TechSpot

Another case of Win64/Patched.A Trojan

Solved
By Baruch
Nov 22, 2012
  1. Baruch

    Baruch TS Rookie Topic Starter Posts: 35

    OTL logfile created on: 28/11/2012 0:11:37 - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barukh\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

    3,87 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 54,85% Memory free
    7,73 Gb Paging File | 5,53 Gb Available in Paging File | 71,49% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 421,81 Gb Total Space | 205,63 Gb Free Space | 48,75% Space Free | Partition Type: NTFS
    Drive D: | 29,00 Gb Total Space | 28,01 Gb Free Space | 96,59% Space Free | Partition Type: NTFS

    Computer Name: BARUKH-PC | User Name: Barukh | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2012/11/27 08:36:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Barukh\Desktop\OTL.exe
    PRC - [2012/11/21 20:32:30 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    PRC - [2012/11/21 20:32:26 | 018,877,320 | ---- | M] (Lavasoft Limited) -- C:\PROGRA~2\AD-AWA~1\AdAware.exe
    PRC - [2012/11/17 17:46:45 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Barukh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    PRC - [2012/11/16 11:09:00 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    PRC - [2012/11/06 23:16:50 | 000,485,272 | ---- | M] (Lavasoft.) -- C:\ProgramData\Search Protection\SearchProtection.exe
    PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/09/29 19:37:31 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
    PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
    PRC - [2012/07/27 22:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/05/15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/05/12 21:42:21 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    PRC - [2012/04/17 17:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2011/09/28 09:45:12 | 000,885,160 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe
    PRC - [2011/09/28 09:45:10 | 002,656,680 | ---- | M] (Ashampoo Development GmbH & Co. KG) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe
    PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
    PRC - [2010/12/10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\DAODB\MSSQL.2\MSSQL\Binn\sqlservr.exe
    PRC - [2010/10/20 15:52:54 | 000,685,056 | ---- | M] (Ancestry.com) -- C:\Program Files (x86)\Family Tree Maker 2011\FTM.exe
    PRC - [2010/01/25 16:11:40 | 000,224,352 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\YouCam\YouCam.exe
    PRC - [2010/01/25 16:11:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
    PRC - [2009/12/23 19:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2009/12/23 19:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2009/12/09 10:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/12/09 10:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/09/15 12:29:16 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE
    PRC - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    PRC - [2008/12/08 16:02:18 | 000,147,456 | ---- | M] (ScreenCapturer.com) -- C:\Program Files (x86)\Screen Capturer\ScreenCapturer.exe
    PRC - [2008/01/16 11:56:40 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/16 03:55:09 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll
    MOD - [2012/11/16 03:46:31 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
    MOD - [2012/11/16 03:46:25 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
    MOD - [2012/11/16 03:45:52 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
    MOD - [2012/11/16 03:45:45 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
    MOD - [2012/11/16 03:45:29 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
    MOD - [2012/11/16 03:45:26 | 000,680,448 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll
    MOD - [2012/11/16 03:45:23 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
    MOD - [2012/11/16 03:45:19 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
    MOD - [2012/11/16 03:45:17 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
    MOD - [2012/11/16 03:45:10 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
    MOD - [2010/11/13 01:35:42 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll
    MOD - [2010/03/21 20:18:19 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_es_b77a5c561934e089\System.Runtime.Remoting.resources.dll
    MOD - [2008/12/08 16:04:32 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Screen Capturer\Extensions\ScreenCapture\bin\TaksiDll.dll


    ========== Services (SafeList) ==========

    SRV - [2012/11/21 20:32:30 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
    SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/10/29 23:54:52 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012/10/09 18:20:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
    SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/06/15 11:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2012/05/15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/05/15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/02/06 20:37:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/09/28 09:45:12 | 000,885,160 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe -- (WO_LiveService)
    SRV - [2011/08/12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV - [2011/03/28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/12/10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\DAODB\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET)
    SRV - [2010/12/10 16:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
    SRV - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/23 19:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2009/12/09 10:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009/12/09 10:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/09/22 20:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Archivos de programa\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
    SRV - [2009/08/24 22:16:12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS64.exe -- (DfSdkS)
    SRV - [2009/08/14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Archivos de programa\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
    SRV - [2009/08/11 18:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Archivos de programa\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2009/07/16 05:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
    SRV - [2009/07/14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
    SRV - [2009/07/14 16:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
    SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
    SRV - [2008/01/16 11:56:40 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/06/09 07:57:47 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer)
    DRV - [2011/03/08 06:01:06 | 000,012,824 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor64.sys -- (LiveTunerPM)
    DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2680363


    IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.lavasoft.com/?so...retb&v=2_2&u=B41A0C9938D67DBFA00C4650B247B0DF
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.lavasoft.com/?so...1A0C9938D67DBFA00C4650B247B0DF&q={searchTerms}
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2680363
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\SearchScopes\{C9EDFD97-957D-46D0-BC46-F9FCBDEF699D}: "URL" = http://es.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\SearchScopes\{F9FE1341-82F0-44DA-BEF5-9A3588B680BA}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
    FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.9
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..browser.startup.homepage: "http://safesearchr.lavasoft.com/?so...retb&v=2_2&u=B41A0C9938D67DBFA00C4650B247B0DF"
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Barukh\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Barukh\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox [2011/09/03 19:27:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\RelevantKnowledge
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/29 19:37:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/11/08 17:05:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/23 13:09:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/29 19:37:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/29 19:37:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/08 17:06:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/29 23:54:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2012/01/27 14:07:44 | 000,000,000 | ---D | M]
     
  2. Baruch

    Baruch TS Rookie Topic Starter Posts: 35

    [2010/12/04 18:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barukh\AppData\Roaming\mozilla\Extensions
    [2010/09/27 15:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barukh\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2012/11/26 08:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barukh\AppData\Roaming\mozilla\Firefox\Profiles\rvjqfgf8.default\extensions
    [2011/08/31 23:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barukh\AppData\Roaming\mozilla\Firefox\Profiles\rvjqfgf8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2012/11/25 18:30:54 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\Barukh\AppData\Roaming\mozilla\Firefox\Profiles\rvjqfgf8.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
    [2012/09/03 09:35:59 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Barukh\AppData\Roaming\mozilla\Firefox\Profiles\rvjqfgf8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2012/11/08 13:59:39 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Barukh\AppData\Roaming\mozilla\Firefox\Profiles\rvjqfgf8.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    [2011/08/31 23:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barukh\AppData\Roaming\mozilla\Firefox\Profiles\rvjqfgf8.default\extensions\staged-xpis
    [2011/03/07 11:14:46 | 000,322,940 | ---- | M] () (No name found) -- C:\Users\Barukh\AppData\Roaming\mozilla\firefox\profiles\rvjqfgf8.default\extensions\staged-xpis\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\flashgot.xpi
    [2012/10/22 06:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2012/05/22 21:21:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2010/12/19 22:13:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/13 08:37:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/30 22:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/08/26 09:17:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
    [2012/08/31 08:02:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/10/22 06:40:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2012/09/29 19:37:41 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
    [2012/11/25 18:31:19 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
    [2011/08/28 19:28:39 | 000,003,996 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
    [2011/08/28 19:28:39 | 000,000,751 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
    [2011/08/28 19:28:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
    [2011/08/28 19:28:40 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

    ========== Chrome ==========

    CHR - homepage: http://sites.google.com/site/majlakasefaradit/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://sites.google.com/site/majlakasefaradit/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Barukh\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Barukh\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Barukh\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Chrome SVD extension (Enabled) = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\lib/npdownloaderchrome.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
    CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.114_0\npqscan.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Barukh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: RuneScape = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajjblpfpopipimofkhbglcoeknpnfijj\1.1_0\
    CHR - Extension: Xmarks Bookmark Sync = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
    CHR - Extension: Xmarks Bookmark Sync = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
    CHR - Extension: Angry Birds = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: JewishMusic Stream = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aogpohpdlalgbanndjocbimokbklkfbh\1.1.6_0\
    CHR - Extension: Dead Frontier = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dglbaehakkaojfihjkgkpknbjldhhmmn\1.1_0\
    CHR - Extension: SpeedBit Video Downloader = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\
    CHR - Extension: SiteAdvisor = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
    CHR - Extension: Delicious Tools = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclkcflnjahgejhappicbhcpllkpakej\1.5.2_0\
    CHR - Extension: Chanukah Mahjong = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmnfhgfgegkdjejlhocenjhhenobgpkm\1.0.0.1_0\
    CHR - Extension: Minimal = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfhcmjkebafbfikmbkhdpbmfpfjgiog\1.0_0\
    CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
    CHR - Extension: Bookmarks = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihaibgdemjcpnllmndlpdkfiggadlcgi\0.9_0\
    CHR - Extension: Lord of Ultima = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.12_0\
    CHR - Extension: Full Hebrew Bible (Tanakh) - kipshuto = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpcegmbhbonmpfeambcjgohkgnlgficb\1_0\
    CHR - Extension: Save in Delicious = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnejbeiilmbliffhdepeobjemekgdnok\0.998_1\
    CHR - Extension: Plants vs Zombies = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
    CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
    CHR - Extension: Bitdefender QuickScan = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\

    O1 HOSTS File: ([2012/11/25 18:11:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\grabber.dll (SpeedBit)
    O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat ()
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
    O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003..\Run: [Akamai NetSession Interface] "C:\Users\Barukh\AppData\Local\Akamai\netsession_win.exe" File not found
    O4 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003..\Run: [SkyDrive] C:\Users\Barukh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Barukh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Screen Capturer.lnk = C:\Program Files (x86)\Screen Capturer\ScreenCapturer.exe (ScreenCapturer.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
    O7 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Barukh\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Barukh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: Enviar a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Enviar a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..Trusted Domains: clonewarsadventures.com ([]* in Sitios de confianza)
    O15 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..Trusted Domains: freerealms.com ([]* in Sitios de confianza)
    O15 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..Trusted Domains: soe.com ([]* in Sitios de confianza)
    O15 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..Trusted Domains: sony.com ([]* in Sitios de confianza)
    O16 - DPF: {3743E8B0-BE34-4652-9F11-7C4EB22F39B9} http://www.responsa.co.il/NetisUtils/install/safeview.cab (HtmlCtl2 Class)
    O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.es/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1709699A-2147-4002-9CB6-E808818F0014}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75E2F20D-6D5C-46A2-B53D-3A5D0C489BA0}: DhcpNameServer = 192.168.16.3
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
  3. Baruch

    Baruch TS Rookie Topic Starter Posts: 35

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/27 08:36:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Barukh\Desktop\OTL.exe
    [2012/11/25 20:50:36 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Roaming\AVG2013
    [2012/11/25 20:46:31 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Roaming\TuneUp Software
    [2012/11/25 20:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/11/25 20:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
    [2012/11/25 18:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
    [2012/11/25 18:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
    [2012/11/25 18:31:37 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Local\adawarebp
    [2012/11/25 18:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
    [2012/11/25 18:23:22 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Local\MFAData
    [2012/11/25 18:23:22 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Local\Avg2013
    [2012/11/25 18:18:03 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2012/11/25 18:17:26 | 000,000,000 | -H-D | C] -- C:\SkyDriveTemp
    [2012/11/25 18:11:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/25 17:54:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/11/25 17:54:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/11/25 17:54:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/11/25 17:54:51 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/11/25 17:40:06 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/25 17:39:46 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2012/11/25 17:27:16 | 005,006,177 | R--- | C] (Swearware) -- C:\Users\Barukh\Desktop\ComboFix.exe
    [2012/11/23 08:28:01 | 000,000,000 | ---D | C] -- C:\Users\Barukh\Desktop\mbar
    [2012/11/23 07:50:24 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/11/23 01:10:58 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Barukh\Desktop\dds.com
    [2012/11/23 00:47:55 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Barukh\Desktop\mbam-setup-1.65.1.1000.exe
    [2012/11/22 20:54:03 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
    [2012/11/17 20:17:56 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pid 1.00
    [2012/11/17 19:59:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
    [2012/11/15 22:05:25 | 000,000,000 | ---D | C] -- C:\Users\Barukh\Documents\Sherlock Holmes versus Jack the Ripper walkthrough_files
    [2012/11/15 17:06:22 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Roaming\Games
    [2012/11/15 16:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
    [2012/11/15 10:50:22 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\AGEIA
    [2012/11/15 10:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
    [2012/11/15 10:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Adventure Company
    [2012/11/15 10:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Adventure Company
    [2012/11/11 21:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2012/11/10 20:00:13 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Local\VisualBeeClient
    [2012/11/10 19:58:03 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Local\VisualBeeExe
    [2012/11/10 19:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
    [2012/11/09 02:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
    [2012/11/09 00:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
    [2012/11/09 00:24:56 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Roaming\BSplayer
    [2012/11/08 16:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
    [2012/11/08 16:42:46 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Roaming\LavasoftStatistics
    [2012/11/08 14:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
    [2012/11/08 13:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
    [2012/11/08 13:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
    [2012/11/08 13:57:56 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Roaming\Ad-Aware Antivirus
    [2012/11/06 22:30:11 | 000,000,000 | ---D | C] -- C:\Users\Barukh\Documents\Sherlock Holmes 6 The Testament of Sherlock Holmes walkthrough_files
    [2012/11/06 16:02:39 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Roaming\Frogwares
    [2012/11/06 15:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Home Interactive
    [2012/11/06 15:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Focus
    [2012/11/06 11:17:58 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Local\DVDVideoSoft_Ltd
    [2012/11/06 11:15:14 | 000,000,000 | ---D | C] -- C:\Users\Barukh\Documents\DVDVideoSoft
    [2012/11/03 21:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
    [2012/11/03 21:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
    [2012/10/29 23:54:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
    [2011/12/25 18:36:12 | 003,498,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\vstor40_x64.exe
    [2011/12/25 18:35:26 | 001,343,488 | ---- | C] (Distribuido por: Maxi Gramar SL) -- C:\Program Files (x86)\wcwdes10.dll
    [2010/11/21 00:51:18 | 002,790,864 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files (x86)\install_flash_player.exe
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    [2 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/28 00:04:00 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/27 23:40:00 | 000,001,114 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1373113754-2393914652-2236859404-1003UA.job
    [2012/11/27 23:20:00 | 000,000,838 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/11/27 22:04:00 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/27 08:36:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Barukh\Desktop\OTL.exe
    [2012/11/27 01:40:00 | 000,001,062 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1373113754-2393914652-2236859404-1003Core.job
    [2012/11/26 21:03:34 | 010,485,760 | ---- | M] () -- C:\Users\Barukh\Documents\Alumnos1.accdb
    [2012/11/26 20:34:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/11/26 08:52:58 | 000,054,049 | ---- | M] () -- C:\Users\Barukh\Desktop\otl.png
    [2012/11/26 08:40:22 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    [2012/11/26 08:38:57 | 3113,365,504 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/25 22:58:55 | 000,000,953 | ---- | M] () -- C:\windows\Kaluach3.INI
    [2012/11/25 20:46:31 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/11/25 17:27:18 | 005,006,177 | R--- | M] (Swearware) -- C:\Users\Barukh\Desktop\ComboFix.exe
    [2012/11/25 15:10:23 | 000,418,314 | ---- | M] () -- C:\Users\Barukh\Documents\Aliyot.pdf
    [2012/11/25 15:05:16 | 000,351,574 | ---- | M] () -- C:\Users\Barukh\Documents\Listado para Rabanim.pdf
    [2012/11/25 15:03:50 | 000,522,832 | ---- | M] () -- C:\Users\Barukh\Documents\Lista para tiulim.pdf
    [2012/11/25 15:02:59 | 000,553,269 | ---- | M] () -- C:\Users\Barukh\Documents\Habitaciones.pdf
    [2012/11/25 15:02:09 | 000,401,786 | ---- | M] () -- C:\Users\Barukh\Documents\Alumnos en activo.pdf
    [2012/11/23 08:27:48 | 012,961,620 | ---- | M] () -- C:\Users\Barukh\Desktop\mbar-1.01.0.1009.zip
    [2012/11/23 01:11:27 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Barukh\Desktop\dds.com
    [2012/11/23 00:48:56 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/23 00:48:30 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Barukh\Desktop\mbam-setup-1.65.1.1000.exe
    [2012/11/22 09:01:14 | 000,000,064 | ---- | M] () -- C:\windows\SysWow64\rp_stats.dat
    [2012/11/22 09:01:14 | 000,000,044 | ---- | M] () -- C:\windows\SysWow64\rp_rules.dat
    [2012/11/17 20:19:43 | 561,565,173 | ---- | M] () -- C:\windows\MEMORY.DMP
    [2012/11/16 11:25:47 | 002,777,248 | ---- | M] () -- C:\Users\Barukh\Desktop\Escandalo_en_Bohemia.pdf
    [2012/11/15 22:05:25 | 000,225,821 | ---- | M] () -- C:\Users\Barukh\Documents\Sherlock Holmes versus Jack the Ripper walkthrough.htm
    [2012/11/15 10:48:48 | 000,002,393 | ---- | M] () -- C:\Users\Public\Desktop\Play Sherlock Holmes versus Jack the Ripper.lnk
    [2012/11/13 00:28:47 | 000,001,188 | ---- | M] () -- C:\windows\SysWow64\ServiceConfig.xml
    [2012/11/09 01:44:54 | 000,519,504 | ---- | M] () -- C:\Users\Barukh\Documents\Hora Butxaca.pdf
    [2012/11/08 22:15:44 | 001,780,698 | ---- | M] () -- C:\Users\Barukh\Documents\Horari Butxaca.pdf
    [2012/11/08 17:06:10 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    [2012/11/06 22:30:11 | 000,343,977 | ---- | M] () -- C:\Users\Barukh\Documents\Sherlock Holmes 6 The Testament of Sherlock Holmes walkthrough.htm
    [2012/11/06 15:44:00 | 000,001,399 | ---- | M] () -- C:\Users\Public\Desktop\Jugar a El testamento de Sherlock Holmes.lnk
    [2012/11/04 20:01:23 | 001,378,413 | ---- | M] () -- C:\Users\Barukh\Desktop\Tefilá.pdf
    [2012/11/03 21:09:28 | 000,001,243 | ---- | M] () -- C:\Users\Barukh\Desktop\DVDVideoSoft Free Studio.lnk
    [2012/10/30 15:54:50 | 000,158,952 | ---- | M] () -- C:\Users\Barukh\Documents\Edición propia, impresión de libros y publicación en línea - Lulu.pdf
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    [2 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/11/26 08:52:58 | 000,054,049 | ---- | C] () -- C:\Users\Barukh\Desktop\otl.png
    [2012/11/25 20:46:31 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/11/25 18:32:52 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    [2012/11/25 17:54:58 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/11/25 17:54:58 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/11/25 17:54:58 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/11/25 17:54:58 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/11/25 17:54:58 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/11/25 15:10:21 | 000,418,314 | ---- | C] () -- C:\Users\Barukh\Documents\Aliyot.pdf
    [2012/11/25 15:05:15 | 000,351,574 | ---- | C] () -- C:\Users\Barukh\Documents\Listado para Rabanim.pdf
    [2012/11/25 15:03:44 | 000,522,832 | ---- | C] () -- C:\Users\Barukh\Documents\Lista para tiulim.pdf
    [2012/11/25 15:02:58 | 000,553,269 | ---- | C] () -- C:\Users\Barukh\Documents\Habitaciones.pdf
    [2012/11/25 15:02:08 | 000,401,786 | ---- | C] () -- C:\Users\Barukh\Documents\Alumnos en activo.pdf
    [2012/11/23 08:27:07 | 012,961,620 | ---- | C] () -- C:\Users\Barukh\Desktop\mbar-1.01.0.1009.zip
    [2012/11/23 00:48:56 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/17 20:19:43 | 561,565,173 | ---- | C] () -- C:\windows\MEMORY.DMP
    [2012/11/16 11:25:46 | 002,777,248 | ---- | C] () -- C:\Users\Barukh\Desktop\Escandalo_en_Bohemia.pdf
    [2012/11/15 22:05:24 | 000,225,821 | ---- | C] () -- C:\Users\Barukh\Documents\Sherlock Holmes versus Jack the Ripper walkthrough.htm
    [2012/11/15 10:48:48 | 000,002,393 | ---- | C] () -- C:\Users\Public\Desktop\Play Sherlock Holmes versus Jack the Ripper.lnk
    [2012/11/13 00:28:47 | 000,001,188 | ---- | C] () -- C:\windows\SysWow64\ServiceConfig.xml
    [2012/11/08 22:15:32 | 001,780,698 | ---- | C] () -- C:\Users\Barukh\Documents\Horari Butxaca.pdf
    [2012/11/06 22:30:08 | 000,343,977 | ---- | C] () -- C:\Users\Barukh\Documents\Sherlock Holmes 6 The Testament of Sherlock Holmes walkthrough.htm
    [2012/11/06 15:44:00 | 000,001,399 | ---- | C] () -- C:\Users\Public\Desktop\Jugar a El testamento de Sherlock Holmes.lnk
    [2012/11/06 15:06:31 | 000,519,504 | ---- | C] () -- C:\Users\Barukh\Documents\Hora Butxaca.pdf
    [2012/11/04 20:01:22 | 001,378,413 | ---- | C] () -- C:\Users\Barukh\Desktop\Tefilá.pdf
    [2012/10/30 15:54:50 | 000,158,952 | ---- | C] () -- C:\Users\Barukh\Documents\Edición propia, impresión de libros y publicación en línea - Lulu.pdf
    [2012/10/24 22:36:06 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
    [2012/09/27 21:08:07 | 000,000,028 | ---- | C] () -- C:\windows\pdf995.ini
    [2012/09/07 07:56:34 | 000,027,520 | ---- | C] () -- C:\Users\Barukh\AppData\Local\dt.dat
    [2012/08/10 11:22:58 | 000,000,132 | ---- | C] () -- C:\Users\Barukh\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012/05/15 01:21:50 | 000,423,744 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe
    [2011/12/25 18:39:30 | 000,897,024 | ---- | C] () -- C:\windows\SysWow64\Dewdes10.exe
    [2011/12/25 18:35:26 | 001,534,568 | ---- | C] () -- C:\Program Files (x86)\wcth_es.lex
    [2011/12/25 18:35:26 | 001,448,061 | ---- | C] () -- C:\Program Files (x86)\wcsin_es.lex
    [2011/12/25 18:35:26 | 000,897,024 | ---- | C] () -- C:\Program Files (x86)\Instalar.exe
    [2011/12/25 18:35:26 | 000,441,394 | ---- | C] () -- C:\Program Files (x86)\wcmed_es.lex
    [2011/12/25 18:35:26 | 000,225,280 | ---- | C] () -- C:\Program Files (x86)\wcwdes05.wll
    [2011/12/25 18:35:26 | 000,143,360 | ---- | C] () -- C:\Program Files (x86)\Updatewcwdes10.exe
    [2011/12/25 18:35:26 | 000,118,448 | ---- | C] () -- C:\Program Files (x86)\wcrec_es.lex
    [2011/12/25 18:35:26 | 000,084,027 | ---- | C] () -- C:\Program Files (x86)\wctop_es.lex
    [2011/12/25 18:35:26 | 000,014,280 | ---- | C] () -- C:\Program Files (x86)\wcinf_es.lex
    [2011/12/25 18:35:26 | 000,004,597 | ---- | C] () -- C:\Program Files (x86)\wcjur_es.lex
    [2011/12/25 18:35:26 | 000,002,648 | ---- | C] () -- C:\Program Files (x86)\Archivos.ini
    [2011/12/25 18:35:26 | 000,000,195 | ---- | C] () -- C:\Program Files (x86)\wccau_es.lex
    [2011/12/25 18:35:26 | 000,000,127 | ---- | C] () -- C:\Program Files (x86)\wcdia_es.lex
    [2011/12/25 18:35:26 | 000,000,031 | ---- | C] () -- C:\Program Files (x86)\wcper_es.lex
    [2011/09/03 19:27:47 | 000,109,216 | ---- | C] () -- C:\windows\SysWow64\EasyHook64.dll
    [2011/09/03 19:27:47 | 000,084,480 | ---- | C] () -- C:\windows\SysWow64\EasyHook32.dll
    [2011/08/05 00:08:17 | 000,000,059 | ---- | C] () -- C:\windows\wpd99.drv
    [2011/08/05 00:08:14 | 000,047,616 | ---- | C] () -- C:\windows\SysWow64\pdf995mon64.dll
    [2011/06/12 07:55:52 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat
    [2011/06/12 07:55:52 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat
    [2011/05/31 07:38:30 | 000,000,008 | ---- | C] () -- C:\windows\SysWow64\PROTOCOL.INI
    [2011/04/28 17:12:15 | 000,005,137 | ---- | C] () -- C:\Users\Barukh\.recently-used.xbel
    [2011/04/12 00:00:23 | 000,000,000 | ---- | C] () -- C:\windows\Nancy Drew 1 Secrets Can Kill.INI
    [2011/03/29 18:12:09 | 000,003,584 | ---- | C] () -- C:\Users\Barukh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/04 19:12:52 | 000,000,129 | ---- | C] () -- C:\Users\Barukh\jagex_runescape_preferences2.dat
    [2011/01/04 19:10:05 | 000,000,035 | ---- | C] () -- C:\Users\Barukh\jagex_runescape_preferences.dat
    [2010/12/20 08:55:58 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
    [2010/12/12 13:49:46 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
    [2010/12/05 00:32:56 | 000,000,024 | ---- | C] () -- C:\windows\SysWow64\sysogg.dll
    [2010/12/05 00:31:56 | 000,233,472 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll
    [2010/12/04 20:08:40 | 000,246,784 | ---- | C] () -- C:\windows\SysWow64\sqlite3.dll
    [2010/12/04 18:35:08 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
    [2010/11/30 22:55:33 | 000,010,240 | ---- | C] () -- C:\windows\SysWow64\virport.dll
    [2010/11/29 20:18:04 | 000,000,051 | ---- | C] () -- C:\windows\SysWow64\systemwindow.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/11/09 02:06:12 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Ad-Aware Antivirus
    [2012/04/27 10:28:16 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Ahnenblatt
    [2010/09/27 17:29:58 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\ArcSyncConfig
    [2011/04/06 14:13:17 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Artogon
    [2012/01/27 14:07:36 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\AVG2012
    [2012/11/25 20:50:36 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\AVG2013
    [2011/03/26 23:42:55 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Big Fish Games
    [2012/11/09 00:31:37 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\BSplayer
    [2011/01/27 21:52:26 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\BSplayer Pro
    [2011/12/03 23:10:53 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\calibre
    [2011/12/31 22:36:31 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Canon
    [2011/03/20 10:19:59 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\CursedOnboard
    [2012/03/25 10:25:38 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\DAEMON Tools Lite
    [2012/10/22 12:31:46 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Davka Corp
    [2012/01/24 16:33:36 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\DC++
    [2012/03/11 14:13:39 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Doublefine
    [2011/04/27 11:39:25 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Downloaded Installations
    [2012/11/08 20:55:18 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Dropbox
    [2012/11/06 11:15:14 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\DVDVideoSoft
    [2012/09/03 09:35:59 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\DVDVideoSoftIEHelpers
    [2011/03/22 08:05:12 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Elephant Games
    [2012/11/06 16:02:39 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Frogwares
    [2012/11/15 17:07:10 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Games
    [2011/08/25 21:28:53 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\GetRightToGo
    [2012/01/12 14:27:10 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Grammatica
    [2011/04/28 17:12:15 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\gtk-2.0
    [2011/03/18 16:57:33 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\GTM_Bodie
    [2011/03/22 22:13:06 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\GuardiansOfMagic
    [2011/03/24 00:34:36 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\HdO Adventure
    [2011/06/02 12:51:16 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Incognito
    [2012/06/17 13:25:01 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\InfernalBros
    [2011/12/25 18:38:39 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\KuaiZip
    [2011/03/21 20:07:17 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Lost in the City
    [2011/03/21 20:38:55 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Lost in the City - Post scriptum
    [2012/04/05 10:19:15 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Mp3tag
    [2012/06/12 13:41:12 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Nitro PDF
    [2011/04/27 10:54:35 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Opera
    [2012/09/27 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\pdf995
    [2011/03/17 20:51:36 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\PopCapv1002
    [2011/12/13 14:02:08 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Quark
    [2012/07/27 08:29:29 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\QuickScan
    [2011/03/18 12:21:01 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\SpinTop Games
    [2011/08/30 19:06:37 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Systweak
    [2012/04/27 10:48:35 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\The Complete Genealogy Builder
    [2012/04/04 20:04:42 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\The Complete Genealogy Reporter
    [2010/09/27 15:13:58 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Thunderbird
    [2011/03/23 08:45:56 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\TitanicMystery
    [2011/12/12 22:37:22 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Trine2
    [2012/11/25 20:46:31 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\TuneUp Software
    [2011/11/20 17:58:41 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Unity
    [2012/11/28 00:21:01 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\uTorrent
    [2011/03/20 01:53:21 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Vogat Interactive
    [2012/09/05 13:49:39 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\YouSendIt

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2012/11/17 23:24:47 | 000,011,423 | ---- | M] ()(C:\Users\Barukh\Documents\4??????? ??????????? ?.docx) -- C:\Users\Barukh\Documents\4שְׁמַ֖ע יִשְׂרָאֵ֑ל ה.docx
    [2012/11/17 23:24:46 | 000,011,423 | ---- | C] ()(C:\Users\Barukh\Documents\4??????? ??????????? ?.docx) -- C:\Users\Barukh\Documents\4שְׁמַ֖ע יִשְׂרָאֵ֑ל ה.docx
    [2012/11/08 14:27:59 | 000,278,016 | ---- | M] ()(C:\Users\Barukh\Documents\?????? ???????.doc) -- C:\Users\Barukh\Documents\הספריה הספרדית.doc
    [2012/11/08 14:27:58 | 000,278,016 | ---- | C] ()(C:\Users\Barukh\Documents\?????? ???????.doc) -- C:\Users\Barukh\Documents\הספריה הספרדית.doc
    [2012/11/05 16:19:02 | 000,019,451 | ---- | M] ()(C:\Users\Barukh\Documents\?? ???? ??????.docx) -- C:\Users\Barukh\Documents\מי שברך לחולים.docx
    [2012/11/05 00:32:55 | 000,048,640 | ---- | M] ()(C:\Users\Barukh\Documents\? ????? ???????????.doc) -- C:\Users\Barukh\Documents\א שִׁיר הַמַּעֲלוֹת.doc
    [2012/11/05 00:14:32 | 000,019,451 | ---- | C] ()(C:\Users\Barukh\Documents\?? ???? ??????.docx) -- C:\Users\Barukh\Documents\מי שברך לחולים.docx
    [2012/11/04 22:58:22 | 000,048,640 | ---- | C] ()(C:\Users\Barukh\Documents\? ????? ???????????.doc) -- C:\Users\Barukh\Documents\א שִׁיר הַמַּעֲלוֹת.doc
    [2012/10/14 10:37:03 | 000,012,013 | ---- | M] ()(C:\Users\Barukh\Documents\????? ??????.docx) -- C:\Users\Barukh\Documents\חדרים ביברית.docx
    [2012/10/14 10:37:02 | 000,012,013 | ---- | C] ()(C:\Users\Barukh\Documents\????? ??????.docx) -- C:\Users\Barukh\Documents\חדרים ביברית.docx
    [2012/10/14 10:05:09 | 000,005,253 | ---- | M] ()(C:\Users\Barukh\Documents\????? ??????.rtf) -- C:\Users\Barukh\Documents\חדרים ביברית.rtf
    [2012/10/14 10:03:01 | 000,005,253 | ---- | C] ()(C:\Users\Barukh\Documents\????? ??????.rtf) -- C:\Users\Barukh\Documents\חדרים ביברית.rtf
    [2012/10/14 10:02:25 | 000,229,589 | ---- | M] ()(C:\Users\Barukh\Documents\????? ??????.pdf) -- C:\Users\Barukh\Documents\חדרים ביברית.pdf
    [2012/10/14 09:59:35 | 000,229,589 | ---- | C] ()(C:\Users\Barukh\Documents\????? ??????.pdf) -- C:\Users\Barukh\Documents\חדרים ביברית.pdf
    [2012/09/27 19:14:15 | 000,267,889 | ---- | M] ()(C:\Users\Barukh\Documents\???????.pdf) -- C:\Users\Barukh\Documents\כשהיגיע.pdf
    [2012/09/27 19:09:31 | 000,340,992 | ---- | M] ()(C:\Users\Barukh\Documents\???????.doc) -- C:\Users\Barukh\Documents\כשהיגיע.doc
    [2012/09/27 16:06:52 | 000,267,889 | ---- | C] ()(C:\Users\Barukh\Documents\???????.pdf) -- C:\Users\Barukh\Documents\כשהיגיע.pdf
    [2012/09/27 16:06:48 | 000,340,992 | ---- | C] ()(C:\Users\Barukh\Documents\???????.doc) -- C:\Users\Barukh\Documents\כשהיגיע.doc
    [2012/06/15 14:36:53 | 000,148,649 | ---- | M] ()(C:\Users\Barukh\Documents\Filosofía y ética en Maurice Bonduel - Begoña Arrieta Heras - Google ?????.htm) -- C:\Users\Barukh\Documents\Filosofía y ética en Maurice Bonduel - Begoña Arrieta Heras - Google ספרים.htm
    [2012/06/15 14:36:53 | 000,148,649 | ---- | C] ()(C:\Users\Barukh\Documents\Filosofía y ética en Maurice Bonduel - Begoña Arrieta Heras - Google ?????.htm) -- C:\Users\Barukh\Documents\Filosofía y ética en Maurice Bonduel - Begoña Arrieta Heras - Google ספרים.htm
    [2012/06/15 14:36:53 | 000,000,000 | ---D | M](C:\Users\Barukh\Documents\Filosofía y ética en Maurice Bonduel - Begoña Arrieta Heras - Google ?????_files) -- C:\Users\Barukh\Documents\Filosofía y ética en Maurice Bonduel - Begoña Arrieta Heras - Google ספרים_files
    [2012/06/15 14:36:53 | 000,000,000 | ---D | C](C:\Users\Barukh\Documents\Filosofía y ética en Maurice Bonduel - Begoña Arrieta Heras - Google ?????_files) -- C:\Users\Barukh\Documents\Filosofía y ética en Maurice Bonduel - Begoña Arrieta Heras - Google ספרים_files
    [2012/03/29 20:40:36 | 000,117,542 | ---- | M] ()(C:\Users\Barukh\Documents\The People and Its Land - Simha Kling - Google ?????.htm) -- C:\Users\Barukh\Documents\The People and Its Land - Simha Kling - Google ספרים.htm
    [2012/03/29 20:40:36 | 000,000,000 | ---D | M](C:\Users\Barukh\Documents\The People and Its Land - Simha Kling - Google ?????_files) -- C:\Users\Barukh\Documents\The People and Its Land - Simha Kling - Google ספרים_files
    [2012/03/29 20:40:36 | 000,000,000 | ---D | C](C:\Users\Barukh\Documents\The People and Its Land - Simha Kling - Google ?????_files) -- C:\Users\Barukh\Documents\The People and Its Land - Simha Kling - Google ספרים_files
    [2012/03/29 20:40:35 | 000,117,542 | ---- | C] ()(C:\Users\Barukh\Documents\The People and Its Land - Simha Kling - Google ?????.htm) -- C:\Users\Barukh\Documents\The People and Its Land - Simha Kling - Google ספרים.htm
    [2011/09/05 21:06:07 | 000,011,271 | ---- | M] ()(C:\Users\Barukh\Documents\????? ????????.docx) -- C:\Users\Barukh\Documents\פּרֶק רִאשׁוֹן.docx
    [2011/09/05 21:06:07 | 000,011,271 | ---- | C] ()(C:\Users\Barukh\Documents\????? ????????.docx) -- C:\Users\Barukh\Documents\פּרֶק רִאשׁוֹן.docx
    [2011/07/06 17:09:14 | 000,026,591 | ---- | M] ()(C:\Users\Barukh\Documents\?????1.docx) -- C:\Users\Barukh\Documents\קדושה1.docx
    [2011/07/06 17:09:14 | 000,026,591 | ---- | C] ()(C:\Users\Barukh\Documents\?????1.docx) -- C:\Users\Barukh\Documents\קדושה1.docx
    [2011/07/04 23:22:59 | 000,022,642 | ---- | M] ()(C:\Users\Barukh\Documents\?????.docx) -- C:\Users\Barukh\Documents\קדושה.docx
    [2011/07/04 23:22:58 | 000,022,642 | ---- | C] ()(C:\Users\Barukh\Documents\?????.docx) -- C:\Users\Barukh\Documents\קדושה.docx
    [2011/03/25 11:23:07 | 000,014,970 | ---- | M] ()(C:\Users\Barukh\Documents\??????.docx) -- C:\Users\Barukh\Documents\זהירות.docx
    [2011/03/24 14:41:55 | 000,014,970 | ---- | C] ()(C:\Users\Barukh\Documents\??????.docx) -- C:\Users\Barukh\Documents\זהירות.docx
    [2010/12/11 21:02:47 | 000,057,501 | ---- | M] ()(C:\Users\Barukh\Documents\????? ?????.docx) -- C:\Users\Barukh\Documents\רשימת שירים.docx
    [2010/12/11 21:02:47 | 000,057,501 | ---- | C] ()(C:\Users\Barukh\Documents\????? ?????.docx) -- C:\Users\Barukh\Documents\רשימת שירים.docx
    [2010/11/30 21:10:15 | 000,012,314 | ---- | M] ()(C:\Users\Barukh\Documents\???????? ???????? ??????? ???????.docx) -- C:\Users\Barukh\Documents\בָּרוּךְ שֶׁאָמַר וְהָיָה הָעולָם.docx
    [2010/11/30 21:10:14 | 000,012,314 | ---- | C] ()(C:\Users\Barukh\Documents\???????? ???????? ??????? ???????.docx) -- C:\Users\Barukh\Documents\בָּרוּךְ שֶׁאָמַר וְהָיָה הָעולָם.docx
    [2010/11/15 20:27:50 | 000,027,648 | ---- | M] ()(C:\Users\Barukh\Documents\???? Noemi Cohen Traduccion.doc) -- C:\Users\Barukh\Documents\מכתב Noemi Cohen Traduccion.doc
    [2010/11/14 19:14:05 | 000,027,648 | ---- | C] ()(C:\Users\Barukh\Documents\???? Noemi Cohen Traduccion.doc) -- C:\Users\Barukh\Documents\מכתב Noemi Cohen Traduccion.doc
    [2010/11/13 18:57:24 | 000,075,776 | ---- | M] ()(C:\Users\Barukh\Documents\???? Rav bar Hen.doc) -- C:\Users\Barukh\Documents\מכתב Rav bar Hen.doc
    [2010/11/12 14:22:25 | 000,026,624 | ---- | M] ()(C:\Users\Barukh\Documents\????.doc) -- C:\Users\Barukh\Documents\מכתב.doc
    [2010/11/12 14:22:24 | 000,026,624 | ---- | C] ()(C:\Users\Barukh\Documents\????.doc) -- C:\Users\Barukh\Documents\מכתב.doc
    [2010/11/12 14:22:00 | 000,406,778 | ---- | M] ()(C:\Users\Barukh\Documents\???? Noemi Cohen.pdf) -- C:\Users\Barukh\Documents\מכתב Noemi Cohen.pdf
    [2010/11/12 14:22:00 | 000,406,778 | ---- | C] ()(C:\Users\Barukh\Documents\???? Noemi Cohen.pdf) -- C:\Users\Barukh\Documents\מכתב Noemi Cohen.pdf
    [2010/11/12 14:20:45 | 000,075,776 | ---- | C] ()(C:\Users\Barukh\Documents\???? Rav bar Hen.doc) -- C:\Users\Barukh\Documents\מכתב Rav bar Hen.doc
    [2010/11/12 14:11:26 | 000,043,899 | ---- | M] ()(C:\Users\Barukh\Documents\???? ??????.rtf) -- C:\Users\Barukh\Documents\ברוך ברבנות.rtf
    [2010/11/12 10:20:32 | 000,043,899 | ---- | C] ()(C:\Users\Barukh\Documents\???? ??????.rtf) -- C:\Users\Barukh\Documents\ברוך ברבנות.rtf
    [2010/11/08 22:05:42 | 000,281,570 | ---- | M] ()(C:\Users\Barukh\Documents\???? Oded Lida.pdf) -- C:\Users\Barukh\Documents\מכתב Oded Lida.pdf
    [2010/11/08 22:05:42 | 000,281,570 | ---- | C] ()(C:\Users\Barukh\Documents\???? Oded Lida.pdf) -- C:\Users\Barukh\Documents\מכתב Oded Lida.pdf

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:A7CF0BEA
    @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5A0DD071
    @Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:8E5EA40F
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:82A3B721
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:689AB7E9
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:C30487EE
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D31BE97C
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:2B11E0DF
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:1B389835
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:260575F1
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:553CA6CA
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:4673E9EA
    < End of report >
     
  4. Baruch

    Baruch TS Rookie Topic Starter Posts: 35

    OTL Extras logfile created on: 26/11/2012 14:17:03 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barukh\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

    3,87 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 55,44% Memory free
    7,73 Gb Paging File | 5,66 Gb Available in Paging File | 73,27% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 421,81 Gb Total Space | 209,43 Gb Free Space | 49,65% Space Free | Partition Type: NTFS
    Drive D: | 29,00 Gb Total Space | 28,01 Gb Free Space | 96,59% Space Free | Partition Type: NTFS

    Computer Name: BARUKH-PC | User Name: Barukh | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{2D024BA5-FEC9-430D-AE06-B9E8CDB54A61}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{3592E7A3-5422-4AA7-86B8-A1B3087AF110}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
    "{3E3CA6D9-25E3-47D2-B4B4-33FABE022E70}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{625A9736-3308-4AA0-A408-2A89856BB1C5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6A35B640-EA65-43F2-B411-916B9655B48E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{74B00C66-9288-4B9C-86CE-DB54B886D8AB}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{7819BBAC-3CE6-40A3-98B4-F2FFA79B6938}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{95A0D4AE-47FB-40D7-A758-0E156EDEE6DF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{CF6AC082-54B7-43DF-AC0A-6DBC2D5628D5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DE0B2FAF-282E-490F-B16C-C21BBBB07664}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{E4DDE4B5-1BFD-46FE-BCB5-826C448D5497}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F388C187-8D40-4B15-A752-22C5FB8A7DFF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{EACB10ED-C4ED-4A2B-B93A-5D8BB8B85294}C:\users\barukh\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\barukh\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{D8BBA479-868F-4213-AE64-D5E92A61E0B5}C:\users\barukh\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\barukh\appdata\local\akamai\netsession_win.exe |
     
  5. Baruch

    Baruch TS Rookie Topic Starter Posts: 35

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
    "{3BC6E87B-7E7B-3F78-9BD1-708B199B1EB5}" = Microsoft .NET Framework 4 Extended ESN Language Pack
    "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
    "{49DA615E-97A4-4129-B2E7-4DEDAA862565}" = SmartFTP Client
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{61A11F3E-964A-398B-871C-A043D113B822}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Centro de dispositivos de Windows Mobile
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{7C7BE10A-FBCE-4F06-8CE4-2964DAE3395E}" = SmartFTP Client Spanish (Spain, Traditional Sort) MUI
    "{7E587F58-50BE-3557-89F6-14D99CB5FB2A}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Controlador de 3D Vision 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel de control de NVIDIA 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Controlador de gráficos 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Actualización de NVIDIA 1.8.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Controlador de audio HD 1.3.16.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BB0CAB96-2EDE-4DDF-B6F3-AEE02C0F1CA4}" = AVG 2013
    "{C3C912BB-BF4B-3788-8A19-DA5B999CE0C6}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
    "{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F5B11319-608C-4E71-A460-4F587B95E20C}" = DavkaWriter 7 Demo Version 7.0.19
    "0A4175B489A1B4A6E07E11B063A6263480C51D71" = Paquete de controladores de Windows - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
    "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    "6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    "6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
    "AVG" = AVG 2013
    "CCleaner" = CCleaner
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "Elantech" = ETDWare PS/2-x64 7.0.4.16_WHQL
    "EPSON Printer and Utilities" = EPSON Printer Software
    "Free PDF to Word Converter_is1" = Free PDF to Word Converter 4.2.3.183
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft .NET Framework 4 Extended ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Extended ESN
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN" = Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN
    "UDK-45582f37-6d17-41c6-9cf9-facaa65bdf3f" = My Game Long Name
    "WinRAR archiver" = Compresor WinRAR

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{27CC1DC7-CC13-460E-A7B7-58870A4B6DEF}" = Time Tracker 2011 Beta Release
    "{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
    "{38A96559-FF39-4089-A609-BFD76C4A6C07}_is1" = El testamento de Sherlock Holmes
    "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Dragon Age Toolset
    "{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}" = Family Tree Maker 2011
    "{3CC49D98-2914-4444-88F1-6739EBBD140E}_is1" = Las Aventuras De Tintín - El Secreto Del Unicornio 1.0
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3F64C088-9A45-41B3-8B99-71AFAB720A56}" = Sherlock Holmes versus Jack the Ripper
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{42146C53-4D93-46EF-A221-734B08978E1B}" = calibre
    "{4809DDAE-110C-4CF8-B383-706BB5B3D5B6}_is1" = OGG to MP3 Converter 1.2
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A18A490-6CC4-4A1A-8799-0D8C12315756}" = Time Tracker 2011 Beta Release
    "{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Compatibilidad con Aplicaciones de Apple
    "{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
    "{64850E90-82E2-4F1C-AD0B-E0B3F5FA8A4B}" = CodeFinder 1.23 and AWH update
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
    "{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{82154114-943B-4A6F-9B20-073C9573E93E}" = Quark Update
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{89EAD745-088B-4160-B964-42C4D4D273AD}" = Family Tree Maker 2010
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
    "{90120000-0015-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
    "{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
    "{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
    "{90120000-0019-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
    "{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
    "{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
    "{90120000-001F-0403-0000-0000000FF1CE}_PROHYBRIDR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0403-0000-0000000FF1CE}_PROPLUS_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
    "{90120000-001F-0416-0000-0000000FF1CE}_PROHYBRIDR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0416-0000-0000000FF1CE}_PROPLUS_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
    "{90120000-001F-042D-0000-0000000FF1CE}_PROHYBRIDR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-042D-0000-0000000FF1CE}_PROPLUS_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
    "{90120000-001F-0456-0000-0000000FF1CE}_PROHYBRIDR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0456-0000-0000000FF1CE}_PROPLUS_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0C0A-0000-0000000FF1CE}" = Paquete de compatibilidad para 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0C0A-1000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0C0A-1000-0000000FF1CE}_PROPLUS_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
    "{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
    "{90120000-0044-0C0A-0000-0000000FF1CE}_PROPLUS_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
    "{90120000-006E-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0C0A-0000-0000000FF1CE}_PROPLUS_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00B2-0C0A-0000-0000000FF1CE}" = Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90A40C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{95140000-007A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{953D4586-9A16-495E-BA1F-EE5AA66604DB}" = Windows Live Sync
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AC76BA86-7AD7-2447-0000-A00000000003}" = Chinese Simplified Fonts Support For Adobe Reader X
    "{AC76BA86-7AD7-5670-0000-A00000000003}" = Korean Fonts Support For Adobe Reader X
    "{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
    "{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
    "{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
    "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{b8cf3068-5c78-438c-8cc5-aee3eec17953}" = Business Contact Manager para Outlook 2007 SP2
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE949716-2A5A-40F2-BA31-54CE71B37FE5}" = QuarkXPress
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D780B6D0-4A6B-4336-8CEF-B9F520EFA76B}" = CodeFinder
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DFB19121-0609-49C1-92B1-546E5A940FE8}" = Onekey Theater
    "{e05859e4-7455-4d01-a9dc-1da760a5d903}" = Ad-Aware Antivirus
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "adawaretb" = Ad-Aware Security Add-on
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Ahnenblatt_is1" = Ahnenblatt 2.66
    "Alarm Clock_is1" = Alarm Clock
    "Ashampoo WinOptimizer 8_is1" = Ashampoo WinOptimizer 8 v.8.13
    "Bejeweled 3" = Bejeweled 3
    "BSPlayerf" = BS.Player FREE
    "Business Contact Manager" = Business Contact Manager para Outlook 2007 SP2
    "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "CATraxx_is1" = CATraxx
    "CDisplay_is1" = CDisplay 1.8
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DC++" = DC++ 0.791
    "Dexter The Game_is1" = Dexter The Game, 1.0
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "Electric Sheep" = Electric Sheep 2.7b29
    "ESET Online Scanner" = ESET Online Scanner v3
    "Explodemon" = Explodemon
    "Family Tree Maker 2010" = Family Tree Maker 2010
    "Family Tree Maker 2011" = Family Tree Maker 2011
    "Free Studio_is1" = Free Studio version 5.7.7.1031
    "G-Alarm_is1" = G-Alarm 2.5
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
    "InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
    "KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.0 (Basic)
    "LoqTTS-Jorge_is1" = Loquendo TTS: Jorge (Spanish)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versión 1.65.1.1000
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox (3.6.21)" = Mozilla Firefox (3.6.21)
    "Mozilla Thunderbird 16.0.2 (x86 es-ES)" = Mozilla Thunderbird 16.0.2 (x86 es-ES)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
    "MP3 Converter Simple" = MP3 Converter Simple
    "Mp3tag" = Mp3tag v2.50
    "MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "Pdf995" = Pdf995
    "Pid 1.00" = Pid 1.00
    "Plants vs. Zombies1.0" = Plants vs. Zombies
    "PROHYBRIDR" = 2007 Microsoft Office system
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "Quick Screen Capture 3.0_is1" = Quick Screen Capture 3.0
    "RealPlayer 15.0" = RealPlayer
    "Registro de usuario de Canon MP250 series" = Registro de usuario de Canon MP250 series
    "Screen Capturer" = Screen Capturer
    "SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)
    "SpeedBit Video Downloader" = SpeedBit Video Downloader
    "Steam App 115110" = Stacking
    "Steam App 24200" = DC Universe Online
    "Stepvoice Recorder_is1" = Stepvoice Recorder 1.8.0.206
    "Tag&Rename_is1" = Tag&Rename 3.5.7
    "TextAloud MP3_is1" = TextAloud
    "The Complete Genealogy Builder_is1" = The Complete Genealogy Builder
    "The Complete Genealogy Reporter_is1" = The Complete Genealogy Reporter
    "The Walking Dead (c) 3_is1" = The Walking Dead (c) 3 version 1
    "The Wizard's Pen 1.01" = The Wizard's Pen 1.01
    "TweakUAC_is1" = TweakUAC
    "uTorrent" = µTorrent
    "VeriFace" = VeriFace
    "VideoTodo_is1" = Videotodo 2.2.1.0
    "VLC media player" = VLC media player 2.0.1
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinLiveSuite" = Windows Live Essentials
    "xTube Video Downloader_is1" = xTube Video Downloader 3.25

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "1A1667286B366D4B5C10355F421F67781D0D33E2" = STILUS for Word
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "SkyDriveSetup.exe" = Microsoft SkyDrive
    "VisualBee for Microsoft PowerPoint" = VisualBee for Microsoft PowerPoint

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 23/11/2012 3:17:21 | Computer Name = Barukh-PC | Source = SideBySide | ID = 16842832
    Description = Error al generar el contexto de activación para "C:\Users\Barukh\Downloads\SoftonicDownloader_para_free-screen-capturer.exe".
    Error en el archivo de manifiesto o directiva "" en la línea . Una versión de componente
    requerida por la aplicación está en conflicto con la versión de otro componente
    activo. Los componentes en conflicto son:. Componente 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Componente
    2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error - 23/11/2012 3:17:41 | Computer Name = Barukh-PC | Source = SideBySide | ID = 16842832
    Description = Error al generar el contexto de activación para "C:\Users\Barukh\Downloads\esetsmartinstaller_enu.exe".
    Error en el archivo de manifiesto o directiva "" en la línea . Una versión de componente
    requerida por la aplicación está en conflicto con la versión de otro componente
    activo. Los componentes en conflicto son:. Componente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Componente
    2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 23/11/2012 3:26:43 | Computer Name = Barukh-PC | Source = Application Hang | ID = 1002
    Description = El programa iexplore.exe, versión 9.0.8112.16455, dejó de interactuar
    con Windows y se cerró. Para ver si hay más información disponible acerca del problema,
    compruebe el historial de problemas en el panel de control Centro de actividades.
    Identificador
    de proceso: 63c Hora de inicio: 01cdc948572659af Hora de finalización: 140 Ruta de
    acceso de la aplicación: C:\Program Files\Internet Explorer\iexplore.exe Identificador
    de informe:

    Error - 23/11/2012 3:34:44 | Computer Name = Barukh-PC | Source = Application Hang | ID = 1002
    Description = El programa iexplore.exe, versión 9.0.8112.16455, dejó de interactuar
    con Windows y se cerró. Para ver si hay más información disponible acerca del problema,
    compruebe el historial de problemas en el panel de control Centro de actividades.
    Identificador
    de proceso: 16d4 Hora de inicio: 01cdc948558a8b9f Hora de finalización: 0 Ruta de
    acceso de la aplicación: C:\Program Files\Internet Explorer\iexplore.exe Identificador
    de informe: 39c168ee-3540-11e2-8690-506313a121a9

    Error - 23/11/2012 4:23:00 | Computer Name = Barukh-PC | Source = SideBySide | ID = 16842832
    Description = Error al generar el contexto de activación para "c:\program files
    (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Error en el archivo de manifiesto
    o directiva "" en la línea . Una versión de componente requerida por la aplicación
    está en conflicto con la versión de otro componente activo. Los componentes en conflicto
    son:. Componente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Componente
    2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 24/11/2012 14:52:27 | Computer Name = Barukh-PC | Source = Application Hang | ID = 1002
    Description = El programa iexplore.exe, versión 9.0.8112.16455, dejó de interactuar
    con Windows y se cerró. Para ver si hay más información disponible acerca del problema,
    compruebe el historial de problemas en el panel de control Centro de actividades.
    Identificador
    de proceso: 15d8 Hora de inicio: 01cdca71345133b3 Hora de finalización: 343 Ruta de
    acceso de la aplicación: C:\Program Files\Internet Explorer\iexplore.exe Identificador
    de informe:

    Error - 25/11/2012 9:59:37 | Computer Name = Barukh-PC | Source = SideBySide | ID = 16842832
    Description = Error al generar el contexto de activación para "c:\program files
    (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Error en el archivo de manifiesto
    o directiva "" en la línea . Una versión de componente requerida por la aplicación
    está en conflicto con la versión de otro componente activo. Los componentes en conflicto
    son:. Componente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Componente
    2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 25/11/2012 12:30:55 | Computer Name = Barukh-PC | Source = MsiInstaller | ID = 10005
    Description =

    Error - 25/11/2012 12:30:55 | Computer Name = Barukh-PC | Source = MsiInstaller | ID = 10005
    Description =

    Error - 26/11/2012 3:35:25 | Computer Name = Barukh-PC | Source = SideBySide | ID = 16842832
    Description = Error al generar el contexto de activación para "c:\program files
    (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Error en el archivo de manifiesto
    o directiva "" en la línea . Una versión de componente requerida por la aplicación
    está en conflicto con la versión de otro componente activo. Los componentes en conflicto
    son:. Componente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Componente
    2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    [ Media Center Events ]
    Error - 26/03/2012 9:37:03 | Computer Name = Barukh-PC | Source = MCUpdate | ID = 0
    Description = 15:36:57 - No se pudo recuperar Broadband (Error: Se ha terminado
    la conexión: Error inesperado de recepción.)

    Error - 28/03/2012 9:49:19 | Computer Name = Barukh-PC | Source = MCUpdate | ID = 0
    Description = 15:49:19 - Error al conectarse a Internet. 15:49:19 - No se puede
    establecer contacto con el servidor..

    Error - 28/03/2012 9:49:28 | Computer Name = Barukh-PC | Source = MCUpdate | ID = 0
    Description = 15:49:24 - Error al conectarse a Internet. 15:49:24 - No se puede
    establecer contacto con el servidor..

    Error - 28/03/2012 10:49:58 | Computer Name = Barukh-PC | Source = MCUpdate | ID = 0
    Description = 16:49:58 - Error al conectarse a Internet. 16:49:58 - No se puede
    establecer contacto con el servidor..

    Error - 28/03/2012 10:50:04 | Computer Name = Barukh-PC | Source = MCUpdate | ID = 0
    Description = 16:50:03 - Error al conectarse a Internet. 16:50:03 - No se puede
    establecer contacto con el servidor..

    Error - 28/03/2012 11:50:09 | Computer Name = Barukh-PC | Source = MCUpdate | ID = 0
    Description = 17:50:09 - Error al conectarse a Internet. 17:50:09 - No se puede
    establecer contacto con el servidor..

    Error - 28/03/2012 11:50:15 | Computer Name = Barukh-PC | Source = MCUpdate | ID = 0
    Description = 17:50:14 - Error al conectarse a Internet. 17:50:14 - No se puede
    establecer contacto con el servidor..

    Error - 30/03/2012 10:20:28 | Computer Name = Barukh-PC | Source = MCUpdate | ID = 0
    Description = 17:20:28 - Error al conectarse a Internet. 17:20:28 - No se puede
    establecer contacto con el servidor..

    Error - 30/03/2012 10:21:04 | Computer Name = Barukh-PC | Source = MCUpdate | ID = 0
    Description = 17:20:57 - Error al conectarse a Internet. 17:20:57 - No se puede
    establecer contacto con el servidor..

    Error - 05/04/2012 2:51:12 | Computer Name = Barukh-PC | Source = MCUpdate | ID = 0
    Description = 9:51:07 - Error al conectarse a Internet. 9:51:07 - No se puede
    establecer contacto con el servidor..

    [ OSession Events ]
    Error - 03/01/2012 15:25:38 | Computer Name = Barukh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 133252
    seconds with 11820 seconds of active time. This session ended with a crash.

    Error - 03/01/2012 15:36:30 | Computer Name = Barukh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 633
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 03/01/2012 17:06:09 | Computer Name = Barukh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5369
    seconds with 2280 seconds of active time. This session ended with a crash.

    Error - 25/03/2012 6:35:44 | Computer Name = Barukh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8381
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 19/07/2012 8:04:20 | Computer Name = Barukh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3553
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 23/07/2012 16:56:01 | Computer Name = Barukh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8340
    seconds with 4380 seconds of active time. This session ended with a crash.

    Error - 09/08/2012 7:52:26 | Computer Name = Barukh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
    12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19999
    seconds with 2640 seconds of active time. This session ended with a crash.

    Error - 12/10/2012 9:49:48 | Computer Name = Barukh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 7258
    seconds with 5520 seconds of active time. This session ended with a crash.

    Error - 13/10/2012 16:53:19 | Computer Name = Barukh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 12552
    seconds with 6900 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 26/11/2012 2:39:06 | Computer Name = Barukh-PC | Source = Service Control Manager | ID = 7003
    Description = El servicio McAfee Servicio Personal Firewall depende del siguiente
    servicio: MfeFire. Este servicio podría no estar instalado.

    Error - 26/11/2012 2:39:11 | Computer Name = Barukh-PC | Source = Service Control Manager | ID = 7006
    Description = Error en la llamada ScRegSetValueExW para FailureActions con el error
    siguiente: %%5

    Error - 26/11/2012 2:39:18 | Computer Name = Barukh-PC | Source = Service Control Manager | ID = 7026
    Description = El siguiente controlador de inicio del sistema o de inicio del arranque
    no se cargó correctamente: SASDIFSV SASKUTIL SBRE

    Error - 26/11/2012 2:41:57 | Computer Name = Barukh-PC | Source = Service Control Manager | ID = 7011
    Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
    del servicio ShellHWDetection.

    Error - 26/11/2012 2:42:27 | Computer Name = Barukh-PC | Source = Service Control Manager | ID = 7011
    Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
    del servicio ShellHWDetection.

    Error - 26/11/2012 2:43:22 | Computer Name = Barukh-PC | Source = Service Control Manager | ID = 7022
    Description = El servicio Servicio de transferencia inteligente en segundo plano
    (BITS) no respondió después de iniciar.

    Error - 26/11/2012 2:42:41 | Computer Name = Barukh-PC | Source = DCOM | ID = 10010
    Description =

    Error - 26/11/2012 2:46:33 | Computer Name = Barukh-PC | Source = Service Control Manager | ID = 7038
    Description = El servicio nvUpdatusService no se pudo iniciarse como .\UpdatusUser
    con la contraseña configurada actualmente debido al siguiente error: %%1330 Para
    asegurarse de que el servicio esté correctamente configurado, use el complemento
    Servicios en Microsoft Management Console (MMC).

    Error - 26/11/2012 2:46:33 | Computer Name = Barukh-PC | Source = Service Control Manager | ID = 7000
    Description = El servicio NVIDIA Update Service Daemon no pudo iniciarse debido
    al siguiente error: %%1069

    Error - 26/11/2012 2:46:33 | Computer Name = Barukh-PC | Source = Service Control Manager | ID = 7000
    Description = El servicio ReadyComm.DirectRouter no pudo iniciarse debido al siguiente
    error: %%2


    < End of report >
     
  6. Baruch

    Baruch TS Rookie Topic Starter Posts: 35

    And those are the both files you requested from OTL.
     
  7. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    Yes but you didn't follow one of my previous instructions:
    When done re-run OTL and post new log (only one log will be produced).
     
  8. Baruch

    Baruch TS Rookie Topic Starter Posts: 35

    Uninstalled it when you said it in the first tests (actually uninstalled AVG too, it interfered), but reinstalled it afterwards. Gonna uninstall it again. After last tests, I get a missing Pthreadgc2.dll driver message everytime screensaver appears. I'll run OTL now.
     
  9. Baruch

    Baruch TS Rookie Topic Starter Posts: 35

    OTL logfile created on: 28/11/2012 14:40:39 - Run 4
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Barukh\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

    3,87 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 55,71% Memory free
    7,73 Gb Paging File | 5,64 Gb Available in Paging File | 73,01% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 421,81 Gb Total Space | 203,98 Gb Free Space | 48,36% Space Free | Partition Type: NTFS
    Drive D: | 29,00 Gb Total Space | 28,01 Gb Free Space | 96,59% Space Free | Partition Type: NTFS

    Computer Name: BARUKH-PC | User Name: Barukh | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2012/11/28 14:39:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Barukh\Desktop\OTL.exe
    PRC - [2012/11/17 17:46:45 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Barukh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/09/29 19:37:31 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/07/27 22:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/05/15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/04/17 17:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2011/09/28 09:45:12 | 000,885,160 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe
    PRC - [2011/09/28 09:45:10 | 002,656,680 | ---- | M] (Ashampoo Development GmbH & Co. KG) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe
    PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
    PRC - [2010/12/10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\DAODB\MSSQL.2\MSSQL\Binn\sqlservr.exe
    PRC - [2010/01/25 16:11:40 | 000,224,352 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\YouCam\YouCam.exe
    PRC - [2010/01/25 16:11:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
    PRC - [2009/12/23 19:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2009/12/23 19:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2009/12/09 10:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/12/09 10:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/09/15 12:29:16 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE
    PRC - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    PRC - [2008/12/08 16:02:18 | 000,147,456 | ---- | M] (ScreenCapturer.com) -- C:\Program Files (x86)\Screen Capturer\ScreenCapturer.exe
    PRC - [2008/01/16 11:56:40 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/16 03:46:25 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
    MOD - [2012/11/16 03:45:52 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
    MOD - [2012/11/16 03:45:45 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
    MOD - [2012/11/16 03:45:29 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
    MOD - [2012/11/16 03:45:23 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
    MOD - [2012/11/16 03:45:19 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
    MOD - [2012/11/16 03:45:17 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
    MOD - [2012/11/16 03:45:10 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
    MOD - [2010/11/13 01:35:42 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll
    MOD - [2010/03/21 20:18:19 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_es_b77a5c561934e089\System.Runtime.Remoting.resources.dll
    MOD - [2008/12/08 16:04:32 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Screen Capturer\Extensions\ScreenCapture\bin\TaksiDll.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
    SRV:64bit: - [2010/09/27 08:37:32 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
    SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/10/29 23:54:52 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012/10/09 18:20:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/06/15 11:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2012/05/15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/05/15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/02/06 20:37:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/09/28 09:45:12 | 000,885,160 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe -- (WO_LiveService)
    SRV - [2011/08/12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV - [2011/03/28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/12/10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\DAODB\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET)
    SRV - [2010/12/10 16:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
    SRV - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/23 19:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2009/12/09 10:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009/12/09 10:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/09/22 20:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Archivos de programa\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
    SRV - [2009/08/24 22:16:12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS64.exe -- (DfSdkS)
    SRV - [2009/08/14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Archivos de programa\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
    SRV - [2009/08/11 18:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Archivos de programa\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2009/07/16 05:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
    SRV - [2009/07/14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
    SRV - [2009/07/14 16:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
    SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
    SRV - [2008/01/16 11:56:40 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
    DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
    DRV:64bit: - [2012/11/25 18:32:09 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
    DRV:64bit: - [2012/11/15 10:49:12 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
    DRV:64bit: - [2012/11/15 10:49:11 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
    DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012/07/27 07:28:36 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/04/18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/09/27 13:26:04 | 000,131,072 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
    DRV:64bit: - [2010/02/19 14:33:48 | 000,167,816 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2010/01/28 11:47:44 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/01/25 16:12:40 | 000,031,216 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/01/05 03:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
    DRV:64bit: - [2009/12/17 12:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/12/11 10:25:06 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/12/01 21:04:08 | 000,709,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2009/11/09 08:53:06 | 000,207,232 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
    DRV:64bit: - [2009/11/06 14:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/10/19 02:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
    DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
    DRV:64bit: - [2009/07/16 13:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
    DRV:64bit: - [2009/07/16 05:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
    DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/07/01 06:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
    DRV:64bit: - [2009/07/01 06:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2009/07/01 06:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2009/07/01 06:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/06/10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 22:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/07 09:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2008/08/06 14:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2011/06/09 07:57:47 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer)
    DRV - [2011/03/08 06:01:06 | 000,012,824 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor64.sys -- (LiveTunerPM)
    DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
  10. Baruch

    Baruch TS Rookie Topic Starter Posts: 35

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2680363


    IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.lavasoft.com/?so...retb&v=2_2&u=B41A0C9938D67DBFA00C4650B247B0DF
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.lavasoft.com/?so...1A0C9938D67DBFA00C4650B247B0DF&q={searchTerms}
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2680363
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\SearchScopes\{C9EDFD97-957D-46D0-BC46-F9FCBDEF699D}: "URL" = http://es.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\SearchScopes\{F9FE1341-82F0-44DA-BEF5-9A3588B680BA}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
    FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.9
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..browser.startup.homepage: "http://safesearchr.lavasoft.com/?so...retb&v=2_2&u=B41A0C9938D67DBFA00C4650B247B0DF"
    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Barukh\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Barukh\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox [2011/09/03 19:27:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\RelevantKnowledge
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/29 19:37:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/11/08 17:05:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/23 13:09:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/29 19:37:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/29 19:37:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/08 17:06:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/29 23:54:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2012/01/27 14:07:44 | 000,000,000 | ---D | M]

    [2010/12/04 18:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barukh\AppData\Roaming\mozilla\Extensions
    [2010/09/27 15:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barukh\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2012/11/26 08:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barukh\AppData\Roaming\mozilla\Firefox\Profiles\rvjqfgf8.default\extensions
    [2011/08/31 23:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barukh\AppData\Roaming\mozilla\Firefox\Profiles\rvjqfgf8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2012/09/03 09:35:59 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Barukh\AppData\Roaming\mozilla\Firefox\Profiles\rvjqfgf8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2012/11/08 13:59:39 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Barukh\AppData\Roaming\mozilla\Firefox\Profiles\rvjqfgf8.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    [2011/08/31 23:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barukh\AppData\Roaming\mozilla\Firefox\Profiles\rvjqfgf8.default\extensions\staged-xpis
    [2011/03/07 11:14:46 | 000,322,940 | ---- | M] () (No name found) -- C:\Users\Barukh\AppData\Roaming\mozilla\firefox\profiles\rvjqfgf8.default\extensions\staged-xpis\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\flashgot.xpi
    [2012/10/22 06:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2012/05/22 21:21:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2010/12/19 22:13:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/13 08:37:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/30 22:49:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/08/26 09:17:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
    [2012/08/31 08:02:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/10/22 06:40:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2012/09/29 19:37:41 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
    [2012/11/25 18:31:19 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
    [2011/08/28 19:28:39 | 000,003,996 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
    [2011/08/28 19:28:39 | 000,000,751 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
    [2011/08/28 19:28:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
    [2011/08/28 19:28:40 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

    ========== Chrome ==========

    CHR - homepage: http://sites.google.com/site/majlakasefaradit/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://sites.google.com/site/majlakasefaradit/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Barukh\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Barukh\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Barukh\AppData\Local\Google\Chrome\Application\23.0.1271.91\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Chrome SVD extension (Enabled) = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\lib/npdownloaderchrome.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
    CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.114_0\npqscan.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Barukh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: RuneScape = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajjblpfpopipimofkhbglcoeknpnfijj\1.1_0\
    CHR - Extension: Xmarks Bookmark Sync = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
    CHR - Extension: Xmarks Bookmark Sync = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
    CHR - Extension: Angry Birds = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: JewishMusic Stream = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aogpohpdlalgbanndjocbimokbklkfbh\1.1.6_0\
    CHR - Extension: Dead Frontier = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dglbaehakkaojfihjkgkpknbjldhhmmn\1.1_0\
    CHR - Extension: SpeedBit Video Downloader = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\
    CHR - Extension: SiteAdvisor = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
    CHR - Extension: Delicious Tools = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclkcflnjahgejhappicbhcpllkpakej\1.5.2_0\
    CHR - Extension: Chanukah Mahjong = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmnfhgfgegkdjejlhocenjhhenobgpkm\1.0.0.1_0\
    CHR - Extension: Minimal = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfhcmjkebafbfikmbkhdpbmfpfjgiog\1.0_0\
    CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
    CHR - Extension: Bookmarks = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihaibgdemjcpnllmndlpdkfiggadlcgi\0.9_0\
    CHR - Extension: Lord of Ultima = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.12_0\
    CHR - Extension: Full Hebrew Bible (Tanakh) - kipshuto = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpcegmbhbonmpfeambcjgohkgnlgficb\1_0\
    CHR - Extension: Save in Delicious = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnejbeiilmbliffhdepeobjemekgdnok\0.998_1\
    CHR - Extension: Plants vs Zombies = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
    CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
    CHR - Extension: Bitdefender QuickScan = C:\Users\Barukh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\

    O1 HOSTS File: ([2012/11/25 18:11:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\grabber.dll (SpeedBit)
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4:64bit: - HKLM..\Run: [Ashampoo WinOptimizer Live-Tuner] C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe (Ashampoo Development GmbH & Co. KG)
    O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Archivos de programa\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
    O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
    O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
    O4:64bit: - HKLM..\Run: [ETDWare] C:\Archivos de programa\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat File not found
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
    O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003..\Run: [Akamai NetSession Interface] "C:\Users\Barukh\AppData\Local\Akamai\netsession_win.exe" File not found
    O4 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003..\Run: [SkyDrive] C:\Users\Barukh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Barukh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Screen Capturer.lnk = C:\Program Files (x86)\Screen Capturer\ScreenCapturer.exe (ScreenCapturer.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
    O7 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
    O8:64bit: - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Barukh\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
    O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Barukh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Barukh\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Barukh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: Enviar a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Enviar a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..Trusted Domains: clonewarsadventures.com ([]* in Sitios de confianza)
    O15 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..Trusted Domains: freerealms.com ([]* in Sitios de confianza)
    O15 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..Trusted Domains: soe.com ([]* in Sitios de confianza)
    O15 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..Trusted Domains: sony.com ([]* in Sitios de confianza)
    O16 - DPF: {3743E8B0-BE34-4652-9F11-7C4EB22F39B9} http://www.responsa.co.il/NetisUtils/install/safeview.cab (HtmlCtl2 Class)
    O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.es/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1709699A-2147-4002-9CB6-E808818F0014}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75E2F20D-6D5C-46A2-B53D-3A5D0C489BA0}: DhcpNameServer = 192.168.16.3
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
  11. Baruch

    Baruch TS Rookie Topic Starter Posts: 35

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/28 14:39:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Barukh\Desktop\OTL.exe
    [2012/11/25 20:50:36 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Roaming\AVG2013
    [2012/11/25 20:46:31 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Roaming\TuneUp Software
    [2012/11/25 20:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/11/25 20:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
    [2012/11/25 18:32:10 | 000,014,456 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
    [2012/11/25 18:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
    [2012/11/25 18:23:22 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Local\MFAData
    [2012/11/25 18:23:22 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Local\Avg2013
    [2012/11/25 18:18:03 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2012/11/25 18:17:26 | 000,000,000 | -H-D | C] -- C:\SkyDriveTemp
    [2012/11/25 18:11:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/25 17:54:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/11/25 17:54:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/11/25 17:54:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/11/25 17:54:51 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/11/25 17:40:06 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/25 17:39:46 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2012/11/25 17:27:16 | 005,006,177 | R--- | C] (Swearware) -- C:\Users\Barukh\Desktop\ComboFix.exe
    [2012/11/23 07:50:24 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/11/22 20:54:03 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
    [2012/11/17 20:17:56 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pid 1.00
    [2012/11/17 19:59:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
    [2012/11/15 22:05:25 | 000,000,000 | ---D | C] -- C:\Users\Barukh\Documents\Sherlock Holmes versus Jack the Ripper walkthrough_files
    [2012/11/15 17:06:22 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Roaming\Games
    [2012/11/15 16:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
    [2012/11/15 10:50:22 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\AGEIA
    [2012/11/15 10:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
    [2012/11/15 10:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Adventure Company
    [2012/11/15 10:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Adventure Company
    [2012/11/11 21:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2012/11/10 20:00:13 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Local\VisualBeeClient
    [2012/11/10 19:58:03 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Local\VisualBeeExe
    [2012/11/10 19:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
    [2012/11/09 02:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
    [2012/11/09 00:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
    [2012/11/09 00:24:56 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Roaming\BSplayer
    [2012/11/08 16:42:46 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Roaming\LavasoftStatistics
    [2012/11/06 22:30:11 | 000,000,000 | ---D | C] -- C:\Users\Barukh\Documents\Sherlock Holmes 6 The Testament of Sherlock Holmes walkthrough_files
    [2012/11/06 16:02:39 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Roaming\Frogwares
    [2012/11/06 15:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Home Interactive
    [2012/11/06 15:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Focus
    [2012/11/06 11:17:58 | 000,000,000 | ---D | C] -- C:\Users\Barukh\AppData\Local\DVDVideoSoft_Ltd
    [2012/11/06 11:15:14 | 000,000,000 | ---D | C] -- C:\Users\Barukh\Documents\DVDVideoSoft
    [2012/11/03 21:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
    [2012/11/03 21:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
    [2012/10/29 23:54:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
    [2011/12/25 18:36:12 | 003,498,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\vstor40_x64.exe
    [2011/12/25 18:35:26 | 001,343,488 | ---- | C] (Distribuido por: Maxi Gramar SL) -- C:\Program Files (x86)\wcwdes10.dll
    [2010/11/21 00:51:18 | 002,790,864 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files (x86)\install_flash_player.exe
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    [2 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/28 14:42:11 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/28 14:42:11 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/28 14:40:00 | 000,001,114 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1373113754-2393914652-2236859404-1003UA.job
    [2012/11/28 14:39:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Barukh\Desktop\OTL.exe
    [2012/11/28 14:34:50 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/28 14:34:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/11/28 14:34:12 | 3113,365,504 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/28 14:20:00 | 000,000,838 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/11/28 14:04:00 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/28 01:40:01 | 000,001,062 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1373113754-2393914652-2236859404-1003Core.job
    [2012/11/26 21:03:34 | 010,485,760 | ---- | M] () -- C:\Users\Barukh\Documents\Alumnos1.accdb
    [2012/11/25 22:58:55 | 000,000,953 | ---- | M] () -- C:\windows\Kaluach3.INI
    [2012/11/25 21:40:54 | 000,843,358 | ---- | M] () -- C:\windows\SysNative\perfh00A.dat
    [2012/11/25 21:40:54 | 000,749,326 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/11/25 21:40:54 | 000,195,204 | ---- | M] () -- C:\windows\SysNative\perfc00A.dat
    [2012/11/25 21:40:54 | 000,158,006 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/11/25 21:40:53 | 001,945,428 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/11/25 20:46:31 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/11/25 18:32:09 | 000,014,456 | ---- | M] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys
    [2012/11/25 18:11:04 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2012/11/25 17:27:18 | 005,006,177 | R--- | M] (Swearware) -- C:\Users\Barukh\Desktop\ComboFix.exe
    [2012/11/25 15:10:23 | 000,418,314 | ---- | M] () -- C:\Users\Barukh\Documents\Aliyot.pdf
    [2012/11/25 15:05:16 | 000,351,574 | ---- | M] () -- C:\Users\Barukh\Documents\Listado para Rabanim.pdf
    [2012/11/25 15:03:50 | 000,522,832 | ---- | M] () -- C:\Users\Barukh\Documents\Lista para tiulim.pdf
    [2012/11/25 15:02:59 | 000,553,269 | ---- | M] () -- C:\Users\Barukh\Documents\Habitaciones.pdf
    [2012/11/25 15:02:09 | 000,401,786 | ---- | M] () -- C:\Users\Barukh\Documents\Alumnos en activo.pdf
    [2012/11/23 00:48:56 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/22 09:01:14 | 000,000,064 | ---- | M] () -- C:\windows\SysWow64\rp_stats.dat
    [2012/11/22 09:01:14 | 000,000,044 | ---- | M] () -- C:\windows\SysWow64\rp_rules.dat
    [2012/11/16 11:25:47 | 002,777,248 | ---- | M] () -- C:\Users\Barukh\Desktop\Escandalo_en_Bohemia.pdf
    [2012/11/16 03:39:56 | 000,467,064 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2012/11/15 22:05:25 | 000,225,821 | ---- | M] () -- C:\Users\Barukh\Documents\Sherlock Holmes versus Jack the Ripper walkthrough.htm
    [2012/11/15 10:49:12 | 000,314,016 | ---- | M] () -- C:\windows\SysNative\drivers\atksgt.sys
    [2012/11/15 10:49:11 | 000,043,680 | ---- | M] () -- C:\windows\SysNative\drivers\lirsgt.sys
    [2012/11/15 10:48:48 | 000,002,393 | ---- | M] () -- C:\Users\Public\Desktop\Play Sherlock Holmes versus Jack the Ripper.lnk
    [2012/11/13 00:28:47 | 000,001,188 | ---- | M] () -- C:\windows\SysWow64\ServiceConfig.xml
    [2012/11/09 01:44:54 | 000,519,504 | ---- | M] () -- C:\Users\Barukh\Documents\Hora Butxaca.pdf
    [2012/11/08 22:15:44 | 001,780,698 | ---- | M] () -- C:\Users\Barukh\Documents\Horari Butxaca.pdf
    [2012/11/08 17:06:10 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    [2012/11/06 22:30:11 | 000,343,977 | ---- | M] () -- C:\Users\Barukh\Documents\Sherlock Holmes 6 The Testament of Sherlock Holmes walkthrough.htm
    [2012/11/06 15:44:00 | 000,001,399 | ---- | M] () -- C:\Users\Public\Desktop\Jugar a El testamento de Sherlock Holmes.lnk
    [2012/11/04 20:01:23 | 001,378,413 | ---- | M] () -- C:\Users\Barukh\Desktop\Tefilá.pdf
    [2012/11/03 21:09:28 | 000,001,243 | ---- | M] () -- C:\Users\Barukh\Desktop\DVDVideoSoft Free Studio.lnk
    [2012/10/30 15:54:50 | 000,158,952 | ---- | M] () -- C:\Users\Barukh\Documents\Edición propia, impresión de libros y publicación en línea - Lulu.pdf
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    [2 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/11/25 20:46:31 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/11/25 17:54:58 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/11/25 17:54:58 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/11/25 17:54:58 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/11/25 17:54:58 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/11/25 17:54:58 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/11/25 15:10:21 | 000,418,314 | ---- | C] () -- C:\Users\Barukh\Documents\Aliyot.pdf
    [2012/11/25 15:05:15 | 000,351,574 | ---- | C] () -- C:\Users\Barukh\Documents\Listado para Rabanim.pdf
    [2012/11/25 15:03:44 | 000,522,832 | ---- | C] () -- C:\Users\Barukh\Documents\Lista para tiulim.pdf
    [2012/11/25 15:02:58 | 000,553,269 | ---- | C] () -- C:\Users\Barukh\Documents\Habitaciones.pdf
    [2012/11/25 15:02:08 | 000,401,786 | ---- | C] () -- C:\Users\Barukh\Documents\Alumnos en activo.pdf
    [2012/11/23 00:48:56 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/16 11:25:46 | 002,777,248 | ---- | C] () -- C:\Users\Barukh\Desktop\Escandalo_en_Bohemia.pdf
    [2012/11/16 03:16:00 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/11/16 03:02:08 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/11/15 22:05:24 | 000,225,821 | ---- | C] () -- C:\Users\Barukh\Documents\Sherlock Holmes versus Jack the Ripper walkthrough.htm
    [2012/11/15 10:49:12 | 000,314,016 | ---- | C] () -- C:\windows\SysNative\drivers\atksgt.sys
    [2012/11/15 10:49:11 | 000,043,680 | ---- | C] () -- C:\windows\SysNative\drivers\lirsgt.sys
    [2012/11/15 10:48:48 | 000,002,393 | ---- | C] () -- C:\Users\Public\Desktop\Play Sherlock Holmes versus Jack the Ripper.lnk
    [2012/11/13 00:28:47 | 000,001,188 | ---- | C] () -- C:\windows\SysWow64\ServiceConfig.xml
    [2012/11/08 22:15:32 | 001,780,698 | ---- | C] () -- C:\Users\Barukh\Documents\Horari Butxaca.pdf
    [2012/11/06 22:30:08 | 000,343,977 | ---- | C] () -- C:\Users\Barukh\Documents\Sherlock Holmes 6 The Testament of Sherlock Holmes walkthrough.htm
    [2012/11/06 15:44:00 | 000,001,399 | ---- | C] () -- C:\Users\Public\Desktop\Jugar a El testamento de Sherlock Holmes.lnk
    [2012/11/06 15:06:31 | 000,519,504 | ---- | C] () -- C:\Users\Barukh\Documents\Hora Butxaca.pdf
    [2012/11/04 20:01:22 | 001,378,413 | ---- | C] () -- C:\Users\Barukh\Desktop\Tefilá.pdf
    [2012/10/30 15:54:50 | 000,158,952 | ---- | C] () -- C:\Users\Barukh\Documents\Edición propia, impresión de libros y publicación en línea - Lulu.pdf
    [2012/10/24 22:36:06 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
    [2012/09/27 21:08:07 | 000,000,028 | ---- | C] () -- C:\windows\pdf995.ini
    [2012/09/07 07:56:34 | 000,027,520 | ---- | C] () -- C:\Users\Barukh\AppData\Local\dt.dat
    [2012/08/10 11:22:58 | 000,000,132 | ---- | C] () -- C:\Users\Barukh\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012/05/15 01:21:50 | 000,423,744 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe
    [2011/12/25 18:39:30 | 000,897,024 | ---- | C] () -- C:\windows\SysWow64\Dewdes10.exe
    [2011/12/25 18:35:26 | 001,534,568 | ---- | C] () -- C:\Program Files (x86)\wcth_es.lex
    [2011/12/25 18:35:26 | 001,448,061 | ---- | C] () -- C:\Program Files (x86)\wcsin_es.lex
    [2011/12/25 18:35:26 | 000,897,024 | ---- | C] () -- C:\Program Files (x86)\Instalar.exe
    [2011/12/25 18:35:26 | 000,441,394 | ---- | C] () -- C:\Program Files (x86)\wcmed_es.lex
    [2011/12/25 18:35:26 | 000,225,280 | ---- | C] () -- C:\Program Files (x86)\wcwdes05.wll
    [2011/12/25 18:35:26 | 000,143,360 | ---- | C] () -- C:\Program Files (x86)\Updatewcwdes10.exe
    [2011/12/25 18:35:26 | 000,118,448 | ---- | C] () -- C:\Program Files (x86)\wcrec_es.lex
    [2011/12/25 18:35:26 | 000,084,027 | ---- | C] () -- C:\Program Files (x86)\wctop_es.lex
    [2011/12/25 18:35:26 | 000,014,280 | ---- | C] () -- C:\Program Files (x86)\wcinf_es.lex
    [2011/12/25 18:35:26 | 000,004,597 | ---- | C] () -- C:\Program Files (x86)\wcjur_es.lex
    [2011/12/25 18:35:26 | 000,002,648 | ---- | C] () -- C:\Program Files (x86)\Archivos.ini
    [2011/12/25 18:35:26 | 000,000,195 | ---- | C] () -- C:\Program Files (x86)\wccau_es.lex
    [2011/12/25 18:35:26 | 000,000,127 | ---- | C] () -- C:\Program Files (x86)\wcdia_es.lex
    [2011/12/25 18:35:26 | 000,000,031 | ---- | C] () -- C:\Program Files (x86)\wcper_es.lex
    [2011/09/03 19:27:47 | 000,109,216 | ---- | C] () -- C:\windows\SysWow64\EasyHook64.dll
    [2011/09/03 19:27:47 | 000,084,480 | ---- | C] () -- C:\windows\SysWow64\EasyHook32.dll
    [2011/08/05 00:08:17 | 000,000,059 | ---- | C] () -- C:\windows\wpd99.drv
    [2011/08/05 00:08:14 | 000,047,616 | ---- | C] () -- C:\windows\SysWow64\pdf995mon64.dll
    [2011/06/12 07:55:52 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat
    [2011/06/12 07:55:52 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat
    [2011/05/31 07:38:30 | 000,000,008 | ---- | C] () -- C:\windows\SysWow64\PROTOCOL.INI
    [2011/04/28 17:12:15 | 000,005,137 | ---- | C] () -- C:\Users\Barukh\.recently-used.xbel
    [2011/04/12 00:00:23 | 000,000,000 | ---- | C] () -- C:\windows\Nancy Drew 1 Secrets Can Kill.INI
    [2011/03/29 18:12:09 | 000,003,584 | ---- | C] () -- C:\Users\Barukh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/04 19:12:52 | 000,000,129 | ---- | C] () -- C:\Users\Barukh\jagex_runescape_preferences2.dat
    [2011/01/04 19:10:05 | 000,000,035 | ---- | C] () -- C:\Users\Barukh\jagex_runescape_preferences.dat
    [2010/12/20 08:55:58 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
    [2010/12/12 13:49:46 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
    [2010/12/05 00:32:56 | 000,000,024 | ---- | C] () -- C:\windows\SysWow64\sysogg.dll
    [2010/12/05 00:31:56 | 000,233,472 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll
    [2010/12/04 20:08:40 | 000,246,784 | ---- | C] () -- C:\windows\SysWow64\sqlite3.dll
    [2010/12/04 18:35:08 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
    [2010/11/30 22:55:33 | 000,010,240 | ---- | C] () -- C:\windows\SysWow64\virport.dll
    [2010/11/29 20:18:04 | 000,000,051 | ---- | C] () -- C:\windows\SysWow64\systemwindow.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/04/27 10:28:16 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Ahnenblatt
    [2010/09/27 17:29:58 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\ArcSyncConfig
    [2011/04/06 14:13:17 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Artogon
    [2012/01/27 14:07:36 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\AVG2012
    [2012/11/25 20:50:36 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\AVG2013
    [2011/03/26 23:42:55 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Big Fish Games
    [2012/11/09 00:31:37 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\BSplayer
    [2011/01/27 21:52:26 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\BSplayer Pro
    [2011/12/03 23:10:53 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\calibre
    [2011/12/31 22:36:31 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Canon
    [2011/03/20 10:19:59 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\CursedOnboard
    [2012/03/25 10:25:38 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\DAEMON Tools Lite
    [2012/10/22 12:31:46 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Davka Corp
    [2012/01/24 16:33:36 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\DC++
    [2012/03/11 14:13:39 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Doublefine
    [2011/04/27 11:39:25 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Downloaded Installations
    [2012/11/08 20:55:18 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Dropbox
    [2012/11/06 11:15:14 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\DVDVideoSoft
    [2012/09/03 09:35:59 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\DVDVideoSoftIEHelpers
    [2011/03/22 08:05:12 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Elephant Games
    [2012/11/06 16:02:39 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Frogwares
    [2012/11/15 17:07:10 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Games
    [2011/08/25 21:28:53 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\GetRightToGo
    [2012/01/12 14:27:10 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Grammatica
    [2011/04/28 17:12:15 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\gtk-2.0
    [2011/03/18 16:57:33 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\GTM_Bodie
    [2011/03/22 22:13:06 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\GuardiansOfMagic
    [2011/03/24 00:34:36 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\HdO Adventure
    [2011/06/02 12:51:16 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Incognito
    [2012/06/17 13:25:01 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\InfernalBros
    [2011/12/25 18:38:39 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\KuaiZip
    [2011/03/21 20:07:17 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Lost in the City
    [2011/03/21 20:38:55 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Lost in the City - Post scriptum
    [2012/04/05 10:19:15 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Mp3tag
    [2012/06/12 13:41:12 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Nitro PDF
    [2011/04/27 10:54:35 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Opera
    [2012/09/27 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\pdf995
    [2011/03/17 20:51:36 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\PopCapv1002
    [2011/12/13 14:02:08 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Quark
    [2012/07/27 08:29:29 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\QuickScan
    [2011/03/18 12:21:01 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\SpinTop Games
    [2011/08/30 19:06:37 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Systweak
    [2012/04/27 10:48:35 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\The Complete Genealogy Builder
    [2012/04/04 20:04:42 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\The Complete Genealogy Reporter
    [2010/09/27 15:13:58 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Thunderbird
    [2011/03/23 08:45:56 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\TitanicMystery
    [2011/12/12 22:37:22 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Trine2
    [2012/11/25 20:46:31 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\TuneUp Software
    [2011/11/20 17:58:41 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Unity
    [2012/11/28 00:34:49 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\uTorrent
    [2011/03/20 01:53:21 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\Vogat Interactive
    [2012/09/05 13:49:39 | 000,000,000 | ---D | M] -- C:\Users\Barukh\AppData\Roaming\YouSendIt

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2012/11/17 23:24:47 | 000,011,423 | ---- | M] ()(C:\Users\Barukh\Documents\4??????? ??????????? ?.docx) -- C:\Users\Barukh\Documents\4שְׁמַ֖ע יִשְׂרָאֵ֑ל ה.docx
    [2012/11/17 23:24:46 | 000,011,423 | ---- | C] ()(C:\Users\Barukh\Documents\4??????? ??????????? ?.docx) -- C:\Users\Barukh\Documents\4שְׁמַ֖ע יִשְׂרָאֵ֑ל ה.docx
    [2012/11/08 14:27:59 | 000,278,016 | ---- | M] ()(C:\Users\Barukh\Documents\?????? ???????.doc) -- C:\Users\Barukh\Documents\הספריה הספרדית.doc
    [2012/11/08 14:27:58 | 000,278,016 | ---- | C] ()(C:\Users\Barukh\Documents\?????? ???????.doc) -- C:\Users\Barukh\Documents\הספריה הספרדית.doc
    [2012/11/05 16:19:02 | 000,019,451 | ---- | M] ()(C:\Users\Barukh\Documents\?? ???? ??????.docx) -- C:\Users\Barukh\Documents\מי שברך לחולים.docx
    [2012/11/05 00:32:55 | 000,048,640 | ---- | M] ()(C:\Users\Barukh\Documents\? ????? ???????????.doc) -- C:\Users\Barukh\Documents\א שִׁיר הַמַּעֲלוֹת.doc
    [2012/11/05 00:14:32 | 000,019,451 | ---- | C] ()(C:\Users\Barukh\Documents\?? ???? ??????.docx) -- C:\Users\Barukh\Documents\מי שברך לחולים.docx
    [2012/11/04 22:58:22 | 000,048,640 | ---- | C] ()(C:\Users\Barukh\Documents\? ????? ???????????.doc) -- C:\Users\Barukh\Documents\א שִׁיר הַמַּעֲלוֹת.doc
    [2012/10/14 10:37:03 | 000,012,013 | ---- | M] ()(C:\Users\Barukh\Documents\????? ??????.docx) -- C:\Users\Barukh\Documents\חדרים ביברית.docx
    [2012/10/14 10:37:02 | 000,012,013 | ---- | C] ()(C:\Users\Barukh\Documents\????? ??????.docx) -- C:\Users\Barukh\Documents\חדרים ביברית.docx
    [2012/10/14 10:05:09 | 000,005,253 | ---- | M] ()(C:\Users\Barukh\Documents\????? ??????.rtf) -- C:\Users\Barukh\Documents\חדרים ביברית.rtf
    [2012/10/14 10:03:01 | 000,005,253 | ---- | C] ()(C:\Users\Barukh\Documents\????? ??????.rtf) -- C:\Users\Barukh\Documents\חדרים ביברית.rtf
    [2012/10/14 10:02:25 | 000,229,589 | ---- | M] ()(C:\Users\Barukh\Documents\????? ??????.pdf) -- C:\Users\Barukh\Documents\חדרים ביברית.pdf
    [2012/10/14 09:59:35 | 000,229,589 | ---- | C] ()(C:\Users\Barukh\Documents\????? ??????.pdf) -- C:\Users\Barukh\Documents\חדרים ביברית.pdf
    [2012/09/27 19:14:15 | 000,267,889 | ---- | M] ()(C:\Users\Barukh\Documents\???????.pdf) -- C:\Users\Barukh\Documents\כשהיגיע.pdf
    [2012/09/27 19:09:31 | 000,340,992 | ---- | M] ()(C:\Users\Barukh\Documents\???????.doc) -- C:\Users\Barukh\Documents\כשהיגיע.doc
    [2012/09/27 16:06:52 | 000,267,889 | ---- | C] ()(C:\Users\Barukh\Documents\???????.pdf) -- C:\Users\Barukh\Documents\כשהיגיע.pdf
    [2012/09/27 16:06:48 | 000,340,992 | ---- | C] ()(C:\Users\Barukh\Documents\???????.doc) -- C:\Users\Barukh\Documents\כשהיגיע.doc
    [2012/06/15 14:36:53 | 000,148,649 | ---- | M] ()(C:\Users\Barukh\Documents\Filosofía y ética en Maurice Bonduel - Begoña Arrieta Heras - Google ?????.htm) -- C:\Users\Barukh\Documents\Filosofía y ética en Maurice Bonduel - Begoña Arrieta Heras - Google ספרים.htm
    [2012/06/15 14:36:53 | 000,148,649 | ---- | C] ()(C:\Users\Barukh\Documents\Filosofía y ética en Maurice Bonduel - Begoña Arrieta Heras - Google ?????.htm) -- C:\Users\Barukh\Documents\Filosofía y ética en Maurice Bonduel - Begoña Arrieta Heras - Google ספרים.htm
    [2012/06/15 14:36:53 | 000,000,000 | ---D | M](C:\Users\Barukh\Documents\Filosofía y ética en Maurice Bonduel - Begoña Arrieta Heras - Google ?????_files) -- C:\Users\Barukh\Documents\Filosofía y ética en Maurice Bonduel - Begoña Arrieta Heras - Google ספרים_files
    [2012/06/15 14:36:53 | 000,000,000 | ---D | C](C:\Users\Barukh\Documents\Filosofía y ética en Maurice Bonduel - Begoña Arrieta Heras - Google ?????_files) -- C:\Users\Barukh\Documents\Filosofía y ética en Maurice Bonduel - Begoña Arrieta Heras - Google ספרים_files
    [2012/03/29 20:40:36 | 000,117,542 | ---- | M] ()(C:\Users\Barukh\Documents\The People and Its Land - Simha Kling - Google ?????.htm) -- C:\Users\Barukh\Documents\The People and Its Land - Simha Kling - Google ספרים.htm
    [2012/03/29 20:40:36 | 000,000,000 | ---D | M](C:\Users\Barukh\Documents\The People and Its Land - Simha Kling - Google ?????_files) -- C:\Users\Barukh\Documents\The People and Its Land - Simha Kling - Google ספרים_files
    [2012/03/29 20:40:36 | 000,000,000 | ---D | C](C:\Users\Barukh\Documents\The People and Its Land - Simha Kling - Google ?????_files) -- C:\Users\Barukh\Documents\The People and Its Land - Simha Kling - Google ספרים_files
    [2012/03/29 20:40:35 | 000,117,542 | ---- | C] ()(C:\Users\Barukh\Documents\The People and Its Land - Simha Kling - Google ?????.htm) -- C:\Users\Barukh\Documents\The People and Its Land - Simha Kling - Google ספרים.htm
    [2011/09/05 21:06:07 | 000,011,271 | ---- | M] ()(C:\Users\Barukh\Documents\????? ????????.docx) -- C:\Users\Barukh\Documents\פּרֶק רִאשׁוֹן.docx
    [2011/09/05 21:06:07 | 000,011,271 | ---- | C] ()(C:\Users\Barukh\Documents\????? ????????.docx) -- C:\Users\Barukh\Documents\פּרֶק רִאשׁוֹן.docx
    [2011/07/06 17:09:14 | 000,026,591 | ---- | M] ()(C:\Users\Barukh\Documents\?????1.docx) -- C:\Users\Barukh\Documents\קדושה1.docx
    [2011/07/06 17:09:14 | 000,026,591 | ---- | C] ()(C:\Users\Barukh\Documents\?????1.docx) -- C:\Users\Barukh\Documents\קדושה1.docx
    [2011/07/04 23:22:59 | 000,022,642 | ---- | M] ()(C:\Users\Barukh\Documents\?????.docx) -- C:\Users\Barukh\Documents\קדושה.docx
    [2011/07/04 23:22:58 | 000,022,642 | ---- | C] ()(C:\Users\Barukh\Documents\?????.docx) -- C:\Users\Barukh\Documents\קדושה.docx
    [2011/03/25 11:23:07 | 000,014,970 | ---- | M] ()(C:\Users\Barukh\Documents\??????.docx) -- C:\Users\Barukh\Documents\זהירות.docx
    [2011/03/24 14:41:55 | 000,014,970 | ---- | C] ()(C:\Users\Barukh\Documents\??????.docx) -- C:\Users\Barukh\Documents\זהירות.docx
    [2010/12/11 21:02:47 | 000,057,501 | ---- | M] ()(C:\Users\Barukh\Documents\????? ?????.docx) -- C:\Users\Barukh\Documents\רשימת שירים.docx
    [2010/12/11 21:02:47 | 000,057,501 | ---- | C] ()(C:\Users\Barukh\Documents\????? ?????.docx) -- C:\Users\Barukh\Documents\רשימת שירים.docx
    [2010/11/30 21:10:15 | 000,012,314 | ---- | M] ()(C:\Users\Barukh\Documents\???????? ???????? ??????? ???????.docx) -- C:\Users\Barukh\Documents\בָּרוּךְ שֶׁאָמַר וְהָיָה הָעולָם.docx
    [2010/11/30 21:10:14 | 000,012,314 | ---- | C] ()(C:\Users\Barukh\Documents\???????? ???????? ??????? ???????.docx) -- C:\Users\Barukh\Documents\בָּרוּךְ שֶׁאָמַר וְהָיָה הָעולָם.docx
    [2010/11/15 20:27:50 | 000,027,648 | ---- | M] ()(C:\Users\Barukh\Documents\???? Noemi Cohen Traduccion.doc) -- C:\Users\Barukh\Documents\מכתב Noemi Cohen Traduccion.doc
    [2010/11/14 19:14:05 | 000,027,648 | ---- | C] ()(C:\Users\Barukh\Documents\???? Noemi Cohen Traduccion.doc) -- C:\Users\Barukh\Documents\מכתב Noemi Cohen Traduccion.doc
    [2010/11/13 18:57:24 | 000,075,776 | ---- | M] ()(C:\Users\Barukh\Documents\???? Rav bar Hen.doc) -- C:\Users\Barukh\Documents\מכתב Rav bar Hen.doc
    [2010/11/12 14:22:25 | 000,026,624 | ---- | M] ()(C:\Users\Barukh\Documents\????.doc) -- C:\Users\Barukh\Documents\מכתב.doc
    [2010/11/12 14:22:24 | 000,026,624 | ---- | C] ()(C:\Users\Barukh\Documents\????.doc) -- C:\Users\Barukh\Documents\מכתב.doc
    [2010/11/12 14:22:00 | 000,406,778 | ---- | M] ()(C:\Users\Barukh\Documents\???? Noemi Cohen.pdf) -- C:\Users\Barukh\Documents\מכתב Noemi Cohen.pdf
    [2010/11/12 14:22:00 | 000,406,778 | ---- | C] ()(C:\Users\Barukh\Documents\???? Noemi Cohen.pdf) -- C:\Users\Barukh\Documents\מכתב Noemi Cohen.pdf
    [2010/11/12 14:20:45 | 000,075,776 | ---- | C] ()(C:\Users\Barukh\Documents\???? Rav bar Hen.doc) -- C:\Users\Barukh\Documents\מכתב Rav bar Hen.doc
    [2010/11/12 14:11:26 | 000,043,899 | ---- | M] ()(C:\Users\Barukh\Documents\???? ??????.rtf) -- C:\Users\Barukh\Documents\ברוך ברבנות.rtf
    [2010/11/12 10:20:32 | 000,043,899 | ---- | C] ()(C:\Users\Barukh\Documents\???? ??????.rtf) -- C:\Users\Barukh\Documents\ברוך ברבנות.rtf
    [2010/11/08 22:05:42 | 000,281,570 | ---- | M] ()(C:\Users\Barukh\Documents\???? Oded Lida.pdf) -- C:\Users\Barukh\Documents\מכתב Oded Lida.pdf
    [2010/11/08 22:05:42 | 000,281,570 | ---- | C] ()(C:\Users\Barukh\Documents\???? Oded Lida.pdf) -- C:\Users\Barukh\Documents\מכתב Oded Lida.pdf

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:A7CF0BEA
    @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5A0DD071
    @Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:8E5EA40F
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:82A3B721
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:689AB7E9
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:C30487EE
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D31BE97C
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:2B11E0DF
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:1B389835
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:260575F1
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:553CA6CA
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:4673E9EA
    < End of report >
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    Pthreadgc2.dll llooks like some codec.
    It doesn't appear to be Windows file.
    Are you using regular Windows screensaver?

    ===============================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
      DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
      IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.lavasoft.com/?so...1A0C9938D67DBFA00C4650B247B0DF&q={searchTerms}
      IE - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat File not found
      O4 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003..\Run: [Akamai NetSession Interface] "C:\Users\Barukh\AppData\Local\Akamai\netsession_win.exe" File not found
      O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
      O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
      O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
      O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
      O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
      O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
      O15 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..Trusted Domains: clonewarsadventures.com ([]* in Sitios de confianza)
      O15 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..Trusted Domains: freerealms.com ([]* in Sitios de confianza)
      O15 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..Trusted Domains: soe.com ([]* in Sitios de confianza)
      O15 - HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\..Trusted Domains: sony.com ([]* in Sitios de confianza)
      @Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:A7CF0BEA
      @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5A0DD071
      @Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:8E5EA40F
      @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:82A3B721
      @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:689AB7E9
      @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:C30487EE
      @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D31BE97C
      @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:2B11E0DF
      @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:1B389835
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:260575F1
      @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:553CA6CA
      @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:4673E9EA
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =====================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. Baruch

    Baruch TS Rookie Topic Starter Posts: 35

    >Pthreadgc2.dll llooks like some codec.
    >It doesn't appear to be Windows file.
    >Are you using regular Windows screensaver?

    I use electric sheep screensaver, should I un/re-install it?
     
  14. Baruch

    Baruch TS Rookie Topic Starter Posts: 35

    All processes killed
    ========== OTL ==========
    Service SASKUTIL stopped successfully!
    Service SASKUTIL deleted successfully!
    File C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS not found.
    Service SASDIFSV stopped successfully!
    Service SASDIFSV deleted successfully!
    File C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS not found.
    Registry key HKEY_USERS\S-1-5-21-1373113754-2393914652-2236859404-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
    HKU\S-1-5-21-1373113754-2393914652-2236859404-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1373113754-2393914652-2236859404-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportar a Microsoft Excel\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportar a Microsoft Excel\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1373113754-2393914652-2236859404-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1373113754-2393914652-2236859404-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1373113754-2393914652-2236859404-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1373113754-2393914652-2236859404-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    ADS C:\ProgramData\Temp:A7CF0BEA deleted successfully.
    ADS C:\ProgramData\Temp:5A0DD071 deleted successfully.
    ADS C:\ProgramData\Temp:8E5EA40F deleted successfully.
    ADS C:\ProgramData\Temp:82A3B721 deleted successfully.
    ADS C:\ProgramData\Temp:689AB7E9 deleted successfully.
    ADS C:\ProgramData\Temp:C30487EE deleted successfully.
    ADS C:\ProgramData\Temp:D31BE97C deleted successfully.
    ADS C:\ProgramData\Temp:2B11E0DF deleted successfully.
    ADS C:\ProgramData\Temp:1B389835 deleted successfully.
    ADS C:\ProgramData\Temp:260575F1 deleted successfully.
    ADS C:\ProgramData\Temp:553CA6CA deleted successfully.
    ADS C:\ProgramData\Temp:4673E9EA deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Barukh
    ->Temp folder emptied: 1359152 bytes
    ->Temporary Internet Files folder emptied: 17058213 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 47696037 bytes
    ->Google Chrome cache emptied: 396737462 bytes
    ->Flash cache emptied: 755 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56468 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 200704 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 29316174 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50606 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 470,00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Barukh
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Barukh
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11292012_003614
    Files\Folders moved on Reboot...
    File\Folder C:\Users\Barukh\AppData\Local\Temp\A9R1a38-2040b42 not found!
    C:\Users\Barukh\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
    File\Folder C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{C53B97A4-FD19-41AD-BCAB-324109F13C7C}.tmp not found!
    File\Folder C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0852E120-7E92-4E53-877B-D8280150E2D6}.tmp not found!
    File\Folder C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{27D24943-C4FB-43DE-B3C2-D86A23990016}.tmp not found!
    File\Folder C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{43D4CEF9-EC67-4761-AE66-3ED2B2354F3A}.tmp not found!
    File\Folder C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{46C46197-250A-4742-923B-E41ACF491522}.tmp not found!
    File\Folder C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7B5C8634-1269-471E-B6E6-B00EC1EA0B28}.tmp not found!
    File\Folder C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{933AA929-9091-4A34-8554-16CE8C1E08AE}.tmp not found!
    File\Folder C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E5A51B32-B2FA-4D03-B868-86FB75646A82}.tmp not found!
    File\Folder C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FE95B5B0-AEE8-41B9-9405-9368F704952D}.tmp not found!
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6LR7D51\load[3].js moved successfully.
    File move failed. C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6LR7D51\m;ctx=4_320_m;ctx=3_170_m;ctx=3_159_m;ctx=3_171_m;ctx=2_428_m;ctx=2_78_m;ctx=6_1198_l;ips=none;ppos=btf;kw=;tile=4;sz=600x300;ord=9250806457996554;an=;bu=;br=[1].js scheduled to be moved on reboot.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6LR7D51\Special_BannerRandom[3].js moved successfully.
    File\Folder C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGDU8LRM\chunk[1].js not found!
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4189WNAV\Special_BannerRandom[2].js moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  15. Baruch

    Baruch TS Rookie Topic Starter Posts: 35

    Results of screen317's Security Check version 0.99.56
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    AVG Anti-Virus Free Edition 2013
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    McAfee SiteAdvisor
    Malwarebytes Anti-Malware versión 1.65.1.1000
    Java(TM) 6 Update 37
    Java version out of Date!
    Adobe Flash Player 11.4.402.287 Flash Player out of Date!
    Mozilla Firefox (3.6.21) Firefox out of Date!
    Mozilla Thunderbird 16.0.2 Thunderbird out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    Google Chrome 23.0.1271.91
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    AVG avgwdsvc.exe
    Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  16. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    Yes.
     
  17. Baruch

    Baruch TS Rookie Topic Starter Posts: 35

    Farbar Service Scanner Version: 09-11-2012
    Ran by Barukh (administrator) on 29-11-2012 at 00:58:11
    Running from "C:\Users\Barukh\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-11-15 20:40] - [2012-10-03 19:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  18. Baruch

    Baruch TS Rookie Topic Starter Posts: 35

    ESET results:
    C:\Users\Barukh\Downloads\SoftonicDownloader_para_free-screen-capturer.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
     
  19. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    Update Adobe Flash Player
    Download for Internet Explorer: http://www.filehippo.com/download_flashplayer_ie_64/
    Download for Firefox, Opera and other Gecko-based browsers: http://www.filehippo.com/download_flashplayer_firefox_64/

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    =================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ========================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
     
  20. Baruch

    Baruch TS Rookie Topic Starter Posts: 35

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Barukh
    ->Temp folder emptied: 17775995 bytes
    ->Temporary Internet Files folder emptied: 18392126 bytes
    ->Java cache emptied: 1880 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 345949582 bytes
    ->Flash cache emptied: 726 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4122 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 364,00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Barukh
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Barukh
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0,00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 11292012_231655
    Files\Folders moved on Reboot...
    File\Folder C:\Users\Barukh\AppData\Local\Temp\etilqs_lXPz25FwgShgzw1 not found!
    File\Folder C:\Users\Barukh\AppData\Local\Temp\etilqs_P6ysz9A6xttWrl0 not found!
    File\Folder C:\Users\Barukh\AppData\Local\Temp\etilqs_Qh5KCEV4Chx1GDD not found!
    File\Folder C:\Users\Barukh\AppData\Local\Temp\etilqs_slmjtlY9obN6IV5 not found!
    File\Folder C:\Users\Barukh\AppData\Local\Temp\etilqs_VthsvkXaG8ZTx1k not found!
    C:\Users\Barukh\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHER0AJ7\chunkCA8PUR3F.js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHER0AJ7\chunkCA8QNCVK.js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHER0AJ7\chunkCAA46O6X.js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHER0AJ7\chunk[10].js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHER0AJ7\chunk[11].js moved successfully.
    File move failed. C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHER0AJ7\m;ctx=4_320_m;ctx=3_170_m;ctx=3_159_m;ctx=3_171_m;ctx=2_428_m;ctx=2_78_m;ctx=6_1198_l;ips=none;ppos=btf;kw=;tile=4;sz=600x300;ord=7543248835460046;an=;bu=;br=[1].js scheduled to be moved on reboot.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHER0AJ7\ping[4].js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHER0AJ7\rt[2].js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHER0AJ7\si[1].htm moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S16ZPWZV\another-case-of-win64-patched-a-trojan[2].htm moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S16ZPWZV\chunk[10].js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S16ZPWZV\context[1].js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S16ZPWZV\load[6].js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S16ZPWZV\ping[1].htm moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S16ZPWZV\rt[2].js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S16ZPWZV\xd_arbiter[4].htm moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LNLKRRFC\advert[1].js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LNLKRRFC\chunk[6].js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LNLKRRFC\chunk[7].js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LNLKRRFC\chunk[8].js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LNLKRRFC\page-3[1].htm moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LNLKRRFC\ping[1].htm moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LNLKRRFC\ping[2].js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LNLKRRFC\xd_arbiter[1].htm moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LNLKRRFC\xd_arbiter[2].htm moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JUG8HET\ads[2].htm moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JUG8HET\ads[3].htm moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JUG8HET\ads[4].htm moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JUG8HET\al[2].js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JUG8HET\al[3].js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JUG8HET\chunk[8].js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JUG8HET\chunk[9].js moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JUG8HET\comScore[1].htm moved successfully.
    C:\Users\Barukh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JUG8HET\load[2].js moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  21. Baruch

    Baruch TS Rookie Topic Starter Posts: 35

    I followed all your last post instructions, un&re-installed screensaver, everything works fine, fast and smooth. All the recommended programs and the week rutine are really great. Huge thanks for all the great professional help you gave me!
     
  22. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    Way to go!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.