Scan button.AdwCleaner will begin to scan your computer like it did before.After the scan has finished...This time click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.Press OK again to allow AdwCleaner to restart the computer and complete the removal process.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Then.................. Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
postai Posted August 28, 2013 Author ID:721979 Share Posted August 28, 2013 This is the first log file. Can I proceed with the clean? # AdwCleaner v3.001 - Report created 28/08/2013 at 21:03:46# Updated 24/08/2013 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : Noam Hazon - NOAMHAZON-THINK# Running from : C:\Users\Noam Hazon\Desktop\AdwCleaner.exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] *****Folder Found C:\ProgramData\PartnerFolder Found C:\Users\Noam Hazon\AppData\Roaming\Mozilla\Firefox\Profiles\pcf62fa2.default\jetpack***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Classes\SKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}***** [ Browsers ] *****-\\ Internet Explorer v10.0.9200.16660-\\ Mozilla Firefox v23.0.1 (en-US)[ File : C:\Users\Noam Hazon\AppData\Roaming\Mozilla\Firefox\Profiles\pcf62fa2.default\prefs.js ]-\\ Google Chrome v29.0.1547.57[ File : C:\Users\Noam Hazon\AppData\Local\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R0].txt - [1983 octets] - [28/08/2013 21:03:46]########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2043 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted August 28, 2013 ID:721984 Share Posted August 28, 2013 Yes..clean it.....MrC Link to post Share on other sites More sharing options...
postai Posted August 28, 2013 Author ID:722020 Share Posted August 28, 2013 Ok, here is the log of AdwCleaner: # AdwCleaner v3.001 - Report created 28/08/2013 at 22:29:40# Updated 24/08/2013 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : Noam Hazon - NOAMHAZON-THINK# Running from : C:\Users\Noam Hazon\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\PartnerFolder Deleted : C:\Users\Noam Hazon\AppData\Roaming\Mozilla\Firefox\Profiles\pcf62fa2.default\jetpack***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\SKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}***** [ Browsers ] *****-\\ Internet Explorer v10.0.9200.16660-\\ Mozilla Firefox v23.0.1 (en-US)[ File : C:\Users\Noam Hazon\AppData\Roaming\Mozilla\Firefox\Profiles\pcf62fa2.default\prefs.js ]-\\ Google Chrome v29.0.1547.57[ File : C:\Users\Noam Hazon\AppData\Local\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R0].txt - [2135 octets] - [28/08/2013 21:03:46]AdwCleaner[R1].txt - [2195 octets] - [28/08/2013 22:28:39]AdwCleaner[s0].txt - [2134 octets] - [28/08/2013 22:29:40]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2194 octets] ########## And here is the log of MalwareBytes (which didn't find anything): Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.08.28.07Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16660Noam Hazon :: NOAMHAZON-THINK [administrator]28/08/2013 22:33:47mbam-log-2013-08-28 (22-33-47).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 224118Time elapsed: 2 minute(s), 55 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) I didn't notice any redirecting anymore, but I would like to give it some time and see if it's indeed completely behind me. Thanks! Link to post Share on other sites More sharing options...
MrCharlie Posted August 28, 2013 ID:722022 Share Posted August 28, 2013 OK, let me know. You might want to run this cleaner also: Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.MrC Link to post Share on other sites More sharing options...
postai Posted August 29, 2013 Author ID:722242 Share Posted August 29, 2013 Here are the contents of JRT.txt: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.5.5 (08.28.2013:1)OS: Windows 7 Professional x64Ran by Noam Hazon on Thu 08/29/2013 at 9:23:56.08~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ServicesSuccessfully stopped: [service] ssuserviceSuccessfully deleted: [service] ssuservice~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\splashtop"Successfully deleted: [Folder] "C:\Program Files (x86)\splashtop"Successfully deleted: [Empty Folder] C:\Users\Noam Hazon\appdata\local\{9FD1F137-466D-452C-83F4-8E0D79E96B33}Successfully deleted: [Empty Folder] C:\Users\Noam Hazon\appdata\local\{A85F7026-D76D-41E8-9761-71DC3CE17A14}~~~ FireFoxEmptied folder: C:\Users\Noam Hazon\AppData\Roaming\mozilla\firefox\profiles\pcf62fa2.default\minidumps [32 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 08/29/2013 at 9:29:37.80End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
MrCharlie Posted August 29, 2013 ID:722333 Share Posted August 29, 2013 OK, let me know how it is....MrC Link to post Share on other sites More sharing options...
MrCharlie Posted September 1, 2013 ID:723720 Share Posted September 1, 2013 How are we doing??? MrC Link to post Share on other sites More sharing options...
postai Posted September 2, 2013 Author ID:724065 Share Posted September 2, 2013 It seems fine till now.I had problems with the Internet connection yesterday (which I fixed), but I believe it does not relate to the original problem.Thanks! Link to post Share on other sites More sharing options...
MrCharlie Posted September 2, 2013 ID:724100 Share Posted September 2, 2013 Good...... Lets check your computers security before you go and we have a little cleanup to do also: Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.If you get Unsupported operating system. Aborting now, just reboot and try again.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
postai Posted September 2, 2013 Author ID:724257 Share Posted September 2, 2013 Here it is: Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Symantec Endpoint Protection WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.8.800.94 Adobe Reader XI Mozilla Firefox (23.0.1) Google Chrome 29.0.1547.57 Google Chrome 29.0.1547.62 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe`````````````````System Health check````````````````` Total Fragmentation on Drive C: 5%````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted September 2, 2013 ID:724261 Share Posted September 2, 2013 That looks Good....... A little clean up to do.... Please Uninstall ComboFix: (if you used it) Press the Windows logo key + R to bring up the "run box" Copy and paste next command in the field: ComboFix /uninstall Make sure there's a space between Combofix and / Then hit enter. This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point (If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller) --------------------------------- If you used FRST: Download the fixlist.txt to the same folder as FRST. Run FRST and click Fix only once and wait That will delete the quarantine folder created by FRST. ----------------------------- Please download OTC to your desktop. http://oldtimer.geekstogo.com/OTC.exe Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator") Click on the CleanUp! button and follow the prompts. (If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.) You will be asked to reboot the machine to finish the Cleanup process, choose Yes. After the reboot all the tools we used should be gone. Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind. Any other programs or logs you can manually delete. IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall. ------------------------------- Any questions...please post back. If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed. Take a look at My Preventive Maintenance to avoid being infected again. Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
LDTate Posted September 3, 2013 ID:724608 Share Posted September 3, 2013 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts