[Solved] System Check malware\virus

somebla · Feb 1, 2012

the computer is much better,
i'm trying not to work on it until i get rid of this virus so i dont know if it's all better..

OTL file:
OTL logfile created on: 01/02/2012 21:15:51 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Shimon Nahum\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 58.17% Memory free
7.60 Gb Paging File | 5.81 Gb Available in Paging File | 76.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 170.78 Gb Free Space | 60.27% Space Free | Partition Type: NTFS
Drive D: | 63.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SHIMONNAHUM-PC | User Name: Shimon Nahum | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/01 21:14:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Shimon Nahum\Downloads\OTL.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/03 19:33:47 | 000,347,008 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\GameXN\GameXNGO.exe
PRC - [2011/10/15 00:32:40 | 005,480,232 | ---- | M] () -- C:\ProgramData\Yes Streamer\MediaServer.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/24 06:12:14 | 000,606,208 | ---- | M] (The Chromium Authors) -- C:\ProgramData\Yes Streamer\berkelium.exe
PRC - [2010/07/15 11:07:14 | 000,323,664 | ---- | M] (Athena Smartcard Solutions) -- C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/17 23:37:16 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/17 23:34:12 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/12/29 23:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/24 00:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/24 00:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/15 10:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
PRC - [2009/10/15 10:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/29 13:03:46 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/06/24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/12 03:28:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 03:35:13 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 03:35:06 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 03:34:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/12 03:34:48 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 03:34:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 03:34:44 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 03:34:39 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/08/19 18:02:04 | 000,313,640 | ---- | M] () -- C:\ProgramData\Yes Streamer\libmp3lame-0.dll
MOD - [2011/08/19 18:01:58 | 004,534,072 | ---- | M] () -- C:\ProgramData\Yes Streamer\avcodec-52.dll
MOD - [2011/08/19 18:01:58 | 000,795,448 | ---- | M] () -- C:\ProgramData\Yes Streamer\avformat-52.dll
MOD - [2011/08/19 18:01:58 | 000,083,768 | ---- | M] () -- C:\ProgramData\Yes Streamer\avutil-50.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/13 03:50:14 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_he_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/10/15 10:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
MOD - [2009/10/15 10:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/10/15 10:10:16 | 000,588,272 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
MOD - [2009/09/28 07:52:34 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/21 18:57:42 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/17 23:29:08 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/03/17 23:27:52 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/02/03 08:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/09/29 13:11:14 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/09/29 13:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/08/03 00:00:30 | 000,148,480 | ---- | M] (Xerox Co., Ltd.) [Auto | Running] -- C:\Program Files\Xerox Office Printing\PrintingScout\XCPWDN.EXE -- (XCPSPWD)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 00:00:30 | 000,337,920 | ---- | M] (Xerox Co., Ltd.) [Auto | Running] -- C:\Program Files\Xerox Office Printing\PrintingScout\XCSDBN.EXE -- (XCPSSDB)
SRV:64bit: - [2009/06/09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/15 00:32:40 | 005,480,232 | ---- | M] () [Auto | Running] -- C:\ProgramData\Yes Streamer\MediaServer.exe -- (YesMediaServer)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/07/08 06:12:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/17 23:37:16 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/17 23:34:12 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/12/24 00:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 02:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 21:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 23:22:00 | 000,069,376 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/21 13:54:07 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/17 23:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/17 23:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/17 23:33:06 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2010/03/17 23:27:14 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 16:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/02/03 08:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/03 08:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/03 08:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/12/17 17:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/29 13:06:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/09/29 13:03:00 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/09/29 12:56:36 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2006/11/01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/12/11 16:21:32 | 000,197,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\WinVd32.sys -- (WinVd32)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7fdcda8a-da42-4109-8467-f91d0d88c59e} - C:\Program Files (x86)\YesStreamerBar\prxtbYes0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {bebc2a28-82ab-4cc7-810e-9a3df7a1970f} - C:\Program Files (x86)\Walla\prxtbWal0.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-559488134-2913140368-3833694856-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
IE - HKU\S-1-5-21-559488134-2913140368-3833694856-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.co.il/cse?cx=partner-pub-1045670103905278:twd9k5-6qt8&ie=ISO-8859-8-I&q=&sa=
IE - HKU\S-1-5-21-559488134-2913140368-3833694856-1000\..\URLSearchHook: {7fdcda8a-da42-4109-8467-f91d0d88c59e} - C:\Program Files (x86)\YesStreamerBar\prxtbYes0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-559488134-2913140368-3833694856-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-559488134-2913140368-3833694856-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "mako LIVE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2365378&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://events.walla.co.il/WidgetEvent.asp?l=Toolbar.&event_type=22&DIvName=defaultHomepage&url=http://www.walla.co.il"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {d45171f3-7da8-4d5a-8257-bcb94b9092aa}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bebc2a28-82ab-4cc7-810e-9a3df7a1970f}:3.5.0.12
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=403&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/24 10:01:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/25 11:56:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/30 19:16:36 | 000,000,000 | ---D | M]

[2010/08/25 17:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Extensions
[2012/02/01 02:42:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Firefox\Profiles\ux35p2ep.default\extensions
[2012/01/10 14:10:21 | 000,000,000 | ---D | M] (YesStreamerBar Community Toolbar) -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Firefox\Profiles\ux35p2ep.default\extensions\{7fdcda8a-da42-4109-8467-f91d0d88c59e}
[2012/01/11 14:07:26 | 000,000,000 | ---D | M] (Walla Community Toolbar) -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Firefox\Profiles\ux35p2ep.default\extensions\{bebc2a28-82ab-4cc7-810e-9a3df7a1970f}
[2012/01/11 14:07:27 | 000,000,000 | ---D | M] (mako LIVE Community Toolbar) -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Firefox\Profiles\ux35p2ep.default\extensions\{d45171f3-7da8-4d5a-8257-bcb94b9092aa}
[2010/11/25 14:58:00 | 000,000,921 | ---- | M] () -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Firefox\Profiles\ux35p2ep.default\searchplugins\conduit.xml
[2011/12/01 22:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\SHIMON NAHUM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX35P2EP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/24 10:01:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/10 18:23:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/10/19 00:47:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/24 10:01:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Shimon Nahum\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: \u05D7\u05D9\u05E4\u05D5\u05E9 Google = C:\Users\Shimon Nahum\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Walla = C:\Users\Shimon Nahum\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfjhiccppafcjicfalobggnophliocpp\2.2.0.5_1\
CHR - Extension: Gmail = C:\Users\Shimon Nahum\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/02/01 12:38:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {54B02808-B60E-44CD-A72D-9865117E4E62} - No CLSID value found.
O2 - BHO: (AGFormHelperObj Class) - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files (x86)\agat\AGForm\AGFormsHelper.dll (Agat software solutions)
O2 - BHO: (YesStreamerBar Toolbar) - {7fdcda8a-da42-4109-8467-f91d0d88c59e} - C:\Program Files (x86)\YesStreamerBar\prxtbYes0.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Walla Toolbar) - {bebc2a28-82ab-4cc7-810e-9a3df7a1970f} - C:\Program Files (x86)\Walla\prxtbWal0.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (YesStreamerBar Toolbar) - {7fdcda8a-da42-4109-8467-f91d0d88c59e} - C:\Program Files (x86)\YesStreamerBar\prxtbYes0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Walla Toolbar) - {bebc2a28-82ab-4cc7-810e-9a3df7a1970f} - C:\Program Files (x86)\Walla\prxtbWal0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-559488134-2913140368-3833694856-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-559488134-2913140368-3833694856-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-559488134-2913140368-3833694856-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-559488134-2913140368-3833694856-1000\..\Toolbar\WebBrowser: (YesStreamerBar Toolbar) - {7FDCDA8A-DA42-4109-8467-F91D0D88C59E} - C:\Program Files (x86)\YesStreamerBar\prxtbYes0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-559488134-2913140368-3833694856-1000\..\Toolbar\WebBrowser: (Walla Toolbar) - {BEBC2A28-82AB-4CC7-810E-9A3DF7A1970F} - C:\Program Files (x86)\Walla\prxtbWal0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [XCPSPSP] C:\Program Files\Xerox Office Printing\PrintingScout\XCPSPZ.EXE (Xerox Co., Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IDProtect Monitor] C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (Athena Smartcard Solutions)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-559488134-2913140368-3833694856-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-559488134-2913140368-3833694856-1000..\Run: [GameXN] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKU\S-1-5-21-559488134-2913140368-3833694856-1000..\Run: [GameXN (news)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKU\S-1-5-21-559488134-2913140368-3833694856-1000..\Run: [GameXN (update)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-559488134-2913140368-3833694856-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-559488134-2913140368-3833694856-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-559488134-2913140368-3833694856-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-559488134-2913140368-3833694856-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &ייצוא אל Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: &ייצוא אל Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: שלח אל OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ש&לח אל OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.117.235.236 192.117.235.237
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B78B923D-7972-4320-9B07-DCE1B2EA0A72}: DhcpNameServer = 192.168.1.1 192.117.235.236 192.117.235.237
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4188ABF-FC0E-4DF8-B02F-B9759D2965EA}: DhcpNameServer = 10.170.9.73 10.170.9.74
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-559488134-2913140368-3833694856-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

somebla · Feb 1, 2012

[2012/02/01 21:11:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/01 12:36:15 | 000,000,000 | ---D | C] -- C:\found.001
[2012/02/01 12:19:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/01 12:19:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/01 12:19:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/01 12:19:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/01 12:19:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/01 12:15:40 | 004,395,075 | R--- | C] (Swearware) -- C:\Users\Shimon Nahum\Desktop\ComboFix.exe
[2012/01/30 19:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/01/30 19:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/01/30 16:51:37 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Roaming\Malwarebytes
[2012/01/30 16:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/30 16:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/30 16:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/30 15:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/26 11:05:12 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{385CB147-4ED0-4B3E-91E1-C63719B0EA8E}
[2012/01/26 11:04:59 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{80D0F6CB-049D-477D-A5A8-96C1F5F649F0}
[2012/01/25 18:53:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/01/25 18:49:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/25 18:49:30 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/25 16:19:38 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{FF5EB528-A96C-42B9-BF92-96D4EB11D97C}
[2012/01/25 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{F2FDCA97-C4F8-4FB3-B25E-D4F88FF1C617}
[2012/01/25 15:15:04 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{FF6F8596-6D79-4233-9E01-42DB8260895A}
[2012/01/25 12:27:01 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Roaming\dll-files.com
[2012/01/25 12:26:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files.com Fixer
[2012/01/25 12:26:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dll-Files.com Fixer
[2012/01/25 11:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/01/25 11:56:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/01/19 22:50:23 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{EA7EE3EC-908A-4570-AE3E-6CFC2DE79207}
[2012/01/19 22:50:10 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{4E5D4691-1E21-46A9-989A-6929CAE5D0D2}
[2012/01/15 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{DF17F912-0C01-461D-8726-809D028816EE}
[2012/01/15 12:35:14 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{AB3147E7-CFAD-481A-BB40-E664A3CB217F}
[2012/01/11 02:03:09 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Geeks Ltd
[2012/01/11 02:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Geeks Ltd
[2012/01/10 01:42:27 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICEOWS
[2012/01/10 01:42:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ShellExt
[2012/01/10 01:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICEOWS
[2012/01/10 01:26:03 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/01/06 21:22:53 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{3D26B337-A7F1-496D-92D7-CBC723B22405}
[2012/01/06 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{06428AC0-9562-48B7-B81F-18681FF55692}
[2012/01/06 21:19:43 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{0F2C2692-2BEA-4995-BD34-7D8B91ACA9D6}
[2012/01/06 21:19:27 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{3B745707-582B-491A-84A5-400CB1B2835D}
[2012/01/06 21:18:57 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{47FC7888-4BE4-4C17-91E8-A9C33D0B2A27}
[2012/01/06 21:18:44 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{75C9B3B5-9EA8-40B8-97AC-E89C38D02A4D}
[2012/01/04 02:19:56 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{7C5E17DF-8727-40CD-AE62-564B6916B252}
[2012/01/04 02:19:43 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{E969CEDE-8F46-413D-A983-A7211A239A9C}
[2012/01/04 02:13:42 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{9080D431-CE12-4570-99EB-E3789C2AE9AF}
[2012/01/04 02:13:28 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{B8967CEB-F807-4A7A-94FA-C08E765F203D}
[2012/01/03 12:50:18 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{0D9D3129-5BE4-495A-B3FA-C220B8AB3D4C}
[2012/01/03 12:50:02 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{46A3B052-6164-44CC-B283-61F0FDD934DE}
[4 C:\Users\Shimon Nahum\AppData\Local\*.tmp files -> C:\Users\Shimon Nahum\AppData\Local\*.tmp -> ]
[2 C:\Users\Shimon Nahum\Desktop\*.tmp files -> C:\Users\Shimon Nahum\Desktop\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/01 21:19:35 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 21:19:35 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 21:18:41 | 001,153,046 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/01 21:18:41 | 000,627,226 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/01 21:18:41 | 000,364,172 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2012/02/01 21:18:41 | 000,107,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/01 21:18:41 | 000,070,250 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2012/02/01 21:11:56 | 000,002,818 | ---- | M] () -- C:\Windows\SysWow64\tversity.cookies
[2012/02/01 21:11:55 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/01 21:11:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/01 21:11:30 | 3062,804,480 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/01 12:50:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559488134-2913140368-3833694856-1004UA.job
[2012/02/01 12:38:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/01 12:37:11 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
[2012/02/01 12:15:52 | 004,395,075 | R--- | M] (Swearware) -- C:\Users\Shimon Nahum\Desktop\ComboFix.exe
[2012/02/01 04:07:35 | 000,000,512 | ---- | M] () -- C:\Users\Shimon Nahum\Desktop\MBR.dat
[2012/02/01 03:51:04 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/30 16:51:27 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/30 14:50:03 | 000,000,679 | ---- | M] () -- C:\Users\Shimon Nahum\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/30 10:50:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559488134-2913140368-3833694856-1004Core.job
[2012/01/26 09:56:55 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/25 18:42:37 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2012/01/25 12:26:53 | 000,002,014 | ---- | M] () -- C:\Users\Shimon Nahum\Application Data\Microsoft\Internet Explorer\Quick Launch\DLL-Files.com FIXER.lnk
[2012/01/25 11:56:19 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/10 01:42:26 | 000,000,018 | ---- | M] () -- C:\Windows\Winzip32.ini
[4 C:\Users\Shimon Nahum\AppData\Local\*.tmp files -> C:\Users\Shimon Nahum\AppData\Local\*.tmp -> ]
[2 C:\Users\Shimon Nahum\Desktop\*.tmp files -> C:\Users\Shimon Nahum\Desktop\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========
[2012/02/01 12:37:11 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat
[2012/02/01 12:27:12 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/02/01 12:27:12 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader 2.lnk
[2012/02/01 12:27:12 | 000,002,468 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/02/01 12:27:12 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/01 12:27:12 | 000,002,084 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
[2012/02/01 12:27:12 | 000,001,448 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/02/01 12:27:12 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/02/01 12:27:12 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/02/01 12:27:12 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/02/01 12:27:12 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/02/01 12:27:12 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/02/01 12:27:12 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/02/01 12:27:12 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/02/01 12:27:12 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/02/01 12:27:12 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/01 12:27:11 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/01 12:27:11 | 000,002,342 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/01 12:27:11 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/02/01 12:27:11 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Nitro PDF Reader.lnk
[2012/02/01 12:27:11 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/01 12:27:11 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/01 12:27:11 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/01 12:27:11 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/02/01 12:27:11 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk
[2012/02/01 12:27:11 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\Biztrade.lnk
[2012/02/01 12:19:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/01 12:19:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/01 12:19:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/01 12:19:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/01 12:19:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/01 04:07:35 | 000,000,512 | ---- | C] () -- C:\Users\Shimon Nahum\Desktop\MBR.dat
[2012/01/30 16:51:27 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/30 14:50:03 | 000,000,679 | ---- | C] () -- C:\Users\Shimon Nahum\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/30 11:09:54 | 000,001,547 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/25 12:27:04 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2012/01/25 12:26:53 | 000,002,014 | ---- | C] () -- C:\Users\Shimon Nahum\Application Data\Microsoft\Internet Explorer\Quick Launch\DLL-Files.com FIXER.lnk
[2012/01/25 12:26:52 | 000,039,712 | ---- | C] () -- C:\Windows\SysWow64\asl.dll
[2012/01/10 01:42:26 | 000,000,018 | ---- | C] () -- C:\Windows\Winzip32.ini
[2011/05/27 23:50:04 | 000,000,000 | ---- | C] () -- C:\Users\Shimon Nahum\AppData\Local\{F07C6039-DFA5-40E0-B2E7-291F640B9A38}
[2011/05/10 09:30:27 | 000,000,000 | ---- | C] () -- C:\Users\Shimon Nahum\AppData\Local\{5057C62D-D4FC-4FDD-A5FB-E83E632D91A4}
[2011/03/04 20:24:50 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/02/21 23:50:32 | 000,015,752 | -HS- | C] () -- C:\Users\Shimon Nahum\AppData\Local\3201077253
[2011/02/21 23:50:32 | 000,015,752 | -HS- | C] () -- C:\ProgramData\3201077253
[2010/12/19 02:04:29 | 000,008,297 | ---- | C] () -- C:\Users\Shimon Nahum\AppData\Roaming\UserTile.png
[2010/12/11 16:21:32 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
[2010/12/11 16:21:31 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe
[2010/11/26 20:08:03 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/11/22 21:24:37 | 001,179,512 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/22 00:04:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/15 20:32:56 | 000,004,608 | ---- | C] () -- C:\Users\Shimon Nahum\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/20 11:51:02 | 000,708,688 | ---- | C] () -- C:\Windows\SysWow64\LASERToken.dll
[2010/09/20 11:50:52 | 000,905,296 | ---- | C] () -- C:\Windows\SysWow64\AsepcosToken.dll
[2010/09/20 11:50:36 | 000,745,552 | ---- | C] () -- C:\Windows\SysWow64\CNSToken.dll
[2010/07/28 21:08:46 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/07/28 21:08:44 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/07/08 08:37:28 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/07/08 08:37:28 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/07/08 08:37:28 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/08 08:30:29 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/07/08 08:30:29 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2010/07/08 08:30:29 | 000,000,035 | ---- | C] () -- C:\Windows\DELL_LANGCODE.ini
[2010/07/08 08:30:29 | 000,000,033 | ---- | C] () -- C:\Windows\DELL_OSTYPE.ini
[2010/07/08 08:30:29 | 000,000,032 | ---- | C] () -- C:\Windows\WisHWDest.ini
[2010/07/08 08:30:29 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010/07/08 08:30:29 | 000,000,023 | ---- | C] () -- C:\Windows\WisSysInfo.ini
[2010/07/08 06:20:47 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/08/27 08:31:56 | 000,036,944 | ---- | C] () -- C:\Windows\SysWow64\ASESPR.dll
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 23:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 23:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/08/29 15:05:14 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\aseVCAPIB.dll

========== LOP Check ==========

[2011/03/22 09:39:55 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\Babylon
[2011/02/18 19:34:02 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\Bandoo
[2010/10/14 03:27:47 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\DAEMON Tools Lite
[2012/01/25 12:27:01 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\dll-files.com
[2011/11/03 09:55:50 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\Downloaded Installations
[2010/09/21 14:03:56 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\GHISLER
[2012/02/01 21:12:12 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\go
[2011/03/22 15:10:02 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\Leadertech
[2012/01/29 11:33:18 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\Nitro PDF
[2011/10/10 15:14:09 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\OpenCandy
[2011/07/15 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\RayV
[2012/01/30 15:18:20 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\uTorrent
[2010/09/18 11:38:09 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\WildTangent
[2011/03/17 19:28:59 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\BWMonitor
[2012/01/30 11:09:49 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\dll-files.com
[2010/11/24 00:07:19 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Free Download Manager
[2010/11/22 00:05:20 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\GHISLER
[2011/03/17 19:26:13 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\uTorrent
[2010/11/22 16:04:07 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\WildPackets
[2012/01/25 18:42:37 | 000,000,306 | ---- | M] () -- C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job
[2011/07/03 00:59:25 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/11/24 09:54:27 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/01/30 19:07:50 | 000,008,502 | ---- | M] () -- C:\Attach.txt
[2009/07/14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/04/28 18:27:09 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/02/01 12:37:11 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
[2012/02/01 12:45:28 | 000,033,494 | ---- | M] () -- C:\ComboFix.txt
[2012/01/30 19:07:39 | 000,026,023 | ---- | M] () -- C:\DDS.txt
[2010/07/07 12:43:58 | 000,003,334 | -H-- | M] () -- C:\dell.sdr
[2012/02/01 21:11:30 | 3062,804,480 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/01 21:11:39 | 4083,740,672 | -HS- | M] () -- C:\pagefile.sys
[2010/07/08 06:23:41 | 000,000,166 | -H-- | M] () -- C:\preload.rev
[2011/08/23 08:31:40 | 000,000,195 | ---- | M] () -- C:\Sys_LogWin.log

< %systemroot%\Fonts\*.com >
[2009/07/14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/30 07:03:08 | 000,000,221 | -HS- | M] () -- C:\Users\Shimon Nahum\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/02/01 12:15:52 | 004,395,075 | R--- | M] (Swearware) -- C:\Users\Shimon Nahum\Desktop\ComboFix.exe
[2 C:\Users\Shimon Nahum\Desktop\*.tmp files -> C:\Users\Shimon Nahum\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 23:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/06/30 07:03:07 | 000,000,402 | -HS- | M] () -- C:\Users\Shimon Nahum\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/02/22 12:08:49 | 000,015,752 | -HS- | M] () -- C:\ProgramData\3201077253

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2012/02/01 12:27:11 | 000,000,981 | ---- | C] ()(C:\Users\Public\Desktop\??????.lnk) -- C:\Users\Public\Desktop\מוזיקה.lnk
[2012/01/30 21:11:24 | 000,000,000 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\????? ???? ????.txt) -- C:\Users\Shimon Nahum\Desktop\‫מסמך טקסט ‫חדש.txt
[2012/01/30 21:11:24 | 000,000,000 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\????? ???? ????.txt) -- C:\Users\Shimon Nahum\Desktop\‫מסמך טקסט ‫חדש.txt
[2012/01/29 19:11:09 | 000,091,136 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ???? ????.doc) -- C:\Users\Shimon Nahum\Desktop\דוד גבאי שזור.doc
[2012/01/29 19:11:08 | 000,091,136 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ???? ????.doc) -- C:\Users\Shimon Nahum\Desktop\דוד גבאי שזור.doc
[2012/01/29 19:07:08 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\???? - ?????) -- C:\Users\Shimon Nahum\Desktop\גבאי - מערכת
[2012/01/29 19:06:48 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\???? - ?????) -- C:\Users\Shimon Nahum\Desktop\גבאי - מערכת
[2012/01/29 11:59:33 | 000,347,648 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\???? ?????- ????.doc) -- C:\Users\Shimon Nahum\Desktop\חנות פלאפל- סופי.doc
[2012/01/29 11:59:32 | 000,347,648 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\???? ?????- ????.doc) -- C:\Users\Shimon Nahum\Desktop\חנות פלאפל- סופי.doc
[2012/01/29 11:16:43 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$? ??' ??-?????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ר דר' גד-בדיקה.doc
[2012/01/29 11:16:43 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$? ??' ??-?????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ר דר' גד-בדיקה.doc
[2012/01/29 11:08:55 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$? ??? ???? ?????? - ?????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ת שאן עבדל אלחכים - בדיקה.doc
[2012/01/29 11:08:55 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$? ??? ???? ?????? - ?????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ת שאן עבדל אלחכים - בדיקה.doc
[2012/01/29 11:06:14 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$???? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\~$כסנד מוצקין.doc
[2012/01/29 11:06:14 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$???? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\~$כסנד מוצקין.doc
[2012/01/29 10:59:00 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$? ??? ???.doc) -- C:\Users\Shimon Nahum\Desktop\~$ת שאן סמי.doc
[2012/01/29 10:59:00 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$? ??? ???.doc) -- C:\Users\Shimon Nahum\Desktop\~$ת שאן סמי.doc
[2012/01/28 12:05:14 | 000,302,080 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\????? ??? ??(????.doc) -- C:\Users\Shimon Nahum\Desktop\טבריה זיו קפ(סופי.doc
[2012/01/28 12:05:13 | 000,302,080 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\????? ??? ??(????.doc) -- C:\Users\Shimon Nahum\Desktop\טבריה זיו קפ(סופי.doc
[2012/01/28 11:35:05 | 000,604,160 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ??? ???.doc) -- C:\Users\Shimon Nahum\Desktop\בית שאן ליל.doc
[2012/01/28 11:35:04 | 000,604,160 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ??? ???.doc) -- C:\Users\Shimon Nahum\Desktop\בית שאן ליל.doc
[2012/01/28 10:17:57 | 000,067,072 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ??? ???? ?????? - ?????.doc) -- C:\Users\Shimon Nahum\Desktop\בית שאן עבדל אלחכים - בדיקה.doc
[2012/01/28 09:57:43 | 000,067,072 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ??? ???? ?????? - ?????.doc) -- C:\Users\Shimon Nahum\Desktop\בית שאן עבדל אלחכים - בדיקה.doc
[2012/01/27 23:07:16 | 000,065,024 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\???? ?????? ???? ????.doc) -- C:\Users\Shimon Nahum\Desktop\קרית מוצקין קוגן סמדר.doc
[2012/01/27 22:01:55 | 000,595,968 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ??? ???.doc) -- C:\Users\Shimon Nahum\Desktop\בית שאן סמי.doc
[2012/01/27 20:42:19 | 000,595,968 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ??? ???.doc) -- C:\Users\Shimon Nahum\Desktop\בית שאן סמי.doc
[2012/01/26 14:14:41 | 000,073,216 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ?????.doc) -- C:\Users\Shimon Nahum\Desktop\סקר דוגמה.doc
[2012/01/26 14:14:40 | 000,073,216 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ?????.doc) -- C:\Users\Shimon Nahum\Desktop\סקר דוגמה.doc
[2012/01/26 14:03:40 | 000,208,896 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\????? ??? ?? ?? ????.doc) -- C:\Users\Shimon Nahum\Desktop\תיקון סקר דר דג יוסף.doc
[2012/01/26 14:00:29 | 000,208,896 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\????? ??? ?? ?? ????.doc) -- C:\Users\Shimon Nahum\Desktop\תיקון סקר דר דג יוסף.doc
[2012/01/26 13:48:49 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\?? ??????) -- C:\Users\Shimon Nahum\Desktop\גד תמונות
[2012/01/26 13:48:33 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\?? ??????) -- C:\Users\Shimon Nahum\Desktop\גד תמונות
[2012/01/26 13:44:34 | 000,062,464 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ??' ??-?????.doc) -- C:\Users\Shimon Nahum\Desktop\סקר דר' גד-בדיקה.doc
[2012/01/26 13:44:34 | 000,062,464 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ??' ??-?????.doc) -- C:\Users\Shimon Nahum\Desktop\סקר דר' גד-בדיקה.doc
[2012/01/26 13:23:18 | 000,111,616 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\סקר מריאנה.doc
[2012/01/26 13:19:08 | 000,111,616 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\סקר מריאנה.doc
[2012/01/26 11:34:14 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\??????) -- C:\Users\Shimon Nahum\Desktop\מרינאה
[2012/01/26 11:33:53 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\??????) -- C:\Users\Shimon Nahum\Desktop\מרינאה
[2012/01/26 10:33:11 | 000,064,512 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\?????? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\אלכסנד מוצקין.doc
[2012/01/26 10:33:10 | 000,064,512 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\?????? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\אלכסנד מוצקין.doc
[2012/01/25 19:23:02 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\??????? 1) -- C:\Users\Shimon Nahum\Desktop\צילומים 1
[2012/01/24 14:40:16 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\?????? ????? 7) -- C:\Users\Shimon Nahum\Desktop\תמונות אירוע 7
[2012/01/24 14:40:06 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\?????? ????? 7) -- C:\Users\Shimon Nahum\Desktop\תמונות אירוע 7
[2012/01/22 16:56:37 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\?????? ????? 6) -- C:\Users\Shimon Nahum\Desktop\עוספיה אירוע 6
[2012/01/22 16:56:28 | 000,470,016 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\?????? ????? 7.doc) -- C:\Users\Shimon Nahum\Desktop\עוספיה אירוע 7.doc
[2012/01/22 14:16:30 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$???? ????? 7.doc) -- C:\Users\Shimon Nahum\Desktop\~$ספיה אירוע 7.doc
[2012/01/22 14:16:30 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$???? ????? 7.doc) -- C:\Users\Shimon Nahum\Desktop\~$ספיה אירוע 7.doc
[2012/01/22 14:16:29 | 000,470,016 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\?????? ????? 7.doc) -- C:\Users\Shimon Nahum\Desktop\עוספיה אירוע 7.doc
[2012/01/22 13:30:34 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\?????? ????? 6) -- C:\Users\Shimon Nahum\Desktop\עוספיה אירוע 6
[2012/01/22 13:11:25 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\?????? ????? 5) -- C:\Users\Shimon Nahum\Desktop\עוספיה אירוע 5
[2012/01/22 01:16:34 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\?????? ????? 5) -- C:\Users\Shimon Nahum\Desktop\עוספיה אירוע 5
[2012/01/19 10:36:55 | 002,563,584 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\?-7512863-2.doc) -- C:\Users\Shimon Nahum\Desktop\פ-7512863-2.doc
[2012/01/19 09:54:43 | 002,563,584 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\?-7512863-2.doc) -- C:\Users\Shimon Nahum\Desktop\פ-7512863-2.doc
[2012/01/19 09:43:31 | 000,103,424 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\?????? ??? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\גרגורי בית אליעזר.doc
[2012/01/18 11:42:44 | 000,103,424 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\?????? ??? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\גרגורי בית אליעזר.doc
[2012/01/17 14:48:06 | 000,007,149 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\????? ????? ??.html) -- C:\Users\Shimon Nahum\Desktop\טבריה שמעון רז.html
[2012/01/17 14:48:05 | 000,007,149 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\????? ????? ??.html) -- C:\Users\Shimon Nahum\Desktop\טבריה שמעון רז.html
[2012/01/17 00:27:35 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$?? ???????1111.doc) -- C:\Users\Shimon Nahum\Desktop\~$פח צילומים1111.doc
[2012/01/17 00:27:35 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$?? ???????1111.doc) -- C:\Users\Shimon Nahum\Desktop\~$פח צילומים1111.doc
[2012/01/15 14:46:24 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\????) -- C:\Users\Shimon Nahum\משרד
[2012/01/12 19:09:11 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$??? ??? ????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ריה צור חיים.doc
[2012/01/12 19:09:11 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$??? ??? ????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ריה צור חיים.doc
[2012/01/10 09:05:32 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$?? ?????? ???? ????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ית מוצקין קוגן סמדר.doc
[2012/01/10 09:05:26 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$?? ?????? ???? ????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ית מוצקין קוגן סמדר.doc
[2012/01/10 09:05:25 | 000,065,024 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\???? ?????? ???? ????.doc) -- C:\Users\Shimon Nahum\Desktop\קרית מוצקין קוגן סמדר.doc
[2011/12/26 15:18:05 | 000,029,184 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\???? ???????1111.doc) -- C:\Users\Shimon Nahum\Desktop\נספח צילומים1111.doc
[2011/12/25 12:37:55 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\?????? ?????) -- C:\Users\Shimon Nahum\תמונות למיון
[2011/12/25 09:36:22 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$? ????5.doc) -- C:\Users\Shimon Nahum\Desktop\~$ב עופר5.doc
[2011/12/25 09:36:22 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$? ????5.doc) -- C:\Users\Shimon Nahum\Desktop\~$ב עופר5.doc
[2011/12/15 21:11:09 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$??? ??' ?????? ????.doc) -- C:\Users\Shimon Nahum\Desktop\~$עון דר' מחאמיד יוסף.doc
[2011/12/15 21:11:09 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$??? ??' ?????? ????.doc) -- C:\Users\Shimon Nahum\Desktop\~$עון דר' מחאמיד יוסף.doc
[2011/12/11 13:25:42 | 000,029,184 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\???? ???????1111.doc) -- C:\Users\Shimon Nahum\Desktop\נספח צילומים1111.doc
[2011/12/11 11:26:05 | 000,388,608 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\???? ?? ???.doc) -- C:\Users\Shimon Nahum\Documents\נצרת דר חנא.doc
[2011/12/11 11:26:05 | 000,388,608 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\???? ?? ???.doc) -- C:\Users\Shimon Nahum\Documents\נצרת דר חנא.doc
[2011/12/08 13:36:05 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\??????? 1) -- C:\Users\Shimon Nahum\Desktop\צילומים 1
[2011/11/07 00:51:26 | 000,069,632 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\001 ????? ???? ????- ????? (1).doc) -- C:\Users\Shimon Nahum\Documents\001 אלרנד יורם חיפה- מתוקן (1).doc
[2011/11/07 00:51:26 | 000,069,632 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\001 ????? ???? ????- ????? (1).doc) -- C:\Users\Shimon Nahum\Documents\001 אלרנד יורם חיפה- מתוקן (1).doc
[2011/10/31 19:48:43 | 001,117,184 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\??????? ??? ????.doc) -- C:\Users\Shimon Nahum\Documents\אופטיקה סגל יעקב.doc
[2011/10/31 19:46:58 | 001,117,184 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\??????? ??? ????.doc) -- C:\Users\Shimon Nahum\Documents\אופטיקה סגל יעקב.doc
[2011/10/10 15:15:27 | 000,000,981 | ---- | M] ()(C:\Users\Public\Desktop\??????.lnk) -- C:\Users\Public\Desktop\מוזיקה.lnk
[2011/09/21 22:53:34 | 000,004,101 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\???? ?????.htm) -- C:\Users\Shimon Nahum\Desktop\עינב ביטוח.htm
[2011/09/21 22:53:16 | 000,004,101 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\???? ?????.htm) -- C:\Users\Shimon Nahum\Desktop\עינב ביטוח.htm
[2011/08/18 11:27:10 | 000,458,752 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\?-1301761.doc) -- C:\Users\Shimon Nahum\Documents\ע-1301761.doc
[2011/08/18 11:19:07 | 000,458,752 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\?-1301761.doc) -- C:\Users\Shimon Nahum\Documents\ע-1301761.doc
[2011/07/14 10:44:13 | 000,025,088 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\????? ????? ?- ?-8230427 (???? ????????).xls) -- C:\Users\Shimon Nahum\Documents\גליון עבודה ב- ט-8230427 (נשמר אוטומטית).xls
[2011/07/14 10:44:13 | 000,025,088 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\????? ????? ?- ?-8230427 (???? ????????).xls) -- C:\Users\Shimon Nahum\Documents\גליון עבודה ב- ט-8230427 (נשמר אוטומטית).xls
[2011/06/29 08:59:33 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\????) -- C:\Users\Shimon Nahum\חדרה
[2011/06/21 16:17:40 | 000,164,864 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\?-4658915[1].doc) -- C:\Users\Shimon Nahum\Documents\ע-4658915[1].doc
[2011/06/21 16:17:37 | 000,164,864 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\?-4658915[1].doc) -- C:\Users\Shimon Nahum\Documents\ע-4658915[1].doc
[2011/06/07 09:42:25 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\????? ??) -- C:\Users\Shimon Nahum\אבירם דן
[2011/05/11 13:02:44 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\?????? ???) -- C:\Users\Shimon Nahum\מתכוני מרק
[2011/05/08 12:32:02 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\???? ?????? -????? ???) -- C:\Users\Shimon Nahum\חומר מקצועי -שמאות רכב
[2011/03/24 11:43:12 | 000,279,552 | ---- | M] ()(C:\Users\Shimon Nahum\?-5221023.doc) -- C:\Users\Shimon Nahum\פ-5221023.doc
[2011/03/14 20:42:37 | 000,059,392 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\????? 2.doc) -- C:\Users\Shimon Nahum\Documents\סורדם 2.doc
[2011/03/14 20:41:44 | 000,060,416 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\???.doc) -- C:\Users\Shimon Nahum\Documents\ששש.doc
[2011/03/14 20:40:57 | 000,060,416 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\??22.doc) -- C:\Users\Shimon Nahum\Documents\שש22.doc
[2011/02/18 19:17:31 | 000,062,976 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\0915-???????-?????.doc) -- C:\Users\Shimon Nahum\Documents\0915-ברזילאי-חולתה.doc
[2011/02/18 19:17:29 | 000,062,976 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\0915-???????-?????.doc) -- C:\Users\Shimon Nahum\Documents\0915-ברזילאי-חולתה.doc
[2011/02/16 11:32:49 | 000,060,416 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\??22.doc) -- C:\Users\Shimon Nahum\Documents\שש22.doc
[2011/02/16 11:30:35 | 000,060,416 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\???.doc) -- C:\Users\Shimon Nahum\Documents\ששש.doc
[2011/02/16 11:12:16 | 000,059,392 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\????? 2.doc) -- C:\Users\Shimon Nahum\Documents\סורדם 2.doc
[2011/02/15 12:20:54 | 000,461,961 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\1013-?????? ??? ?????.doc[1].pdf) -- C:\Users\Shimon Nahum\Documents\1013-ציפורי כפר גלעדי.doc[1].pdf
[2011/02/15 12:20:54 | 000,461,961 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\1013-?????? ??? ?????.doc[1].pdf) -- C:\Users\Shimon Nahum\Documents\1013-ציפורי כפר גלעדי.doc[1].pdf
[2011/02/06 11:11:25 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\??????) -- C:\Users\Shimon Nahum\ירדנית
[2010/12/15 02:25:21 | 000,091,722 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\???? ????? ????.pdf) -- C:\Users\Shimon Nahum\Documents\טופס תביעה עופר.pdf
[2010/12/15 02:25:21 | 000,091,722 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\???? ????? ????.pdf) -- C:\Users\Shimon Nahum\Documents\טופס תביעה עופר.pdf
[2010/11/22 00:20:38 | 000,000,000 | ---D | M](C:\Users\????\AppData\Roaming\Microsoft) -- C:\Users\אורח\AppData\Roaming\Microsoft
[2010/09/21 15:26:55 | 000,001,065 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\????.lnk) -- C:\Users\Shimon Nahum\Desktop\משרד.lnk
[2010/09/21 15:26:55 | 000,001,065 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\????.lnk) -- C:\Users\Shimon Nahum\Desktop\משרד.lnk
(C:\Users\Shimon Nahum\??????) -- C:\Users\Shimon Nahum\ירדנית
(C:\Users\Shimon Nahum\?????? ?????) -- C:\Users\Shimon Nahum\תמונות למיון
(C:\Users\Shimon Nahum\?????? ???) -- C:\Users\Shimon Nahum\מתכוני מרק
(C:\Users\Shimon Nahum\????? ??) -- C:\Users\Shimon Nahum\אבירם דן
(C:\Users\Shimon Nahum\????) -- C:\Users\Shimon Nahum\משרד
(C:\Users\Shimon Nahum\????) -- C:\Users\Shimon Nahum\חדרה
(C:\Users\Shimon Nahum\???? ?????? -????? ???) -- C:\Users\Shimon Nahum\חומר מקצועי -שמאות רכב

< End of report >

somebla · Feb 1, 2012

Extras:

OTL Extras logfile created on: 01/02/2012 21:15:51 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Shimon Nahum\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 58.17% Memory free
7.60 Gb Paging File | 5.81 Gb Available in Paging File | 76.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 170.78 Gb Free Space | 60.27% Space Free | Partition Type: NTFS
Drive D: | 63.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SHIMONNAHUM-PC | User Name: Shimon Nahum | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.Shimon Nahum] -- "C:\Users\Shimon Nahum\AppData\Local\Google\Chrome\Application\chrome.exe" -- "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML.Shimon Nahum] -- "C:\Users\Shimon Nahum\AppData\Local\Google\Chrome\Application\chrome.exe" -- "%1"

[HKEY_USERS\S-1-5-21-559488134-2913140368-3833694856-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{4183655A-5FC6-4A23-A804-7764145EC57C}" = ESET NOD32 Antivirus
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hebrew) 2007
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{D12CCBE2-1EC9-41EE-ABF2-D149D05FCE53}" = Nitro PDF Reader 2
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E0BC2FD0-8A6F-40BE-AB4F-C0D09119A00F}" = IDProtect Client 5.25
"{E7FA5B1D-28A8-4D4D-B3BA-F399B24FCB2B}" = Athena ASEDrive x64 2.5.0.0
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"471F4F5A427BACA700FC945E3FED12C36CB23B08" = Windows Driver Package - Athena Smartcard Solutions (ASEDRV3) SmartCardReader (05/20/2007 1.0.4.4)
"7EEAA2FA9CFBC14743C7463B0772A6318B77CCD2" = Windows Driver Package - Athena Smartcard Solutions (ASEDRV3) SmartCardReader (05/20/2007 1.0.4.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CB54110AB781829DFBB81D5C6A543DF8945BAAF2" = Windows Driver Package - Athena Smartcard Solutions (ASEDRV3) SmartCardReader (05/20/2007 1.0.4.4)
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05793354-0E04-4048-81E0-274B91C510EC}" = Xerox PrintingScout
"{07EA4E9F-BD35-4F38-9809-D825B772B833}" = Image Optimizer 3.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{38880887-285F-4260-989B-8B22020D756F}" = E-GOV.IL Sign&Verify Software - AGForm toolbar
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8868E5B0-8CB7-4A6E-B8F9-CC7B9B5EBC11}" = E-Gov Setup Controler
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2007
"{90120000-0015-040D-0000-0000000FF1CE}_ENTERPRISE_{A5B40B57-F7E1-4C88-A3A4-D1E1C07F023F}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2007
"{90120000-0016-040D-0000-0000000FF1CE}_ENTERPRISE_{A5B40B57-F7E1-4C88-A3A4-D1E1C07F023F}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2007
"{90120000-0018-040D-0000-0000000FF1CE}_ENTERPRISE_{A5B40B57-F7E1-4C88-A3A4-D1E1C07F023F}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2007
"{90120000-0019-040D-0000-0000000FF1CE}_ENTERPRISE_{A5B40B57-F7E1-4C88-A3A4-D1E1C07F023F}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2007
"{90120000-001A-040D-0000-0000000FF1CE}_ENTERPRISE_{A5B40B57-F7E1-4C88-A3A4-D1E1C07F023F}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2007
"{90120000-001B-040D-0000-0000000FF1CE}_ENTERPRISE_{A5B40B57-F7E1-4C88-A3A4-D1E1C07F023F}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_ENTERPRISE_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2007
"{90120000-001F-040D-0000-0000000FF1CE}_ENTERPRISE_{D51DB996-6D46-4195-B495-5E96F61A3CB9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-0419-0000-0000000FF1CE}_ENTERPRISE_{57A92C5E-E76A-49CC-9EC2-A7B6CE1255EA}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-040D-1000-0000000FF1CE}_ENTERPRISE_{C4FDF834-B4AF-4B5E-8901-5146204B58CC}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-040D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Hebrew) 2007
"{90120000-0044-040D-0000-0000000FF1CE}_ENTERPRISE_{A5B40B57-F7E1-4C88-A3A4-D1E1C07F023F}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2007
"{90120000-006E-040D-0000-0000000FF1CE}_ENTERPRISE_{C4FDF834-B4AF-4B5E-8901-5146204B58CC}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Hebrew) 2007
"{90120000-00A1-040D-0000-0000000FF1CE}_ENTERPRISE_{A5B40B57-F7E1-4C88-A3A4-D1E1C07F023F}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-040D-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (Hebrew) 2007
"{90120000-0114-040D-0000-0000000FF1CE}_ENTERPRISE_{A5B40B57-F7E1-4C88-A3A4-D1E1C07F023F}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBC019AB-8349-42A2-AF5A-A8B759722E2F}" = Windows Live UX Platform Language Pack
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0BF5B58-9D5A-4014-A4CB-35C096E9AD35}_is1" = Biztrade 4.5.7
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"Dll-Files.com Fixer_is1" = Dll-Files.com Fixer
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"ICEOWS" = Iceows V4.20b
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Totalcmd" = Total Commander (Remove or Repair)
"TVersity Codec Pack" = TVersity Codec Pack 1.7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.7
"Walla Toolbar" = Walla Toolbar
"WildTangent dell Master Uninstall" = WildTangent Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Yes Streamer" = Yes Streamer 1.3Beta
"YesStreamerBar Toolbar" = YesStreamerBar Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-559488134-2913140368-3833694856-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = GameXN GO
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Broni · Feb 1, 2012

Good news

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (no name) - {54B02808-B60E-44CD-A72D-9865117E4E62} - No CLSID value found.
O3 - HKU\S-1-5-21-559488134-2913140368-3833694856-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-559488134-2913140368-3833694856-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: &ייצוא אל Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
[2011/02/21 23:50:32 | 000,015,752 | -HS- | C] () -- C:\Users\Shimon Nahum\AppData\Local\3201077253
[2011/02/21 23:50:32 | 000,015,752 | -HS- | C] () -- C:\ProgramData\3201077253

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Do NOT post JavaRa log.

==============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please, run F-Secure Online Scanner

Disable your Antivirus program.

Checkmark I have read and accepted the license terms.

Click on Run Check button.

Quick scan (recommended) option will come pre-checked. Don't change it.

Click on Start button.

When scan is done, in Step 3: Clean the files, leave all settings as they're.

Click Next button.

Click Full report... button.

Copy report's content and paste it into your next reply.

somebla · Feb 1, 2012

OTL:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54B02808-B60E-44CD-A72D-9865117E4E62}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54B02808-B60E-44CD-A72D-9865117E4E62}\ not found.
Registry value HKEY_USERS\S-1-5-21-559488134-2913140368-3833694856-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry value HKEY_USERS\S-1-5-21-559488134-2913140368-3833694856-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&ייצוא אל Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
C:\Users\Shimon Nahum\AppData\Local\3201077253 moved successfully.
C:\ProgramData\3201077253 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Shimon Nahum
->Temp folder emptied: 14665 bytes
->Temporary Internet Files folder emptied: 234258553 bytes
->Java cache emptied: 792269 bytes
->FireFox cache emptied: 49347079 bytes
->Google Chrome cache emptied: 185494802 bytes
->Flash cache emptied: 172553 bytes

User: Test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 5763 bytes

User: אורח
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24294762 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68485 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 472.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Shimon Nahum
->Java cache emptied: 0 bytes

User: Test

User: אורח

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Shimon Nahum
->Flash cache emptied: 0 bytes

User: Test
->Flash cache emptied: 0 bytes

User: אורח

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02012012_222247

Files\Folders moved on Reboot...
C:\Users\Shimon Nahum\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\plugin_31815\Plugin Data\Google Gears\localserver.db moved successfully.
C:\Windows\temp\plugin_31815\Plugin Data\Google Gears\permissions.db moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Default\Cache\data_0 moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Default\Cache\data_1 moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Default\Cache\data_2 moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Default\Cache\data_3 moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Default\Cache\index moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Default\Cookies moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Cache\data_0 moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Cache\data_1 moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Cache\data_2 moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Cache\data_3 moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Cache\index moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Archived History moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Archived History-journal moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Cookies moved successfully.
C:\Windows\temp\berkeliumyyyy31811\History moved successfully.
C:\Windows\temp\berkeliumyyyy31811\History-journal moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Thumbnails moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Thumbnails-journal moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Visited Links moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Web Data moved successfully.
C:\Windows\temp\berkeliumyyyy31811\Web Data-journal moved successfully.

Registry entries deleted on Reboot...

somebla · Feb 1, 2012

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Java(TM) 6 Update 30
Out of date Java installed!
Adobe Flash Player ( 10.0.45.2) Flash Player Out of Date!
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

somebla · Feb 1, 2012

Farbar Service Scanner Version: 01-02-2012 03
Ran by Shimon Nahum (administrator) on 01-02-2012 at 22:43:16
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

somebla · Feb 1, 2012

Scanning Report
Wednesday, February 1, 2012 23:07:56 - 23:12:52
Computer name: SHIMONNAHUM-PC
Scanning type: Quick scan
Target: System

--------------------------------------------------------------------------------

12 malware found
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Advertising (spyware)
System (Disinfected)
TrackingCookie.Atdmt (spyware)
System (Disinfected)
TrackingCookie.Adtech (spyware)
System (Disinfected)
TrackingCookie.Fastclick (spyware)
System (Disinfected)
TrackingCookie.Xiti (spyware)
System (Disinfected)
TrackingCookie.Webtrends (spyware)
System (Disinfected)
TrackingCookie.Mediaplex (spyware)
System (Disinfected)
TrackingCookie.Liveperson (spyware)
System (Disinfected)
TrackingCookie.Statistik-Gallup (spyware)
System (Disinfected)
TrackingCookie.Statcounter (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 5810
System: 5810
Not scanned: 0
Actions:
Disinfected: 12
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0

--------------------------------------------------------------------------------

Options
Scanning engines:

--------------------------------------------------------------------------------

Copyright © 1998-2009 Product support |

Broni · Feb 1, 2012

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

===========================================================

You're not running any AV program (I can see some NOD32 leftovers, which we'll remove in a moment).
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings.

===========================================================

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
PRC - [2009/09/29 13:03:46 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
SRV:64bit: - [2009/09/29 13:11:14 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/09/29 13:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
DRV:64bit: - [2009/09/29 13:06:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/09/29 13:03:00 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/09/29 12:56:36 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com : C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/30 19:16:36 | 000,000,000 | ---D | M]
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
[2012/01/30 19:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/01/30 19:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/01/30 15:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

somebla · Feb 2, 2012

I downloaded and installed the free Avast and the scan came up clean.
Couldn't find a way to post the log though.. no txt file came up.

After pasting and hitting Run Fix on OTL the computer rebooted and on the logon screen the user I use disappeared. I wasnt sure if it was part of the process and kinda freaked out.. so I rebooted the computer and it appeared again.
But no log file was created by OTL..

BTW, from using the computer today it seems to be working fine..

And I really want to thank you for all your help, I appreciate it very much!

Broni · Feb 2, 2012

You're very welcome.

Run OTL "Quick scan" (no custom script needed), post the log and we'll see if the previous fix worked.

somebla · Feb 3, 2012

OTL logfile created on: 03/02/2012 15:10:24 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Shimon Nahum\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 60.02% Memory free
7.60 Gb Paging File | 5.88 Gb Available in Paging File | 77.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 171.29 Gb Free Space | 60.45% Space Free | Partition Type: NTFS
Drive D: | 63.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SHIMONNAHUM-PC | User Name: Shimon Nahum | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/01 21:14:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Shimon Nahum\Downloads\OTL.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/28 20:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 20:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/24 10:01:15 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/07/15 11:07:14 | 000,323,664 | ---- | M] (Athena Smartcard Solutions) -- C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
PRC - [2010/07/07 07:55:10 | 003,687,736 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/17 23:37:16 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/17 23:34:12 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/12/29 23:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/24 00:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/24 00:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/15 10:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
PRC - [2009/10/15 10:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 15:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/02 09:29:59 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/01/12 03:28:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2012/01/08 13:51:46 | 000,076,800 | ---- | M] () -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Firefox\Profiles\ux35p2ep.default\extensions\{bebc2a28-82ab-4cc7-810e-9a3df7a1970f}\components\RadioWMPCoreGecko8.dll
MOD - [2011/11/24 10:01:14 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/12 03:35:13 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 03:35:06 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 03:34:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/12 03:34:48 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 03:34:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 03:34:44 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 03:34:39 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/13 03:50:14 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_he_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/10/15 10:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
MOD - [2009/10/15 10:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/10/15 10:10:16 | 000,588,272 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
MOD - [2009/09/28 07:52:34 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 20:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/06/21 18:57:42 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/17 23:29:08 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/03/17 23:27:52 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/02/03 08:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/08/03 00:00:30 | 000,148,480 | ---- | M] (Xerox Co., Ltd.) [Auto | Running] -- C:\Program Files\Xerox Office Printing\PrintingScout\XCPWDN.EXE -- (XCPSPWD)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 00:00:30 | 000,337,920 | ---- | M] (Xerox Co., Ltd.) [Auto | Running] -- C:\Program Files\Xerox Office Printing\PrintingScout\XCSDBN.EXE -- (XCPSSDB)
SRV:64bit: - [2009/06/09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/15 00:32:40 | 005,480,232 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\Yes Streamer\MediaServer.exe -- (YesMediaServer)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/07/08 06:12:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/17 23:37:16 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/17 23:34:12 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/12/24 00:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 02:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 19:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 19:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 19:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 19:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 19:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 19:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 21:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 23:22:00 | 000,069,376 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/21 13:54:07 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/17 23:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/17 23:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/17 23:33:06 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2010/03/17 23:27:14 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 16:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/02/03 08:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/03 08:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/03 08:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/12/17 17:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2006/11/01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/12/11 16:21:32 | 000,197,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\WinVd32.sys -- (WinVd32)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7fdcda8a-da42-4109-8467-f91d0d88c59e} - C:\Program Files (x86)\YesStreamerBar\prxtbYes0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {bebc2a28-82ab-4cc7-810e-9a3df7a1970f} - C:\Program Files (x86)\Walla\prxtbWal0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.co.il/cse?cx=partner-pub-1045670103905278:twd9k5-6qt8&ie=ISO-8859-8-I&q=&sa=
IE - HKCU\..\URLSearchHook: {7fdcda8a-da42-4109-8467-f91d0d88c59e} - C:\Program Files (x86)\YesStreamerBar\prxtbYes0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "mako LIVE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2365378&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://events.walla.co.il/WidgetEvent.asp?l=Toolbar.&event_type=22&DIvName=defaultHomepage&url=http://www.walla.co.il"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {d45171f3-7da8-4d5a-8257-bcb94b9092aa}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bebc2a28-82ab-4cc7-810e-9a3df7a1970f}:3.5.0.12
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2365378&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/02 09:33:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/24 10:01:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/25 11:56:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/08/25 17:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Extensions
[2012/02/01 02:42:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Firefox\Profiles\ux35p2ep.default\extensions
[2012/01/10 14:10:21 | 000,000,000 | ---D | M] (YesStreamerBar Community Toolbar) -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Firefox\Profiles\ux35p2ep.default\extensions\{7fdcda8a-da42-4109-8467-f91d0d88c59e}
[2012/01/11 14:07:26 | 000,000,000 | ---D | M] (Walla Community Toolbar) -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Firefox\Profiles\ux35p2ep.default\extensions\{bebc2a28-82ab-4cc7-810e-9a3df7a1970f}
[2012/01/11 14:07:27 | 000,000,000 | ---D | M] (mako LIVE Community Toolbar) -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Firefox\Profiles\ux35p2ep.default\extensions\{d45171f3-7da8-4d5a-8257-bcb94b9092aa}
[2010/11/25 14:58:00 | 000,000,921 | ---- | M] () -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Firefox\Profiles\ux35p2ep.default\searchplugins\conduit.xml
[2012/02/01 22:32:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/02/01 22:32:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\SHIMON NAHUM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX35P2EP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/24 10:01:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/10/19 00:47:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/24 10:01:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Shimon Nahum\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: \u05D7\u05D9\u05E4\u05D5\u05E9 Google = C:\Users\Shimon Nahum\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Walla = C:\Users\Shimon Nahum\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfjhiccppafcjicfalobggnophliocpp\2.2.0.5_1\
CHR - Extension: Gmail = C:\Users\Shimon Nahum\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/02/01 12:38:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AGFormHelperObj Class) - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files (x86)\agat\AGForm\AGFormsHelper.dll (Agat software solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (YesStreamerBar Toolbar) - {7fdcda8a-da42-4109-8467-f91d0d88c59e} - C:\Program Files (x86)\YesStreamerBar\prxtbYes0.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Walla Toolbar) - {bebc2a28-82ab-4cc7-810e-9a3df7a1970f} - C:\Program Files (x86)\Walla\prxtbWal0.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (YesStreamerBar Toolbar) - {7fdcda8a-da42-4109-8467-f91d0d88c59e} - C:\Program Files (x86)\YesStreamerBar\prxtbYes0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Walla Toolbar) - {bebc2a28-82ab-4cc7-810e-9a3df7a1970f} - C:\Program Files (x86)\Walla\prxtbWal0.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (YesStreamerBar Toolbar) - {7FDCDA8A-DA42-4109-8467-F91D0D88C59E} - C:\Program Files (x86)\YesStreamerBar\prxtbYes0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Walla Toolbar) - {BEBC2A28-82AB-4CC7-810E-9A3DF7A1970F} - C:\Program Files (x86)\Walla\prxtbWal0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [XCPSPSP] C:\Program Files\Xerox Office Printing\PrintingScout\XCPSPZ.EXE (Xerox Co., Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IDProtect Monitor] C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (Athena Smartcard Solutions)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: שלח אל OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ש&לח אל OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.117.235.237 62.219.186.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B78B923D-7972-4320-9B07-DCE1B2EA0A72}: DhcpNameServer = 192.168.1.1 192.117.235.237 62.219.186.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4188ABF-FC0E-4DF8-B02F-B9759D2965EA}: DhcpNameServer = 10.170.9.73 10.170.9.74
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

somebla · Feb 3, 2012

========== Files/Folders - Created Within 30 Days ==========

[2012/02/02 09:34:23 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/02/02 09:34:23 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/02/02 09:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/02 09:34:22 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/02/02 09:34:21 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/02/02 09:34:20 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/02/02 09:34:18 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/02/02 09:34:18 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/02/02 09:33:54 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/02/02 09:33:54 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/02 09:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/02 09:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/01 23:08:00 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Roaming\f-secure
[2012/02/01 23:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/02/01 22:33:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/02/01 22:22:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/01 21:11:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/01 12:36:15 | 000,000,000 | ---D | C] -- C:\found.001
[2012/02/01 12:19:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/01 12:19:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/01 12:19:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/01 12:19:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/01 12:19:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/01 12:15:40 | 004,395,075 | R--- | C] (Swearware) -- C:\Users\Shimon Nahum\Desktop\ComboFix.exe
[2012/01/30 19:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/01/30 19:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/01/30 16:51:37 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Roaming\Malwarebytes
[2012/01/30 16:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/30 16:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/30 16:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/26 11:05:12 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{385CB147-4ED0-4B3E-91E1-C63719B0EA8E}
[2012/01/26 11:04:59 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{80D0F6CB-049D-477D-A5A8-96C1F5F649F0}
[2012/01/25 18:53:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/01/25 18:49:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/25 18:49:30 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/25 16:19:38 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{FF5EB528-A96C-42B9-BF92-96D4EB11D97C}
[2012/01/25 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{F2FDCA97-C4F8-4FB3-B25E-D4F88FF1C617}
[2012/01/25 15:15:04 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{FF6F8596-6D79-4233-9E01-42DB8260895A}
[2012/01/25 12:27:01 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Roaming\dll-files.com
[2012/01/25 12:26:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files.com Fixer
[2012/01/25 12:26:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dll-Files.com Fixer
[2012/01/25 11:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/01/25 11:56:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/01/19 22:50:23 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{EA7EE3EC-908A-4570-AE3E-6CFC2DE79207}
[2012/01/19 22:50:10 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{4E5D4691-1E21-46A9-989A-6929CAE5D0D2}
[2012/01/15 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{DF17F912-0C01-461D-8726-809D028816EE}
[2012/01/15 12:35:14 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{AB3147E7-CFAD-481A-BB40-E664A3CB217F}
[2012/01/11 02:03:09 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Geeks Ltd
[2012/01/11 02:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Geeks Ltd
[2012/01/10 01:42:27 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICEOWS
[2012/01/10 01:42:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ShellExt
[2012/01/10 01:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICEOWS
[2012/01/10 01:26:03 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/01/06 21:22:53 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{3D26B337-A7F1-496D-92D7-CBC723B22405}
[2012/01/06 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{06428AC0-9562-48B7-B81F-18681FF55692}
[2012/01/06 21:19:43 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{0F2C2692-2BEA-4995-BD34-7D8B91ACA9D6}
[2012/01/06 21:19:27 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{3B745707-582B-491A-84A5-400CB1B2835D}
[2012/01/06 21:18:57 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{47FC7888-4BE4-4C17-91E8-A9C33D0B2A27}
[2012/01/06 21:18:44 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{75C9B3B5-9EA8-40B8-97AC-E89C38D02A4D}
[4 C:\Users\Shimon Nahum\AppData\Local\*.tmp files -> C:\Users\Shimon Nahum\AppData\Local\*.tmp -> ]
[2 C:\Users\Shimon Nahum\Desktop\*.tmp files -> C:\Users\Shimon Nahum\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/03 15:15:20 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/03 15:15:20 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/03 15:13:14 | 001,153,046 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/03 15:13:14 | 000,627,226 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/03 15:13:14 | 000,364,172 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2012/02/03 15:13:14 | 000,107,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/03 15:13:14 | 000,070,250 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2012/02/03 15:07:10 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/03 15:06:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/03 15:06:36 | 3062,804,480 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 00:14:44 | 000,002,818 | ---- | M] () -- C:\Windows\SysWow64\tversity.cookies
[2012/02/03 00:11:53 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/03 00:11:53 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559488134-2913140368-3833694856-1004UA.job
[2012/02/02 22:34:33 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2012/02/02 22:29:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559488134-2913140368-3833694856-1004Core.job
[2012/02/02 09:34:23 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/02 09:34:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/02/01 12:38:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/01 12:15:52 | 004,395,075 | R--- | M] (Swearware) -- C:\Users\Shimon Nahum\Desktop\ComboFix.exe
[2012/02/01 04:07:35 | 000,000,512 | ---- | M] () -- C:\Users\Shimon Nahum\Desktop\MBR.dat
[2012/01/30 16:51:27 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/30 14:50:03 | 000,000,679 | ---- | M] () -- C:\Users\Shimon Nahum\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/26 09:56:55 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/25 18:42:37 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2012/01/25 12:26:53 | 000,002,014 | ---- | M] () -- C:\Users\Shimon Nahum\Application Data\Microsoft\Internet Explorer\Quick Launch\DLL-Files.com FIXER.lnk
[2012/01/25 11:56:19 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/10 01:42:26 | 000,000,018 | ---- | M] () -- C:\Windows\Winzip32.ini
[4 C:\Users\Shimon Nahum\AppData\Local\*.tmp files -> C:\Users\Shimon Nahum\AppData\Local\*.tmp -> ]
[2 C:\Users\Shimon Nahum\Desktop\*.tmp files -> C:\Users\Shimon Nahum\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/02 22:34:33 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2012/02/02 09:34:23 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/02 09:34:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/02/01 12:27:12 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/02/01 12:27:12 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader 2.lnk
[2012/02/01 12:27:12 | 000,002,468 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/02/01 12:27:12 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/01 12:27:12 | 000,002,084 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
[2012/02/01 12:27:12 | 000,001,448 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/02/01 12:27:12 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/02/01 12:27:12 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/02/01 12:27:12 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/02/01 12:27:12 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/02/01 12:27:12 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/02/01 12:27:12 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/02/01 12:27:12 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/02/01 12:27:12 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/02/01 12:27:12 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/01 12:27:11 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/01 12:27:11 | 000,002,342 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/01 12:27:11 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/02/01 12:27:11 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Nitro PDF Reader.lnk
[2012/02/01 12:27:11 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/01 12:27:11 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/01 12:27:11 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/01 12:27:11 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/02/01 12:27:11 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk
[2012/02/01 12:27:11 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\Biztrade.lnk
[2012/02/01 12:19:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/01 12:19:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/01 12:19:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/01 12:19:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/01 12:19:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/01 04:07:35 | 000,000,512 | ---- | C] () -- C:\Users\Shimon Nahum\Desktop\MBR.dat
[2012/01/30 16:51:27 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/30 14:50:03 | 000,000,679 | ---- | C] () -- C:\Users\Shimon Nahum\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/30 11:09:54 | 000,001,547 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/25 12:27:04 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2012/01/25 12:26:53 | 000,002,014 | ---- | C] () -- C:\Users\Shimon Nahum\Application Data\Microsoft\Internet Explorer\Quick Launch\DLL-Files.com FIXER.lnk
[2012/01/25 12:26:52 | 000,039,712 | ---- | C] () -- C:\Windows\SysWow64\asl.dll
[2012/01/10 01:42:26 | 000,000,018 | ---- | C] () -- C:\Windows\Winzip32.ini
[2011/05/27 23:50:04 | 000,000,000 | ---- | C] () -- C:\Users\Shimon Nahum\AppData\Local\{F07C6039-DFA5-40E0-B2E7-291F640B9A38}
[2011/05/10 09:30:27 | 000,000,000 | ---- | C] () -- C:\Users\Shimon Nahum\AppData\Local\{5057C62D-D4FC-4FDD-A5FB-E83E632D91A4}
[2011/03/04 20:24:50 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/12/19 02:04:29 | 000,008,297 | ---- | C] () -- C:\Users\Shimon Nahum\AppData\Roaming\UserTile.png
[2010/12/11 16:21:32 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
[2010/12/11 16:21:31 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe
[2010/11/26 20:08:03 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/11/22 21:24:37 | 001,179,512 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/22 00:04:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/15 20:32:56 | 000,004,608 | ---- | C] () -- C:\Users\Shimon Nahum\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/20 11:51:02 | 000,708,688 | ---- | C] () -- C:\Windows\SysWow64\LASERToken.dll
[2010/09/20 11:50:52 | 000,905,296 | ---- | C] () -- C:\Windows\SysWow64\AsepcosToken.dll
[2010/09/20 11:50:36 | 000,745,552 | ---- | C] () -- C:\Windows\SysWow64\CNSToken.dll
[2010/07/28 21:08:46 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/07/28 21:08:44 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/07/08 08:37:28 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/07/08 08:37:28 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/07/08 08:37:28 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/08 08:30:29 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/07/08 08:30:29 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2010/07/08 08:30:29 | 000,000,035 | ---- | C] () -- C:\Windows\DELL_LANGCODE.ini
[2010/07/08 08:30:29 | 000,000,033 | ---- | C] () -- C:\Windows\DELL_OSTYPE.ini
[2010/07/08 08:30:29 | 000,000,032 | ---- | C] () -- C:\Windows\WisHWDest.ini
[2010/07/08 08:30:29 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010/07/08 08:30:29 | 000,000,023 | ---- | C] () -- C:\Windows\WisSysInfo.ini
[2010/07/08 06:20:47 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/08/27 08:31:56 | 000,036,944 | ---- | C] () -- C:\Windows\SysWow64\ASESPR.dll
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 23:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 23:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/08/29 15:05:14 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\aseVCAPIB.dll

========== LOP Check ==========

[2011/03/22 09:39:55 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\Babylon
[2011/02/18 19:34:02 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\Bandoo
[2010/10/14 03:27:47 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\DAEMON Tools Lite
[2012/01/25 12:27:01 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\dll-files.com
[2011/11/03 09:55:50 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\Downloaded Installations
[2012/02/01 23:08:00 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\f-secure
[2010/09/21 14:03:56 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\GHISLER
[2011/03/22 15:10:02 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\Leadertech
[2012/01/29 11:33:18 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\Nitro PDF
[2011/10/10 15:14:09 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\OpenCandy
[2011/07/15 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\RayV
[2012/01/30 15:18:20 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\uTorrent
[2010/09/18 11:38:09 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\WildTangent
[2012/01/25 18:42:37 | 000,000,306 | ---- | M] () -- C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job
[2012/02/01 22:35:49 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2012/02/01 21:30:21 | 000,000,000 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\?.txt) -- C:\Users\Shimon Nahum\Desktop\ג.txt
[2012/02/01 21:30:21 | 000,000,000 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\?.txt) -- C:\Users\Shimon Nahum\Desktop\ג.txt
[2012/02/01 12:27:11 | 000,000,981 | ---- | C] ()(C:\Users\Public\Desktop\??????.lnk) -- C:\Users\Public\Desktop\מוזיקה.lnk
[2012/01/30 21:11:24 | 000,000,000 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\????? ???? ????.txt) -- C:\Users\Shimon Nahum\Desktop\‫מסמך טקסט ‫חדש.txt
[2012/01/30 21:11:24 | 000,000,000 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\????? ???? ????.txt) -- C:\Users\Shimon Nahum\Desktop\‫מסמך טקסט ‫חדש.txt
[2012/01/29 19:11:09 | 000,091,136 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ???? ????.doc) -- C:\Users\Shimon Nahum\Desktop\דוד גבאי שזור.doc
[2012/01/29 19:11:08 | 000,091,136 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ???? ????.doc) -- C:\Users\Shimon Nahum\Desktop\דוד גבאי שזור.doc
[2012/01/29 19:07:08 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\???? - ?????) -- C:\Users\Shimon Nahum\Desktop\גבאי - מערכת
[2012/01/29 19:06:48 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\???? - ?????) -- C:\Users\Shimon Nahum\Desktop\גבאי - מערכת
[2012/01/29 11:59:33 | 000,347,648 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\???? ?????- ????.doc) -- C:\Users\Shimon Nahum\Desktop\חנות פלאפל- סופי.doc
[2012/01/29 11:59:32 | 000,347,648 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\???? ?????- ????.doc) -- C:\Users\Shimon Nahum\Desktop\חנות פלאפל- סופי.doc
[2012/01/29 11:16:43 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$? ??' ??-?????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ר דר' גד-בדיקה.doc
[2012/01/29 11:16:43 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$? ??' ??-?????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ר דר' גד-בדיקה.doc
[2012/01/29 11:08:55 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$? ??? ???? ?????? - ?????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ת שאן עבדל אלחכים - בדיקה.doc
[2012/01/29 11:08:55 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$? ??? ???? ?????? - ?????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ת שאן עבדל אלחכים - בדיקה.doc
[2012/01/29 11:06:14 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$???? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\~$כסנד מוצקין.doc
[2012/01/29 11:06:14 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$???? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\~$כסנד מוצקין.doc
[2012/01/29 10:59:00 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$? ??? ???.doc) -- C:\Users\Shimon Nahum\Desktop\~$ת שאן סמי.doc
[2012/01/29 10:59:00 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$? ??? ???.doc) -- C:\Users\Shimon Nahum\Desktop\~$ת שאן סמי.doc
[2012/01/28 12:05:14 | 000,302,080 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\????? ??? ??(????.doc) -- C:\Users\Shimon Nahum\Desktop\טבריה זיו קפ(סופי.doc
[2012/01/28 12:05:13 | 000,302,080 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\????? ??? ??(????.doc) -- C:\Users\Shimon Nahum\Desktop\טבריה זיו קפ(סופי.doc
[2012/01/28 11:35:05 | 000,604,160 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ??? ???.doc) -- C:\Users\Shimon Nahum\Desktop\בית שאן ליל.doc
[2012/01/28 11:35:04 | 000,604,160 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ??? ???.doc) -- C:\Users\Shimon Nahum\Desktop\בית שאן ליל.doc
[2012/01/28 10:17:57 | 000,067,072 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ??? ???? ?????? - ?????.doc) -- C:\Users\Shimon Nahum\Desktop\בית שאן עבדל אלחכים - בדיקה.doc
[2012/01/28 09:57:43 | 000,067,072 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ??? ???? ?????? - ?????.doc) -- C:\Users\Shimon Nahum\Desktop\בית שאן עבדל אלחכים - בדיקה.doc
[2012/01/27 23:07:16 | 000,065,024 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\???? ?????? ???? ????.doc) -- C:\Users\Shimon Nahum\Desktop\קרית מוצקין קוגן סמדר.doc
[2012/01/27 22:01:55 | 000,595,968 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ??? ???.doc) -- C:\Users\Shimon Nahum\Desktop\בית שאן סמי.doc
[2012/01/27 20:42:19 | 000,595,968 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ??? ???.doc) -- C:\Users\Shimon Nahum\Desktop\בית שאן סמי.doc
[2012/01/26 14:14:41 | 000,073,216 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ?????.doc) -- C:\Users\Shimon Nahum\Desktop\סקר דוגמה.doc
[2012/01/26 14:14:40 | 000,073,216 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ?????.doc) -- C:\Users\Shimon Nahum\Desktop\סקר דוגמה.doc
[2012/01/26 14:03:40 | 000,208,896 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\????? ??? ?? ?? ????.doc) -- C:\Users\Shimon Nahum\Desktop\תיקון סקר דר דג יוסף.doc
[2012/01/26 14:00:29 | 000,208,896 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\????? ??? ?? ?? ????.doc) -- C:\Users\Shimon Nahum\Desktop\תיקון סקר דר דג יוסף.doc
[2012/01/26 13:48:49 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\?? ??????) -- C:\Users\Shimon Nahum\Desktop\גד תמונות
[2012/01/26 13:48:33 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\?? ??????) -- C:\Users\Shimon Nahum\Desktop\גד תמונות
[2012/01/26 13:44:34 | 000,062,464 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ??' ??-?????.doc) -- C:\Users\Shimon Nahum\Desktop\סקר דר' גד-בדיקה.doc
[2012/01/26 13:44:34 | 000,062,464 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ??' ??-?????.doc) -- C:\Users\Shimon Nahum\Desktop\סקר דר' גד-בדיקה.doc
[2012/01/26 13:23:18 | 000,111,616 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\סקר מריאנה.doc
[2012/01/26 13:19:08 | 000,111,616 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\סקר מריאנה.doc
[2012/01/26 11:34:14 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\??????) -- C:\Users\Shimon Nahum\Desktop\מרינאה
[2012/01/26 11:33:53 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\??????) -- C:\Users\Shimon Nahum\Desktop\מרינאה
[2012/01/26 10:33:11 | 000,064,512 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\?????? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\אלכסנד מוצקין.doc
[2012/01/26 10:33:10 | 000,064,512 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\?????? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\אלכסנד מוצקין.doc
[2012/01/25 19:23:02 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\??????? 1) -- C:\Users\Shimon Nahum\Desktop\צילומים 1
[2012/01/24 14:40:16 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\?????? ????? 7) -- C:\Users\Shimon Nahum\Desktop\תמונות אירוע 7
[2012/01/24 14:40:06 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\?????? ????? 7) -- C:\Users\Shimon Nahum\Desktop\תמונות אירוע 7
[2012/01/22 16:56:37 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\?????? ????? 6) -- C:\Users\Shimon Nahum\Desktop\עוספיה אירוע 6
[2012/01/22 16:56:28 | 000,470,016 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\?????? ????? 7.doc) -- C:\Users\Shimon Nahum\Desktop\עוספיה אירוע 7.doc
[2012/01/22 14:16:30 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$???? ????? 7.doc) -- C:\Users\Shimon Nahum\Desktop\~$ספיה אירוע 7.doc
[2012/01/22 14:16:30 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$???? ????? 7.doc) -- C:\Users\Shimon Nahum\Desktop\~$ספיה אירוע 7.doc
[2012/01/22 14:16:29 | 000,470,016 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\?????? ????? 7.doc) -- C:\Users\Shimon Nahum\Desktop\עוספיה אירוע 7.doc
[2012/01/22 13:30:34 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\?????? ????? 6) -- C:\Users\Shimon Nahum\Desktop\עוספיה אירוע 6
[2012/01/22 13:11:25 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\?????? ????? 5) -- C:\Users\Shimon Nahum\Desktop\עוספיה אירוע 5
[2012/01/22 01:16:34 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\?????? ????? 5) -- C:\Users\Shimon Nahum\Desktop\עוספיה אירוע 5
[2012/01/19 10:36:55 | 002,563,584 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\?-7512863-2.doc) -- C:\Users\Shimon Nahum\Desktop\פ-7512863-2.doc
[2012/01/19 09:54:43 | 002,563,584 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\?-7512863-2.doc) -- C:\Users\Shimon Nahum\Desktop\פ-7512863-2.doc
[2012/01/19 09:43:31 | 000,103,424 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\?????? ??? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\גרגורי בית אליעזר.doc
[2012/01/18 11:42:44 | 000,103,424 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\?????? ??? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\גרגורי בית אליעזר.doc
[2012/01/17 14:48:06 | 000,007,149 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\????? ????? ??.html) -- C:\Users\Shimon Nahum\Desktop\טבריה שמעון רז.html
[2012/01/17 14:48:05 | 000,007,149 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\????? ????? ??.html) -- C:\Users\Shimon Nahum\Desktop\טבריה שמעון רז.html
[2012/01/17 00:27:35 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$?? ???????1111.doc) -- C:\Users\Shimon Nahum\Desktop\~$פח צילומים1111.doc
[2012/01/17 00:27:35 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$?? ???????1111.doc) -- C:\Users\Shimon Nahum\Desktop\~$פח צילומים1111.doc
[2012/01/15 14:46:24 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\????) -- C:\Users\Shimon Nahum\משרד
[2012/01/12 19:09:11 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$??? ??? ????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ריה צור חיים.doc
[2012/01/12 19:09:11 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$??? ??? ????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ריה צור חיים.doc
[2012/01/10 09:05:32 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$?? ?????? ???? ????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ית מוצקין קוגן סמדר.doc
[2012/01/10 09:05:26 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$?? ?????? ???? ????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ית מוצקין קוגן סמדר.doc
[2012/01/10 09:05:25 | 000,065,024 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\???? ?????? ???? ????.doc) -- C:\Users\Shimon Nahum\Desktop\קרית מוצקין קוגן סמדר.doc
[2011/12/26 15:18:05 | 000,029,184 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\???? ???????1111.doc) -- C:\Users\Shimon Nahum\Desktop\נספח צילומים1111.doc
[2011/12/25 12:37:55 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\?????? ?????) -- C:\Users\Shimon Nahum\תמונות למיון
[2011/12/25 09:36:22 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$? ????5.doc) -- C:\Users\Shimon Nahum\Desktop\~$ב עופר5.doc
[2011/12/25 09:36:22 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$? ????5.doc) -- C:\Users\Shimon Nahum\Desktop\~$ב עופר5.doc
[2011/12/15 21:11:09 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$??? ??' ?????? ????.doc) -- C:\Users\Shimon Nahum\Desktop\~$עון דר' מחאמיד יוסף.doc
[2011/12/15 21:11:09 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$??? ??' ?????? ????.doc) -- C:\Users\Shimon Nahum\Desktop\~$עון דר' מחאמיד יוסף.doc
[2011/12/11 13:25:42 | 000,029,184 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\???? ???????1111.doc) -- C:\Users\Shimon Nahum\Desktop\נספח צילומים1111.doc
[2011/12/11 11:26:05 | 000,388,608 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\???? ?? ???.doc) -- C:\Users\Shimon Nahum\Documents\נצרת דר חנא.doc
[2011/12/11 11:26:05 | 000,388,608 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\???? ?? ???.doc) -- C:\Users\Shimon Nahum\Documents\נצרת דר חנא.doc
[2011/12/08 13:36:05 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\??????? 1) -- C:\Users\Shimon Nahum\Desktop\צילומים 1
[2011/11/07 00:51:26 | 000,069,632 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\001 ????? ???? ????- ????? (1).doc) -- C:\Users\Shimon Nahum\Documents\001 אלרנד יורם חיפה- מתוקן (1).doc
[2011/11/07 00:51:26 | 000,069,632 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\001 ????? ???? ????- ????? (1).doc) -- C:\Users\Shimon Nahum\Documents\001 אלרנד יורם חיפה- מתוקן (1).doc
[2011/10/31 19:48:43 | 001,117,184 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\??????? ??? ????.doc) -- C:\Users\Shimon Nahum\Documents\אופטיקה סגל יעקב.doc
[2011/10/31 19:46:58 | 001,117,184 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\??????? ??? ????.doc) -- C:\Users\Shimon Nahum\Documents\אופטיקה סגל יעקב.doc
[2011/10/10 15:15:27 | 000,000,981 | ---- | M] ()(C:\Users\Public\Desktop\??????.lnk) -- C:\Users\Public\Desktop\מוזיקה.lnk
[2011/09/21 22:53:34 | 000,004,101 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\???? ?????.htm) -- C:\Users\Shimon Nahum\Desktop\עינב ביטוח.htm
[2011/09/21 22:53:16 | 000,004,101 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\???? ?????.htm) -- C:\Users\Shimon Nahum\Desktop\עינב ביטוח.htm
[2011/08/18 11:27:10 | 000,458,752 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\?-1301761.doc) -- C:\Users\Shimon Nahum\Documents\ע-1301761.doc
[2011/08/18 11:19:07 | 000,458,752 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\?-1301761.doc) -- C:\Users\Shimon Nahum\Documents\ע-1301761.doc
[2011/07/14 10:44:13 | 000,025,088 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\????? ????? ?- ?-8230427 (???? ????????).xls) -- C:\Users\Shimon Nahum\Documents\גליון עבודה ב- ט-8230427 (נשמר אוטומטית).xls
[2011/07/14 10:44:13 | 000,025,088 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\????? ????? ?- ?-8230427 (???? ????????).xls) -- C:\Users\Shimon Nahum\Documents\גליון עבודה ב- ט-8230427 (נשמר אוטומטית).xls
[2011/06/29 08:59:33 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\????) -- C:\Users\Shimon Nahum\חדרה
[2011/06/21 16:17:40 | 000,164,864 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\?-4658915[1].doc) -- C:\Users\Shimon Nahum\Documents\ע-4658915[1].doc
[2011/06/21 16:17:37 | 000,164,864 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\?-4658915[1].doc) -- C:\Users\Shimon Nahum\Documents\ע-4658915[1].doc
[2011/06/07 09:42:25 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\????? ??) -- C:\Users\Shimon Nahum\אבירם דן
[2011/05/11 13:02:44 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\?????? ???) -- C:\Users\Shimon Nahum\מתכוני מרק
[2011/05/08 12:32:02 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\???? ?????? -????? ???) -- C:\Users\Shimon Nahum\חומר מקצועי -שמאות רכב
[2011/03/24 11:43:12 | 000,279,552 | ---- | M] ()(C:\Users\Shimon Nahum\?-5221023.doc) -- C:\Users\Shimon Nahum\פ-5221023.doc
[2011/03/14 20:42:37 | 000,059,392 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\????? 2.doc) -- C:\Users\Shimon Nahum\Documents\סורדם 2.doc
[2011/03/14 20:41:44 | 000,060,416 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\???.doc) -- C:\Users\Shimon Nahum\Documents\ששש.doc
[2011/03/14 20:40:57 | 000,060,416 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\??22.doc) -- C:\Users\Shimon Nahum\Documents\שש22.doc
[2011/02/18 19:17:31 | 000,062,976 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\0915-???????-?????.doc) -- C:\Users\Shimon Nahum\Documents\0915-ברזילאי-חולתה.doc
[2011/02/18 19:17:29 | 000,062,976 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\0915-???????-?????.doc) -- C:\Users\Shimon Nahum\Documents\0915-ברזילאי-חולתה.doc
[2011/02/16 11:32:49 | 000,060,416 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\??22.doc) -- C:\Users\Shimon Nahum\Documents\שש22.doc
[2011/02/16 11:30:35 | 000,060,416 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\???.doc) -- C:\Users\Shimon Nahum\Documents\ששש.doc
[2011/02/16 11:12:16 | 000,059,392 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\????? 2.doc) -- C:\Users\Shimon Nahum\Documents\סורדם 2.doc
[2011/02/15 12:20:54 | 000,461,961 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\1013-?????? ??? ?????.doc[1].pdf) -- C:\Users\Shimon Nahum\Documents\1013-ציפורי כפר גלעדי.doc[1].pdf
[2011/02/15 12:20:54 | 000,461,961 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\1013-?????? ??? ?????.doc[1].pdf) -- C:\Users\Shimon Nahum\Documents\1013-ציפורי כפר גלעדי.doc[1].pdf
[2011/02/06 11:11:25 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\??????) -- C:\Users\Shimon Nahum\ירדנית
[2010/12/15 02:25:21 | 000,091,722 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\???? ????? ????.pdf) -- C:\Users\Shimon Nahum\Documents\טופס תביעה עופר.pdf
[2010/12/15 02:25:21 | 000,091,722 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\???? ????? ????.pdf) -- C:\Users\Shimon Nahum\Documents\טופס תביעה עופר.pdf
[2010/09/21 15:26:55 | 000,001,065 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\????.lnk) -- C:\Users\Shimon Nahum\Desktop\משרד.lnk
[2010/09/21 15:26:55 | 000,001,065 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\????.lnk) -- C:\Users\Shimon Nahum\Desktop\משרד.lnk
(C:\Users\Shimon Nahum\??????) -- C:\Users\Shimon Nahum\ירדנית
(C:\Users\Shimon Nahum\?????? ?????) -- C:\Users\Shimon Nahum\תמונות למיון
(C:\Users\Shimon Nahum\?????? ???) -- C:\Users\Shimon Nahum\מתכוני מרק
(C:\Users\Shimon Nahum\????? ??) -- C:\Users\Shimon Nahum\אבירם דן
(C:\Users\Shimon Nahum\????) -- C:\Users\Shimon Nahum\משרד
(C:\Users\Shimon Nahum\????) -- C:\Users\Shimon Nahum\חדרה
(C:\Users\Shimon Nahum\???? ?????? -????? ???) -- C:\Users\Shimon Nahum\חומר מקצועי -שמאות רכב

< End of report >

Broni · Feb 3, 2012

Good. It worked

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

=============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

somebla · Feb 3, 2012

hey, I pasted and did the Run Fix with OTL.
and after rebooting a DLL-files.com Fixer came up and started "scanning" my computer.
I'm prety sure it's a malware.. should i continue with the rest of the steps you posted?

here is the log that came up after rebooting with OTL:
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Shimon Nahum
->Temp folder emptied: 176544774 bytes
->Temporary Internet Files folder emptied: 5784475 bytes
->Java cache emptied: 29631 bytes
->FireFox cache emptied: 48410561 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 744 bytes

User: Test
->Temp folder emptied: 1076 bytes
->Temporary Internet Files folder emptied: 60306 bytes
->Flash cache emptied: 0 bytes

User: אורח
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 85882196 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 302.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Shimon Nahum
->Flash cache emptied: 0 bytes

User: Test
->Flash cache emptied: 0 bytes

User: אורח

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Shimon Nahum
->Java cache emptied: 0 bytes

User: Test

User: אורח

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 02032012_192307

Files\Folders moved on Reboot...
C:\Users\Shimon Nahum\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\_avast_\unp231558858.tmp moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Broni · Feb 3, 2012

after rebooting a DLL-files.com Fixer came up and started "scanning" my computer.

It's listed as one of your installed programs.
Uninstall it and then continue with other steps.

somebla · Feb 4, 2012

Ok the computer seems to be working great!
Thank you so much!
Have a great weekend

Broni · Feb 4, 2012

Way to go!!
Good luck and stay safe

TechSpot

[Solved] System Check malware\virus

somebla Newcomer, in training

somebla Newcomer, in training

somebla Newcomer, in training

Broni Malware Annihilator

somebla Newcomer, in training

somebla Newcomer, in training

somebla Newcomer, in training

somebla Newcomer, in training

Broni Malware Annihilator

somebla Newcomer, in training

Broni Malware Annihilator

somebla Newcomer, in training

somebla Newcomer, in training

Broni Malware Annihilator

somebla Newcomer, in training

Broni Malware Annihilator

somebla Newcomer, in training

Broni Malware Annihilator