Solved System Check malware\virus

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Java(TM) 6 Update 30
Out of date Java installed!
Adobe Flash Player ( 10.0.45.2) Flash Player Out of Date!
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
 
Farbar Service Scanner Version: 01-02-2012 03
Ran by Shimon Nahum (administrator) on 01-02-2012 at 22:43:16
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
Scanning Report
Wednesday, February 1, 2012 23:07:56 - 23:12:52
Computer name: SHIMONNAHUM-PC
Scanning type: Quick scan
Target: System


--------------------------------------------------------------------------------

12 malware found
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Advertising (spyware)
System (Disinfected)
TrackingCookie.Atdmt (spyware)
System (Disinfected)
TrackingCookie.Adtech (spyware)
System (Disinfected)
TrackingCookie.Fastclick (spyware)
System (Disinfected)
TrackingCookie.Xiti (spyware)
System (Disinfected)
TrackingCookie.Webtrends (spyware)
System (Disinfected)
TrackingCookie.Mediaplex (spyware)
System (Disinfected)
TrackingCookie.Liveperson (spyware)
System (Disinfected)
TrackingCookie.Statistik-Gallup (spyware)
System (Disinfected)
TrackingCookie.Statcounter (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 5810
System: 5810
Not scanned: 0
Actions:
Disinfected: 12
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0

--------------------------------------------------------------------------------

Options
Scanning engines:

--------------------------------------------------------------------------------

Copyright © 1998-2009 Product support |
 
Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

===========================================================

You're not running any AV program (I can see some NOD32 leftovers, which we'll remove in a moment).
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings.

===========================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
PRC - [2009/09/29 13:03:46 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
SRV:64bit: - [2009/09/29 13:11:14 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/09/29 13:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
DRV:64bit: - [2009/09/29 13:06:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/09/29 13:03:00 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/09/29 12:56:36 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com : C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/30 19:16:36 | 000,000,000 | ---D | M]
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
[2012/01/30 19:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/01/30 19:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/01/30 15:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
I downloaded and installed the free Avast and the scan came up clean.
Couldn't find a way to post the log though.. no txt file came up.

After pasting and hitting Run Fix on OTL the computer rebooted and on the logon screen the user I use disappeared. I wasnt sure if it was part of the process and kinda freaked out.. so I rebooted the computer and it appeared again.
But no log file was created by OTL..

BTW, from using the computer today it seems to be working fine..

And I really want to thank you for all your help, I appreciate it very much!
 
You're very welcome.

Run OTL "Quick scan" (no custom script needed), post the log and we'll see if the previous fix worked.
 
OTL logfile created on: 03/02/2012 15:10:24 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Shimon Nahum\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 60.02% Memory free
7.60 Gb Paging File | 5.88 Gb Available in Paging File | 77.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 171.29 Gb Free Space | 60.45% Space Free | Partition Type: NTFS
Drive D: | 63.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SHIMONNAHUM-PC | User Name: Shimon Nahum | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/01 21:14:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Shimon Nahum\Downloads\OTL.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/28 20:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 20:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/24 10:01:15 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/07/15 11:07:14 | 000,323,664 | ---- | M] (Athena Smartcard Solutions) -- C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
PRC - [2010/07/07 07:55:10 | 003,687,736 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/17 23:37:16 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/17 23:34:12 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/12/29 23:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/24 00:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/24 00:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/15 10:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
PRC - [2009/10/15 10:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 15:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/02 09:29:59 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/01/12 03:28:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2012/01/08 13:51:46 | 000,076,800 | ---- | M] () -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Firefox\Profiles\ux35p2ep.default\extensions\{bebc2a28-82ab-4cc7-810e-9a3df7a1970f}\components\RadioWMPCoreGecko8.dll
MOD - [2011/11/24 10:01:14 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/12 03:35:13 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 03:35:06 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 03:34:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/12 03:34:48 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 03:34:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 03:34:44 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 03:34:39 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/13 03:50:14 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_he_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/10/15 10:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
MOD - [2009/10/15 10:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/10/15 10:10:16 | 000,588,272 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
MOD - [2009/09/28 07:52:34 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 20:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/06/21 18:57:42 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/17 23:29:08 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/03/17 23:27:52 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/02/03 08:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/08/03 00:00:30 | 000,148,480 | ---- | M] (Xerox Co., Ltd.) [Auto | Running] -- C:\Program Files\Xerox Office Printing\PrintingScout\XCPWDN.EXE -- (XCPSPWD)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 00:00:30 | 000,337,920 | ---- | M] (Xerox Co., Ltd.) [Auto | Running] -- C:\Program Files\Xerox Office Printing\PrintingScout\XCSDBN.EXE -- (XCPSSDB)
SRV:64bit: - [2009/06/09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/15 00:32:40 | 005,480,232 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\Yes Streamer\MediaServer.exe -- (YesMediaServer)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/07/08 06:12:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/17 23:37:16 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/17 23:34:12 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/12/24 00:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 02:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 19:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 19:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 19:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 19:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 19:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 19:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 21:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 23:22:00 | 000,069,376 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/21 13:54:07 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/17 23:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/17 23:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/17 23:33:06 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2010/03/17 23:27:14 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 16:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/02/03 08:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/03 08:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/03 08:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/12/17 17:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2006/11/01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/12/11 16:21:32 | 000,197,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\WinVd32.sys -- (WinVd32)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7fdcda8a-da42-4109-8467-f91d0d88c59e} - C:\Program Files (x86)\YesStreamerBar\prxtbYes0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {bebc2a28-82ab-4cc7-810e-9a3df7a1970f} - C:\Program Files (x86)\Walla\prxtbWal0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.co.il/cse?cx=partner-pub-1045670103905278:twd9k5-6qt8&ie=ISO-8859-8-I&q=&sa=
IE - HKCU\..\URLSearchHook: {7fdcda8a-da42-4109-8467-f91d0d88c59e} - C:\Program Files (x86)\YesStreamerBar\prxtbYes0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "mako LIVE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2365378&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://events.walla.co.il/WidgetEvent.asp?l=Toolbar.&event_type=22&DIvName=defaultHomepage&url=http://www.walla.co.il"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {d45171f3-7da8-4d5a-8257-bcb94b9092aa}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bebc2a28-82ab-4cc7-810e-9a3df7a1970f}:3.5.0.12
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2365378&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/02 09:33:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/24 10:01:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/25 11:56:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/08/25 17:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Extensions
[2012/02/01 02:42:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Firefox\Profiles\ux35p2ep.default\extensions
[2012/01/10 14:10:21 | 000,000,000 | ---D | M] (YesStreamerBar Community Toolbar) -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Firefox\Profiles\ux35p2ep.default\extensions\{7fdcda8a-da42-4109-8467-f91d0d88c59e}
[2012/01/11 14:07:26 | 000,000,000 | ---D | M] (Walla Community Toolbar) -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Firefox\Profiles\ux35p2ep.default\extensions\{bebc2a28-82ab-4cc7-810e-9a3df7a1970f}
[2012/01/11 14:07:27 | 000,000,000 | ---D | M] (mako LIVE Community Toolbar) -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Firefox\Profiles\ux35p2ep.default\extensions\{d45171f3-7da8-4d5a-8257-bcb94b9092aa}
[2010/11/25 14:58:00 | 000,000,921 | ---- | M] () -- C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\Firefox\Profiles\ux35p2ep.default\searchplugins\conduit.xml
[2012/02/01 22:32:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/02/01 22:32:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\SHIMON NAHUM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX35P2EP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/24 10:01:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/10/19 00:47:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/24 10:01:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Shimon Nahum\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Shimon Nahum\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: \u05D7\u05D9\u05E4\u05D5\u05E9 Google = C:\Users\Shimon Nahum\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Walla = C:\Users\Shimon Nahum\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfjhiccppafcjicfalobggnophliocpp\2.2.0.5_1\
CHR - Extension: Gmail = C:\Users\Shimon Nahum\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/02/01 12:38:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AGFormHelperObj Class) - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files (x86)\agat\AGForm\AGFormsHelper.dll (Agat software solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (YesStreamerBar Toolbar) - {7fdcda8a-da42-4109-8467-f91d0d88c59e} - C:\Program Files (x86)\YesStreamerBar\prxtbYes0.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Walla Toolbar) - {bebc2a28-82ab-4cc7-810e-9a3df7a1970f} - C:\Program Files (x86)\Walla\prxtbWal0.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (YesStreamerBar Toolbar) - {7fdcda8a-da42-4109-8467-f91d0d88c59e} - C:\Program Files (x86)\YesStreamerBar\prxtbYes0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Walla Toolbar) - {bebc2a28-82ab-4cc7-810e-9a3df7a1970f} - C:\Program Files (x86)\Walla\prxtbWal0.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (YesStreamerBar Toolbar) - {7FDCDA8A-DA42-4109-8467-F91D0D88C59E} - C:\Program Files (x86)\YesStreamerBar\prxtbYes0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Walla Toolbar) - {BEBC2A28-82AB-4CC7-810E-9A3DF7A1970F} - C:\Program Files (x86)\Walla\prxtbWal0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [XCPSPSP] C:\Program Files\Xerox Office Printing\PrintingScout\XCPSPZ.EXE (Xerox Co., Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IDProtect Monitor] C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (Athena Smartcard Solutions)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: שלח אל OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ש&לח אל OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.117.235.237 62.219.186.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B78B923D-7972-4320-9B07-DCE1B2EA0A72}: DhcpNameServer = 192.168.1.1 192.117.235.237 62.219.186.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4188ABF-FC0E-4DF8-B02F-B9759D2965EA}: DhcpNameServer = 10.170.9.73 10.170.9.74
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========

[2012/02/02 09:34:23 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/02/02 09:34:23 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/02/02 09:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/02 09:34:22 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/02/02 09:34:21 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/02/02 09:34:20 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/02/02 09:34:18 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/02/02 09:34:18 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/02/02 09:33:54 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/02/02 09:33:54 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/02 09:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/02 09:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/01 23:08:00 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Roaming\f-secure
[2012/02/01 23:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/02/01 22:33:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/02/01 22:22:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/01 21:11:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/01 12:36:15 | 000,000,000 | ---D | C] -- C:\found.001
[2012/02/01 12:19:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/01 12:19:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/01 12:19:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/01 12:19:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/01 12:19:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/01 12:15:40 | 004,395,075 | R--- | C] (Swearware) -- C:\Users\Shimon Nahum\Desktop\ComboFix.exe
[2012/01/30 19:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/01/30 19:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/01/30 16:51:37 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Roaming\Malwarebytes
[2012/01/30 16:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/30 16:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/30 16:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/26 11:05:12 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{385CB147-4ED0-4B3E-91E1-C63719B0EA8E}
[2012/01/26 11:04:59 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{80D0F6CB-049D-477D-A5A8-96C1F5F649F0}
[2012/01/25 18:53:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/01/25 18:49:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/25 18:49:30 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/25 16:19:38 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{FF5EB528-A96C-42B9-BF92-96D4EB11D97C}
[2012/01/25 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{F2FDCA97-C4F8-4FB3-B25E-D4F88FF1C617}
[2012/01/25 15:15:04 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{FF6F8596-6D79-4233-9E01-42DB8260895A}
[2012/01/25 12:27:01 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Roaming\dll-files.com
[2012/01/25 12:26:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files.com Fixer
[2012/01/25 12:26:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dll-Files.com Fixer
[2012/01/25 11:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/01/25 11:56:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/01/19 22:50:23 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{EA7EE3EC-908A-4570-AE3E-6CFC2DE79207}
[2012/01/19 22:50:10 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{4E5D4691-1E21-46A9-989A-6929CAE5D0D2}
[2012/01/15 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{DF17F912-0C01-461D-8726-809D028816EE}
[2012/01/15 12:35:14 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{AB3147E7-CFAD-481A-BB40-E664A3CB217F}
[2012/01/11 02:03:09 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Geeks Ltd
[2012/01/11 02:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Geeks Ltd
[2012/01/10 01:42:27 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICEOWS
[2012/01/10 01:42:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ShellExt
[2012/01/10 01:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICEOWS
[2012/01/10 01:26:03 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/01/06 21:22:53 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{3D26B337-A7F1-496D-92D7-CBC723B22405}
[2012/01/06 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{06428AC0-9562-48B7-B81F-18681FF55692}
[2012/01/06 21:19:43 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{0F2C2692-2BEA-4995-BD34-7D8B91ACA9D6}
[2012/01/06 21:19:27 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{3B745707-582B-491A-84A5-400CB1B2835D}
[2012/01/06 21:18:57 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{47FC7888-4BE4-4C17-91E8-A9C33D0B2A27}
[2012/01/06 21:18:44 | 000,000,000 | ---D | C] -- C:\Users\Shimon Nahum\AppData\Local\{75C9B3B5-9EA8-40B8-97AC-E89C38D02A4D}
[4 C:\Users\Shimon Nahum\AppData\Local\*.tmp files -> C:\Users\Shimon Nahum\AppData\Local\*.tmp -> ]
[2 C:\Users\Shimon Nahum\Desktop\*.tmp files -> C:\Users\Shimon Nahum\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/03 15:15:20 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/03 15:15:20 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/03 15:13:14 | 001,153,046 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/03 15:13:14 | 000,627,226 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/03 15:13:14 | 000,364,172 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2012/02/03 15:13:14 | 000,107,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/03 15:13:14 | 000,070,250 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2012/02/03 15:07:10 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/03 15:06:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/03 15:06:36 | 3062,804,480 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 00:14:44 | 000,002,818 | ---- | M] () -- C:\Windows\SysWow64\tversity.cookies
[2012/02/03 00:11:53 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/03 00:11:53 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559488134-2913140368-3833694856-1004UA.job
[2012/02/02 22:34:33 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2012/02/02 22:29:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559488134-2913140368-3833694856-1004Core.job
[2012/02/02 09:34:23 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/02 09:34:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/02/01 12:38:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/01 12:15:52 | 004,395,075 | R--- | M] (Swearware) -- C:\Users\Shimon Nahum\Desktop\ComboFix.exe
[2012/02/01 04:07:35 | 000,000,512 | ---- | M] () -- C:\Users\Shimon Nahum\Desktop\MBR.dat
[2012/01/30 16:51:27 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/30 14:50:03 | 000,000,679 | ---- | M] () -- C:\Users\Shimon Nahum\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/26 09:56:55 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/25 18:42:37 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2012/01/25 12:26:53 | 000,002,014 | ---- | M] () -- C:\Users\Shimon Nahum\Application Data\Microsoft\Internet Explorer\Quick Launch\DLL-Files.com FIXER.lnk
[2012/01/25 11:56:19 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/10 01:42:26 | 000,000,018 | ---- | M] () -- C:\Windows\Winzip32.ini
[4 C:\Users\Shimon Nahum\AppData\Local\*.tmp files -> C:\Users\Shimon Nahum\AppData\Local\*.tmp -> ]
[2 C:\Users\Shimon Nahum\Desktop\*.tmp files -> C:\Users\Shimon Nahum\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/02 22:34:33 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2012/02/02 09:34:23 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/02 09:34:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/02/01 12:27:12 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/02/01 12:27:12 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader 2.lnk
[2012/02/01 12:27:12 | 000,002,468 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/02/01 12:27:12 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/01 12:27:12 | 000,002,084 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
[2012/02/01 12:27:12 | 000,001,448 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/02/01 12:27:12 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/02/01 12:27:12 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/02/01 12:27:12 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/02/01 12:27:12 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/02/01 12:27:12 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/02/01 12:27:12 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/02/01 12:27:12 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/02/01 12:27:12 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/02/01 12:27:12 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/01 12:27:11 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/01 12:27:11 | 000,002,342 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/01 12:27:11 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/02/01 12:27:11 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Nitro PDF Reader.lnk
[2012/02/01 12:27:11 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/01 12:27:11 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/01 12:27:11 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/01 12:27:11 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/02/01 12:27:11 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk
[2012/02/01 12:27:11 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\Biztrade.lnk
[2012/02/01 12:19:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/01 12:19:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/01 12:19:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/01 12:19:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/01 12:19:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/01 04:07:35 | 000,000,512 | ---- | C] () -- C:\Users\Shimon Nahum\Desktop\MBR.dat
[2012/01/30 16:51:27 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/30 14:50:03 | 000,000,679 | ---- | C] () -- C:\Users\Shimon Nahum\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/30 11:09:54 | 000,001,547 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/25 12:27:04 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2012/01/25 12:26:53 | 000,002,014 | ---- | C] () -- C:\Users\Shimon Nahum\Application Data\Microsoft\Internet Explorer\Quick Launch\DLL-Files.com FIXER.lnk
[2012/01/25 12:26:52 | 000,039,712 | ---- | C] () -- C:\Windows\SysWow64\asl.dll
[2012/01/10 01:42:26 | 000,000,018 | ---- | C] () -- C:\Windows\Winzip32.ini
[2011/05/27 23:50:04 | 000,000,000 | ---- | C] () -- C:\Users\Shimon Nahum\AppData\Local\{F07C6039-DFA5-40E0-B2E7-291F640B9A38}
[2011/05/10 09:30:27 | 000,000,000 | ---- | C] () -- C:\Users\Shimon Nahum\AppData\Local\{5057C62D-D4FC-4FDD-A5FB-E83E632D91A4}
[2011/03/04 20:24:50 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/12/19 02:04:29 | 000,008,297 | ---- | C] () -- C:\Users\Shimon Nahum\AppData\Roaming\UserTile.png
[2010/12/11 16:21:32 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
[2010/12/11 16:21:31 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe
[2010/11/26 20:08:03 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/11/22 21:24:37 | 001,179,512 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/22 00:04:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/15 20:32:56 | 000,004,608 | ---- | C] () -- C:\Users\Shimon Nahum\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/20 11:51:02 | 000,708,688 | ---- | C] () -- C:\Windows\SysWow64\LASERToken.dll
[2010/09/20 11:50:52 | 000,905,296 | ---- | C] () -- C:\Windows\SysWow64\AsepcosToken.dll
[2010/09/20 11:50:36 | 000,745,552 | ---- | C] () -- C:\Windows\SysWow64\CNSToken.dll
[2010/07/28 21:08:46 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/07/28 21:08:44 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/07/08 08:37:28 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/07/08 08:37:28 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/07/08 08:37:28 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/08 08:30:29 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/07/08 08:30:29 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2010/07/08 08:30:29 | 000,000,035 | ---- | C] () -- C:\Windows\DELL_LANGCODE.ini
[2010/07/08 08:30:29 | 000,000,033 | ---- | C] () -- C:\Windows\DELL_OSTYPE.ini
[2010/07/08 08:30:29 | 000,000,032 | ---- | C] () -- C:\Windows\WisHWDest.ini
[2010/07/08 08:30:29 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010/07/08 08:30:29 | 000,000,023 | ---- | C] () -- C:\Windows\WisSysInfo.ini
[2010/07/08 06:20:47 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/08/27 08:31:56 | 000,036,944 | ---- | C] () -- C:\Windows\SysWow64\ASESPR.dll
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 23:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 23:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/08/29 15:05:14 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\aseVCAPIB.dll

========== LOP Check ==========

[2011/03/22 09:39:55 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\Babylon
[2011/02/18 19:34:02 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\Bandoo
[2010/10/14 03:27:47 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\DAEMON Tools Lite
[2012/01/25 12:27:01 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\dll-files.com
[2011/11/03 09:55:50 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\Downloaded Installations
[2012/02/01 23:08:00 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\f-secure
[2010/09/21 14:03:56 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\GHISLER
[2011/03/22 15:10:02 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\Leadertech
[2012/01/29 11:33:18 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\Nitro PDF
[2011/10/10 15:14:09 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\OpenCandy
[2011/07/15 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\RayV
[2012/01/30 15:18:20 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\uTorrent
[2010/09/18 11:38:09 | 000,000,000 | ---D | M] -- C:\Users\Shimon Nahum\AppData\Roaming\WildTangent
[2012/01/25 18:42:37 | 000,000,306 | ---- | M] () -- C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job
[2012/02/01 22:35:49 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/02/01 21:30:21 | 000,000,000 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\?.txt) -- C:\Users\Shimon Nahum\Desktop\ג.txt
[2012/02/01 21:30:21 | 000,000,000 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\?.txt) -- C:\Users\Shimon Nahum\Desktop\ג.txt
[2012/02/01 12:27:11 | 000,000,981 | ---- | C] ()(C:\Users\Public\Desktop\??????.lnk) -- C:\Users\Public\Desktop\מוזיקה.lnk
[2012/01/30 21:11:24 | 000,000,000 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\????? ???? ????.txt) -- C:\Users\Shimon Nahum\Desktop\‫מסמך טקסט ‫חדש.txt
[2012/01/30 21:11:24 | 000,000,000 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\????? ???? ????.txt) -- C:\Users\Shimon Nahum\Desktop\‫מסמך טקסט ‫חדש.txt
[2012/01/29 19:11:09 | 000,091,136 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ???? ????.doc) -- C:\Users\Shimon Nahum\Desktop\דוד גבאי שזור.doc
[2012/01/29 19:11:08 | 000,091,136 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ???? ????.doc) -- C:\Users\Shimon Nahum\Desktop\דוד גבאי שזור.doc
[2012/01/29 19:07:08 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\???? - ?????) -- C:\Users\Shimon Nahum\Desktop\גבאי - מערכת
[2012/01/29 19:06:48 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\???? - ?????) -- C:\Users\Shimon Nahum\Desktop\גבאי - מערכת
[2012/01/29 11:59:33 | 000,347,648 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\???? ?????- ????.doc) -- C:\Users\Shimon Nahum\Desktop\חנות פלאפל- סופי.doc
[2012/01/29 11:59:32 | 000,347,648 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\???? ?????- ????.doc) -- C:\Users\Shimon Nahum\Desktop\חנות פלאפל- סופי.doc
[2012/01/29 11:16:43 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$? ??' ??-?????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ר דר' גד-בדיקה.doc
[2012/01/29 11:16:43 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$? ??' ??-?????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ר דר' גד-בדיקה.doc
[2012/01/29 11:08:55 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$? ??? ???? ?????? - ?????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ת שאן עבדל אלחכים - בדיקה.doc
[2012/01/29 11:08:55 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$? ??? ???? ?????? - ?????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ת שאן עבדל אלחכים - בדיקה.doc
[2012/01/29 11:06:14 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$???? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\~$כסנד מוצקין.doc
[2012/01/29 11:06:14 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$???? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\~$כסנד מוצקין.doc
[2012/01/29 10:59:00 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$? ??? ???.doc) -- C:\Users\Shimon Nahum\Desktop\~$ת שאן סמי.doc
[2012/01/29 10:59:00 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$? ??? ???.doc) -- C:\Users\Shimon Nahum\Desktop\~$ת שאן סמי.doc
[2012/01/28 12:05:14 | 000,302,080 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\????? ??? ??(????.doc) -- C:\Users\Shimon Nahum\Desktop\טבריה זיו קפ(סופי.doc
[2012/01/28 12:05:13 | 000,302,080 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\????? ??? ??(????.doc) -- C:\Users\Shimon Nahum\Desktop\טבריה זיו קפ(סופי.doc
[2012/01/28 11:35:05 | 000,604,160 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ??? ???.doc) -- C:\Users\Shimon Nahum\Desktop\בית שאן ליל.doc
[2012/01/28 11:35:04 | 000,604,160 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ??? ???.doc) -- C:\Users\Shimon Nahum\Desktop\בית שאן ליל.doc
[2012/01/28 10:17:57 | 000,067,072 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ??? ???? ?????? - ?????.doc) -- C:\Users\Shimon Nahum\Desktop\בית שאן עבדל אלחכים - בדיקה.doc
[2012/01/28 09:57:43 | 000,067,072 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ??? ???? ?????? - ?????.doc) -- C:\Users\Shimon Nahum\Desktop\בית שאן עבדל אלחכים - בדיקה.doc
[2012/01/27 23:07:16 | 000,065,024 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\???? ?????? ???? ????.doc) -- C:\Users\Shimon Nahum\Desktop\קרית מוצקין קוגן סמדר.doc
[2012/01/27 22:01:55 | 000,595,968 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ??? ???.doc) -- C:\Users\Shimon Nahum\Desktop\בית שאן סמי.doc
[2012/01/27 20:42:19 | 000,595,968 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ??? ???.doc) -- C:\Users\Shimon Nahum\Desktop\בית שאן סמי.doc
[2012/01/26 14:14:41 | 000,073,216 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ?????.doc) -- C:\Users\Shimon Nahum\Desktop\סקר דוגמה.doc
[2012/01/26 14:14:40 | 000,073,216 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ?????.doc) -- C:\Users\Shimon Nahum\Desktop\סקר דוגמה.doc
[2012/01/26 14:03:40 | 000,208,896 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\????? ??? ?? ?? ????.doc) -- C:\Users\Shimon Nahum\Desktop\תיקון סקר דר דג יוסף.doc
[2012/01/26 14:00:29 | 000,208,896 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\????? ??? ?? ?? ????.doc) -- C:\Users\Shimon Nahum\Desktop\תיקון סקר דר דג יוסף.doc
[2012/01/26 13:48:49 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\?? ??????) -- C:\Users\Shimon Nahum\Desktop\גד תמונות
[2012/01/26 13:48:33 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\?? ??????) -- C:\Users\Shimon Nahum\Desktop\גד תמונות
[2012/01/26 13:44:34 | 000,062,464 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ??' ??-?????.doc) -- C:\Users\Shimon Nahum\Desktop\סקר דר' גד-בדיקה.doc
[2012/01/26 13:44:34 | 000,062,464 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ??' ??-?????.doc) -- C:\Users\Shimon Nahum\Desktop\סקר דר' גד-בדיקה.doc
[2012/01/26 13:23:18 | 000,111,616 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\??? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\סקר מריאנה.doc
[2012/01/26 13:19:08 | 000,111,616 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\??? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\סקר מריאנה.doc
[2012/01/26 11:34:14 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\??????) -- C:\Users\Shimon Nahum\Desktop\מרינאה
[2012/01/26 11:33:53 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\??????) -- C:\Users\Shimon Nahum\Desktop\מרינאה
[2012/01/26 10:33:11 | 000,064,512 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\?????? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\אלכסנד מוצקין.doc
[2012/01/26 10:33:10 | 000,064,512 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\?????? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\אלכסנד מוצקין.doc
[2012/01/25 19:23:02 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\??????? 1) -- C:\Users\Shimon Nahum\Desktop\צילומים 1
[2012/01/24 14:40:16 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\?????? ????? 7) -- C:\Users\Shimon Nahum\Desktop\תמונות אירוע 7
[2012/01/24 14:40:06 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\?????? ????? 7) -- C:\Users\Shimon Nahum\Desktop\תמונות אירוע 7
[2012/01/22 16:56:37 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\?????? ????? 6) -- C:\Users\Shimon Nahum\Desktop\עוספיה אירוע 6
[2012/01/22 16:56:28 | 000,470,016 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\?????? ????? 7.doc) -- C:\Users\Shimon Nahum\Desktop\עוספיה אירוע 7.doc
[2012/01/22 14:16:30 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$???? ????? 7.doc) -- C:\Users\Shimon Nahum\Desktop\~$ספיה אירוע 7.doc
[2012/01/22 14:16:30 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$???? ????? 7.doc) -- C:\Users\Shimon Nahum\Desktop\~$ספיה אירוע 7.doc
[2012/01/22 14:16:29 | 000,470,016 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\?????? ????? 7.doc) -- C:\Users\Shimon Nahum\Desktop\עוספיה אירוע 7.doc
[2012/01/22 13:30:34 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\?????? ????? 6) -- C:\Users\Shimon Nahum\Desktop\עוספיה אירוע 6
[2012/01/22 13:11:25 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\Desktop\?????? ????? 5) -- C:\Users\Shimon Nahum\Desktop\עוספיה אירוע 5
[2012/01/22 01:16:34 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\?????? ????? 5) -- C:\Users\Shimon Nahum\Desktop\עוספיה אירוע 5
[2012/01/19 10:36:55 | 002,563,584 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\?-7512863-2.doc) -- C:\Users\Shimon Nahum\Desktop\פ-7512863-2.doc
[2012/01/19 09:54:43 | 002,563,584 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\?-7512863-2.doc) -- C:\Users\Shimon Nahum\Desktop\פ-7512863-2.doc
[2012/01/19 09:43:31 | 000,103,424 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\?????? ??? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\גרגורי בית אליעזר.doc
[2012/01/18 11:42:44 | 000,103,424 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\?????? ??? ??????.doc) -- C:\Users\Shimon Nahum\Desktop\גרגורי בית אליעזר.doc
[2012/01/17 14:48:06 | 000,007,149 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\????? ????? ??.html) -- C:\Users\Shimon Nahum\Desktop\טבריה שמעון רז.html
[2012/01/17 14:48:05 | 000,007,149 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\????? ????? ??.html) -- C:\Users\Shimon Nahum\Desktop\טבריה שמעון רז.html
[2012/01/17 00:27:35 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$?? ???????1111.doc) -- C:\Users\Shimon Nahum\Desktop\~$פח צילומים1111.doc
[2012/01/17 00:27:35 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$?? ???????1111.doc) -- C:\Users\Shimon Nahum\Desktop\~$פח צילומים1111.doc
[2012/01/15 14:46:24 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\????) -- C:\Users\Shimon Nahum\משרד
[2012/01/12 19:09:11 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$??? ??? ????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ריה צור חיים.doc
[2012/01/12 19:09:11 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$??? ??? ????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ריה צור חיים.doc
[2012/01/10 09:05:32 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$?? ?????? ???? ????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ית מוצקין קוגן סמדר.doc
[2012/01/10 09:05:26 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$?? ?????? ???? ????.doc) -- C:\Users\Shimon Nahum\Desktop\~$ית מוצקין קוגן סמדר.doc
[2012/01/10 09:05:25 | 000,065,024 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\???? ?????? ???? ????.doc) -- C:\Users\Shimon Nahum\Desktop\קרית מוצקין קוגן סמדר.doc
[2011/12/26 15:18:05 | 000,029,184 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\???? ???????1111.doc) -- C:\Users\Shimon Nahum\Desktop\נספח צילומים1111.doc
[2011/12/25 12:37:55 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\?????? ?????) -- C:\Users\Shimon Nahum\תמונות למיון
[2011/12/25 09:36:22 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$? ????5.doc) -- C:\Users\Shimon Nahum\Desktop\~$ב עופר5.doc
[2011/12/25 09:36:22 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$? ????5.doc) -- C:\Users\Shimon Nahum\Desktop\~$ב עופר5.doc
[2011/12/15 21:11:09 | 000,000,162 | -H-- | M] ()(C:\Users\Shimon Nahum\Desktop\~$??? ??' ?????? ????.doc) -- C:\Users\Shimon Nahum\Desktop\~$עון דר' מחאמיד יוסף.doc
[2011/12/15 21:11:09 | 000,000,162 | -H-- | C] ()(C:\Users\Shimon Nahum\Desktop\~$??? ??' ?????? ????.doc) -- C:\Users\Shimon Nahum\Desktop\~$עון דר' מחאמיד יוסף.doc
[2011/12/11 13:25:42 | 000,029,184 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\???? ???????1111.doc) -- C:\Users\Shimon Nahum\Desktop\נספח צילומים1111.doc
[2011/12/11 11:26:05 | 000,388,608 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\???? ?? ???.doc) -- C:\Users\Shimon Nahum\Documents\נצרת דר חנא.doc
[2011/12/11 11:26:05 | 000,388,608 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\???? ?? ???.doc) -- C:\Users\Shimon Nahum\Documents\נצרת דר חנא.doc
[2011/12/08 13:36:05 | 000,000,000 | ---D | C](C:\Users\Shimon Nahum\Desktop\??????? 1) -- C:\Users\Shimon Nahum\Desktop\צילומים 1
[2011/11/07 00:51:26 | 000,069,632 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\001 ????? ???? ????- ????? (1).doc) -- C:\Users\Shimon Nahum\Documents\001 אלרנד יורם חיפה- מתוקן (1).doc
[2011/11/07 00:51:26 | 000,069,632 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\001 ????? ???? ????- ????? (1).doc) -- C:\Users\Shimon Nahum\Documents\001 אלרנד יורם חיפה- מתוקן (1).doc
[2011/10/31 19:48:43 | 001,117,184 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\??????? ??? ????.doc) -- C:\Users\Shimon Nahum\Documents\אופטיקה סגל יעקב.doc
[2011/10/31 19:46:58 | 001,117,184 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\??????? ??? ????.doc) -- C:\Users\Shimon Nahum\Documents\אופטיקה סגל יעקב.doc
[2011/10/10 15:15:27 | 000,000,981 | ---- | M] ()(C:\Users\Public\Desktop\??????.lnk) -- C:\Users\Public\Desktop\מוזיקה.lnk
[2011/09/21 22:53:34 | 000,004,101 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\???? ?????.htm) -- C:\Users\Shimon Nahum\Desktop\עינב ביטוח.htm
[2011/09/21 22:53:16 | 000,004,101 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\???? ?????.htm) -- C:\Users\Shimon Nahum\Desktop\עינב ביטוח.htm
[2011/08/18 11:27:10 | 000,458,752 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\?-1301761.doc) -- C:\Users\Shimon Nahum\Documents\ע-1301761.doc
[2011/08/18 11:19:07 | 000,458,752 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\?-1301761.doc) -- C:\Users\Shimon Nahum\Documents\ע-1301761.doc
[2011/07/14 10:44:13 | 000,025,088 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\????? ????? ?- ?-8230427 (???? ????????).xls) -- C:\Users\Shimon Nahum\Documents\גליון עבודה ב- ט-8230427 (נשמר אוטומטית).xls
[2011/07/14 10:44:13 | 000,025,088 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\????? ????? ?- ?-8230427 (???? ????????).xls) -- C:\Users\Shimon Nahum\Documents\גליון עבודה ב- ט-8230427 (נשמר אוטומטית).xls
[2011/06/29 08:59:33 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\????) -- C:\Users\Shimon Nahum\חדרה
[2011/06/21 16:17:40 | 000,164,864 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\?-4658915[1].doc) -- C:\Users\Shimon Nahum\Documents\ע-4658915[1].doc
[2011/06/21 16:17:37 | 000,164,864 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\?-4658915[1].doc) -- C:\Users\Shimon Nahum\Documents\ע-4658915[1].doc
[2011/06/07 09:42:25 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\????? ??) -- C:\Users\Shimon Nahum\אבירם דן
[2011/05/11 13:02:44 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\?????? ???) -- C:\Users\Shimon Nahum\מתכוני מרק
[2011/05/08 12:32:02 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\???? ?????? -????? ???) -- C:\Users\Shimon Nahum\חומר מקצועי -שמאות רכב
[2011/03/24 11:43:12 | 000,279,552 | ---- | M] ()(C:\Users\Shimon Nahum\?-5221023.doc) -- C:\Users\Shimon Nahum\פ-5221023.doc
[2011/03/14 20:42:37 | 000,059,392 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\????? 2.doc) -- C:\Users\Shimon Nahum\Documents\סורדם 2.doc
[2011/03/14 20:41:44 | 000,060,416 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\???.doc) -- C:\Users\Shimon Nahum\Documents\ששש.doc
[2011/03/14 20:40:57 | 000,060,416 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\??22.doc) -- C:\Users\Shimon Nahum\Documents\שש22.doc
[2011/02/18 19:17:31 | 000,062,976 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\0915-???????-?????.doc) -- C:\Users\Shimon Nahum\Documents\0915-ברזילאי-חולתה.doc
[2011/02/18 19:17:29 | 000,062,976 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\0915-???????-?????.doc) -- C:\Users\Shimon Nahum\Documents\0915-ברזילאי-חולתה.doc
[2011/02/16 11:32:49 | 000,060,416 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\??22.doc) -- C:\Users\Shimon Nahum\Documents\שש22.doc
[2011/02/16 11:30:35 | 000,060,416 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\???.doc) -- C:\Users\Shimon Nahum\Documents\ששש.doc
[2011/02/16 11:12:16 | 000,059,392 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\????? 2.doc) -- C:\Users\Shimon Nahum\Documents\סורדם 2.doc
[2011/02/15 12:20:54 | 000,461,961 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\1013-?????? ??? ?????.doc[1].pdf) -- C:\Users\Shimon Nahum\Documents\1013-ציפורי כפר גלעדי.doc[1].pdf
[2011/02/15 12:20:54 | 000,461,961 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\1013-?????? ??? ?????.doc[1].pdf) -- C:\Users\Shimon Nahum\Documents\1013-ציפורי כפר גלעדי.doc[1].pdf
[2011/02/06 11:11:25 | 000,000,000 | ---D | M](C:\Users\Shimon Nahum\??????) -- C:\Users\Shimon Nahum\ירדנית
[2010/12/15 02:25:21 | 000,091,722 | ---- | M] ()(C:\Users\Shimon Nahum\Documents\???? ????? ????.pdf) -- C:\Users\Shimon Nahum\Documents\טופס תביעה עופר.pdf
[2010/12/15 02:25:21 | 000,091,722 | ---- | C] ()(C:\Users\Shimon Nahum\Documents\???? ????? ????.pdf) -- C:\Users\Shimon Nahum\Documents\טופס תביעה עופר.pdf
[2010/09/21 15:26:55 | 000,001,065 | ---- | M] ()(C:\Users\Shimon Nahum\Desktop\????.lnk) -- C:\Users\Shimon Nahum\Desktop\משרד.lnk
[2010/09/21 15:26:55 | 000,001,065 | ---- | C] ()(C:\Users\Shimon Nahum\Desktop\????.lnk) -- C:\Users\Shimon Nahum\Desktop\משרד.lnk
(C:\Users\Shimon Nahum\??????) -- C:\Users\Shimon Nahum\ירדנית
(C:\Users\Shimon Nahum\?????? ?????) -- C:\Users\Shimon Nahum\תמונות למיון
(C:\Users\Shimon Nahum\?????? ???) -- C:\Users\Shimon Nahum\מתכוני מרק
(C:\Users\Shimon Nahum\????? ??) -- C:\Users\Shimon Nahum\אבירם דן
(C:\Users\Shimon Nahum\????) -- C:\Users\Shimon Nahum\משרד
(C:\Users\Shimon Nahum\????) -- C:\Users\Shimon Nahum\חדרה
(C:\Users\Shimon Nahum\???? ?????? -????? ???) -- C:\Users\Shimon Nahum\חומר מקצועי -שמאות רכב

< End of report >
 
Good. It worked :)

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

=============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
hey, I pasted and did the Run Fix with OTL.
and after rebooting a DLL-files.com Fixer came up and started "scanning" my computer.
I'm prety sure it's a malware.. should i continue with the rest of the steps you posted?

here is the log that came up after rebooting with OTL:
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Shimon Nahum
->Temp folder emptied: 176544774 bytes
->Temporary Internet Files folder emptied: 5784475 bytes
->Java cache emptied: 29631 bytes
->FireFox cache emptied: 48410561 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 744 bytes

User: Test
->Temp folder emptied: 1076 bytes
->Temporary Internet Files folder emptied: 60306 bytes
->Flash cache emptied: 0 bytes

User: אורח
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 85882196 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 302.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Shimon Nahum
->Flash cache emptied: 0 bytes

User: Test
->Flash cache emptied: 0 bytes

User: אורח

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Shimon Nahum
->Java cache emptied: 0 bytes

User: Test

User: אורח

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 02032012_192307

Files\Folders moved on Reboot...
C:\Users\Shimon Nahum\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\_avast_\unp231558858.tmp moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
after rebooting a DLL-files.com Fixer came up and started "scanning" my computer.
Click to expand...
It's listed as one of your installed programs.
Uninstall it and then continue with other steps.
 
Way to go!!
p4193510.gif

Good luck and stay safe :)
 
You must log in or register to reply here.

Similar threads

NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni

Latest posts

Back