Welcome to Smokey's Security Forums.
Guests have only limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Smokey's Security Forums now a member of:
AQMRB - Alliance of Qualified Malware Removal Boards™

   AQMRB - Alliance of Qualified Malware Removal Boards™

Multilingual OTL (OldTimer ListIt) Log Analysis * Multilingual OTL Tutorials * OTL Downloads * Malware Removal * Microsoft Security Info & Alert Center * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on Del.icio.usShare this topic on DiggShare this topic on RedditShare this topic on StumbleUponShare this topic on TwitterAuthorTopic: [RESOLVED] [3 Posts] "Fast and Furious 4.exe" / "Trojan horse Dropper.Generic.AQAO"  (Read 1354 times)

0 Members and 1 Guest are viewing this topic.

Black MilkTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 15
Done. Thank you.  :)

Essexboy

  • Leader OTL Log Analysis and Malware Removal Team
  • Administrator
  • *
  • Offline Offline
  • location: Darkest Cornwall
  • Posts: 507
  • .: 1st Responder
Glad to hear - and I now have way to check the recycle out as well thanks to OT

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..Run OTS and hit the cleanup button.  It will remove all the programmes we have used plus itself. 

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

   Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 17.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u17-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u17-windows-i586-p.exe and select "Run as an Administrator.")
VISTA
To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
You are now done

SPRING CLEAN
 
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
THEN

Download and run Auslogics Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?
Keep safe  :wave:

Black MilkTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 15
None.  :)
AVG came up with nothing, it's all gone.
Thank you so much Essexboy!  :icon_e_biggrin:

Essexboy

  • Leader OTL Log Analysis and Malware Removal Team
  • Administrator
  • *
  • Offline Offline
  • location: Darkest Cornwall
  • Posts: 507
  • .: 1st Responder
The big question now is ...  What problems if any are you experiencing ?

Black MilkTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 15
Okay, I removed the two quarantined files.
And attached is a new OTS Fix log.

Thank you very much for your time Essexboy   :)

Essexboy

  • Leader OTL Log Analysis and Malware Removal Team
  • Administrator
  • *
  • Offline Offline
  • location: Darkest Cornwall
  • Posts: 507
  • .: 1st Responder
This is the one area where my scans don't look yet - I will have a word with OT to see if there is a way of looking there  :)  You can delete dr web and the quarantined files as I do not believe you wish to keep those  :D

I will remove the one Dr Web left

Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]
[Unregister Dlls]
[Custom Items]
:files
C:\Windows\Downloaded Program Files\launcher.ocx
:end
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Black MilkTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 15
Okay, I think these tests proved to be useful.

Attached: OTS Fix log, new OTS log (the Dr.Web report is posted at the end of this message).

The Dr.Web CuireIt Express scan came up with nothing, but the complete scan came up with some stuff.
Except for the Dr.Web report (which is posted at the bottom), a CureIt log was also created. Unfortunately it's 50mb in size, so I'll only post what's important (basically it just lists my entire hard drive and a summary at the end).

There is now a file named "Fast and Furious 0.exe" showing in: C:\Users\my username\DoctorWeb\Quarantine (689mb in size)
There is also a file there called "descript.ion" (220 bytes)
What's "descript.ion"? Are these files safe to delete? I'll just wait for further instructions and leave them as they are for now.

Also, the scan came up with an infected file named "launcher.ocx" (C:\Windows\Downloaded Program Files\launcher.ocx), which was incurable, so I cured it manually through the program. Is that ok? It was the only infected file that I was able to cure manually via the program, by the way.

I also reboot my system when everything was finished.

Here are the highlights from CureIt.log:

C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe packed by BINARYRES
>C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe - archive NSIS
>>C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe/data001 - OK
>>C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe/data002 - archive RAR
>>>C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe/data002/coa-faf-xvid.avi - OK
>>C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe/data002 - OK
>>C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe/data003 infected with Win32.HLLW.Autoruner.6554
>C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe - archive contains infected objects - moved

C:\Documents and Settings\איריס\DoctorWeb\Quarantine\descript.ion - OK
C:\Documents and Settings\איריס\DoctorWeb\Quarantine\Fast and Furious 4.exe packed by BINARYRES
>C:\Documents and Settings\איריס\DoctorWeb\Quarantine\Fast and Furious 4.exe - archive NSIS
>>C:\Documents and Settings\איריס\DoctorWeb\Quarantine\Fast and Furious 4.exe/data001 - OK
>>C:\Documents and Settings\איריס\DoctorWeb\Quarantine\Fast and Furious 4.exe/data002 - archive RAR
>>>C:\Documents and Settings\איריס\DoctorWeb\Quarantine\Fast and Furious 4.exe/data002/coa-faf-xvid.avi - OK
>>C:\Documents and Settings\איריס\DoctorWeb\Quarantine\Fast and Furious 4.exe/data002 - OK
>>C:\Documents and Settings\איריס\DoctorWeb\Quarantine\Fast and Furious 4.exe/data003 infected with Win32.HLLW.Autoruner.6554
>C:\Documents and Settings\איריס\DoctorWeb\Quarantine\Fast and Furious 4.exe - archive contains infected objects - moved

C:\Windows\Downloaded Program Files\launcher.ocx is an adware Adware.I2ISolutions

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Scanned: 403014
Infected: 2
Modifications: 0
Suspicious: 0
Adware: 1
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 2
Ignored: 0
Scan speed: 3 Kb/s
Scan time: 11:47:26 (I went to sleep half way through the scan, so...)
-----------------------------------------------------------------------------

C:\Windows\Downloaded Program Files\launcher.ocx - incurable - deleted

=============================================================================
Total session statistics
=============================================================================
Scanned: 431479
Infected: 2
Modifications: 0
Suspicious: 0
Adware: 1
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 1
Renamed: 0
Moved: 2
Ignored: 0
Scan speed: 1 Kb/s
Scan time: 12:28:55
=============================================================================


Dr.Web report:

Fast and Furious 4.exe\data003;C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe;Win32.HLLW.Autoruner.6554;;
Fast and Furious 4.exe;C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU;Archive contains infected objects;Moved.;
Fast and Furious 4.exe\data003;C:\Documents and Settings\איריס\DoctorWeb\Quarantine\Fast and Furious 4.exe;Win32.HLLW.Autoruner.6554;;
Fast and Furious 4.exe;C:\Documents and Settings\איריס\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
launcher.ocx;C:\Windows\Downloaded Program Files;Adware.I2ISolutions;Incurable.Deleted.;


That's it.

Essexboy

  • Leader OTL Log Analysis and Malware Removal Team
  • Administrator
  • *
  • Offline Offline
  • location: Darkest Cornwall
  • Posts: 507
  • .: 1st Responder
OK not a great deal showing there - However, you do have a lot of AV files which may be carrying the infection.  So we shall scan them next

 Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]
[Unregister Dlls]
[Registry - Safe List]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{902da760-7541-11de-b02f-002269f399ed}\shell\AutoRun\command\\"" -> F:\videos\player\winopen.exe \The DaVinci Code.exe [F:\videos\player\winopen.exe "\The DaVinci Code.exe"]
YN -> \{aa4b7f7b-f7ad-11dd-b3cf-002269f399ed} ->
[Files/Folders - Modified Within 30 Days]
NY ->       .lnk -> C:\Users\איריס\Desktop\     .lnk
NY ->        .lnk -> C:\Users\איריס\Desktop\      .lnk
NY ->          .lnk -> C:\Users\איריס\Desktop\        .lnk
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.

I will review the information when it comes back in.

THEN

Please download Dr.Web CureIt .    Save it to your desktop:
  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in the  pop-up window to allow the scan.
  • This will scan the files currently running in memory and if something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select [color="#006400"]Complete scan[/color].
  • Click the green arrow at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Note:this report may need to be renamed to Dr.Web.txt in order to post it on the forum.
  • Please post the Dr.Web.txt report in your next reply
  • Close Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Black MilkTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 15
Thank you for your reply Essexboy.
Sorry about the length, guess I should have attached those logs...
I ran the TFC scan and the OTS scan. Hope I managed to attach the latter...

Essexboy

  • Leader OTL Log Analysis and Malware Removal Team
  • Administrator
  • *
  • Offline Offline
  • location: Darkest Cornwall
  • Posts: 507
  • .: 1st Responder
Hi there that log is a tad big to get posted in one by the looks of it

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
THEN

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS  to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - Shell Spawning
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
    • Under custom scans copy and paste the following
      %SYSTEMDRIVE%\*.exe
      %SYSTEMDRIVE%\eventlog.dll /s /md5
      %SYSTEMDRIVE%\scecli.dll /s /md5
      %SYSTEMDRIVE%\netlogon.dll /s /md5
      %SYSTEMDRIVE%\cngaudit.dll /s /md5
      %SYSTEMDRIVE%\sceclt.dll /s /md5
      %SYSTEMDRIVE%\ntelogon.dll /s /md5
      %SYSTEMDRIVE%\logevent.dll /s /md5
      %SYSTEMDRIVE%\iaStor.sys /s /md5
      %SYSTEMDRIVE%\nvstor.sys /s /md5
      %SYSTEMDRIVE%\atapi.sys /s /md5
      %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
      %SYSTEMDRIVE%\viasraid.sys /s /md5
      %SYSTEMDRIVE%\AGP440.sys /s /md5
      %SYSTEMDRIVE%\vaxscsi.sys /s /md5
      [/list]
      • Now click the Run Scan button on the toolbar.
      • Let it run unhindered until it finishes.
      • When the scan is complete Notepad will open with the report file loaded in it.
      • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
      Please attach the log in your next post.

      To attach a file, do the following:
      • Click Add Reply
      • Under the reply panel is the Attachments Panel
      • Browse for the attachment file you want to upload, then click the green Upload button
      • Once it has uploaded, click the Manage Current Attachments drop down box
      • Click on to insert the attachment into your post

      Black MilkTopic starter

      • Full Member
      • **
      • Offline Offline
      • Posts: 15
      Third and last post:

      OTL Extras:

      OTL Extras logfile created on: 23/11/2009 15:57:43 - Run 1
      OTL by OldTimer - Version 3.1.7.0     Folder = C:\Users\איריס\Desktop
      Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.6001.18828)
      Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy
       
      2.00 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 89.03% Memory free
      4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]
       
      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 221.65 Gb Total Space | 38.02 Gb Free Space | 17.15% Space Free | Partition Type: NTFS
      D: Drive not present or media not loaded
      E: Drive not present or media not loaded
      F: Drive not present or media not loaded
      G: Drive not present or media not loaded
      H: Drive not present or media not loaded
      I: Drive not present or media not loaded
      Drive Q: | 9.77 Gb Total Space | 3.00 Gb Free Space | 30.70% Space Free | Partition Type: NTFS
      Drive S: | 1.46 Gb Total Space | 0.65 Gb Free Space | 44.39% Space Free | Partition Type: NTFS
       
      Computer Name: DAVID
      Current User Name: איריס
      Logged in as Administrator.
       
      Current Boot Mode: Normal
      Scan Mode: Current user
      Company Name Whitelist: Off
      Skip Microsoft Files: Off
      File Age = 30 Days
      Output = Minimal
       
      ========== Extra Registry (SafeList) ==========
       
       
      ========== File Associations ==========
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
      .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
      .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
      .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
      .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
       
      [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
      .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
       
      ========== Shell Spawning ==========
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
      batfile [open] -- "%1" %* File not found
      chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
      cmdfile [open] -- "%1" %* File not found
      comfile [open] -- "%1" %* File not found
      cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
      exefile [open] -- "%1" %* File not found
      helpfile [open] -- Reg Error: Key error.
      hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
      htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
      htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
      htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
      htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
      http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
      https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
      inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
      piffile [open] -- "%1" %* File not found
      regfile [merge] -- Reg Error: Key error.
      scrfile [config] -- "%1" File not found
      scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
      scrfile [open] -- "%1" /S File not found
      txtfile [edit] -- Reg Error: Key error.
      Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
      Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
      Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
      Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
      Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
      CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
       
      ========== Security Center Settings ==========
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      "cval" = 1
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
      "AntiVirusOverride" = 0
      "AntiSpywareOverride" = 0
      "FirewallOverride" = 0
      "VistaSp1" = Reg Error: Unknown registry data type -- File not found
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4097568201-891318238-3029008619-1000]
      "EnableNotifications" = 0
      "EnableNotificationsRef" = 1
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
      "EnableFirewall" = 1
      "DisableNotifications" = 0
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
      "EnableFirewall" = 0
      "DisableNotifications" = 0
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
      "EnableFirewall" = 0
      "DisableNotifications" = 0
       
      ========== Authorized Applications List ==========
       
       
      ========== Vista Active Open Ports Exception List ==========
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{14CD58AC-6428-42A5-94AA-2811C880479C}" = lport=20601 | protocol=17 | dir=in | name=bitcomet 20601 udp |
      "{1526F8F0-F294-48CB-ABCB-95C669A56A81}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
      "{1C4E8E1C-2354-4B30-9537-A314E1FBDE98}" = rport=138 | protocol=17 | dir=out | app=system |
      "{2375B2E0-51FC-44A0-A8BF-6371B926A8D6}" = lport=48982 | protocol=17 | dir=in | name=emule udp |
      "{49880F5F-E493-4CE9-969E-F186461CDC21}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
      "{49E39B55-7C3F-4D78-8303-6066F4FEF567}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
      "{61205922-68DB-4290-948A-0366E8788045}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
      "{6837F8B3-DF45-4B17-802B-DED849EA68D8}" = rport=445 | protocol=6 | dir=out | app=system |
      "{78CE222A-1271-4CE5-A01C-491F6A923B09}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
      "{7EDC4AEB-41FE-4AE4-85EC-3C74016E7709}" = rport=137 | protocol=17 | dir=out | app=system |
      "{7F688D28-5E0C-48D1-80F9-CAF732D23AF2}" = lport=12147 | protocol=6 | dir=in | name=bitcomet 12147 tcp |
      "{8CFF943F-8EC2-4CDB-9E85-5727A0488474}" = lport=2869 | protocol=6 | dir=in | app=system |
      "{8E81835E-74CE-4794-AC30-CCC1ADE7CF57}" = lport=26716 | protocol=17 | dir=in | name=bitcomet 26716 udp |
      "{9689C29E-4A10-4653-99A5-81AFBF755B3E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
      "{A1DA4E07-6A57-4273-B21E-03D45B13426A}" = lport=26716 | protocol=6 | dir=in | name=bitcomet 26716 tcp |
      "{A251D2BE-05D9-4E09-A12D-DBE0BD4B2A28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
      "{AEF83E4B-8E9B-4DD4-B612-3F2FCE5B5CFA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
      "{B5418761-61D9-4C80-91DE-E5EF0FA18E8D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
      "{B6D912AC-E6B3-4D97-837D-26DBF42A775C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
      "{BB91C055-A3E3-4503-80EA-0DED1C2B73FB}" = lport=139 | protocol=6 | dir=in | app=system |
      "{BC3C2940-DCF2-45FC-84D0-4502DA2BC2FB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
      "{D47D30C8-6563-446D-AF64-B7B54CCE81CC}" = lport=12147 | protocol=6 | dir=in | name=emule tcp |
      "{D4D533F7-4A78-4E7B-8267-24D9DFE88C24}" = lport=12147 | protocol=17 | dir=in | name=bitcomet 12147 udp |
      "{DC4005CB-5985-4912-8B5F-357825AC8B3D}" = lport=137 | protocol=17 | dir=in | app=system |
      "{E6FAD59A-B8F9-4651-B73E-3A6935812B50}" = lport=138 | protocol=17 | dir=in | app=system |
      "{F3DFE9F6-EED2-485B-BE91-7032672A870C}" = lport=20601 | protocol=6 | dir=in | name=bitcomet 20601 tcp |
      "{F56C4A73-01D9-4AF5-8F39-B9148BFB3EFC}" = lport=445 | protocol=6 | dir=in | app=system |
      "{FE6BB987-4204-494A-9426-E449BB2E57BA}" = rport=139 | protocol=6 | dir=out | app=system |
       
      ========== Vista Active Application Exception List ==========
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{0397D343-1309-4DD8-A4B2-2B314E9E77C1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
      "{054A7DFF-7231-4041-93AA-631BBB2FA72E}" = protocol=17 | dir=in | app=c:\program files\team jpn\spiderman web of shadows\image\pc\spider-man web of shadows.exe |
      "{1BD80C0D-9FAF-4A4A-983E-56F0D898F993}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
      "{217306EC-ECFE-46CB-BF70-6A67B91A2F98}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
      "{2242D925-2B07-49C0-89D0-F4D53FE06F42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
      "{2E0DAFA7-81EA-4C3C-824E-7EE8840B903B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
      "{3615DC8D-4A28-4D1A-A0D8-281685895224}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
      "{4523DBC4-C446-403E-914F-8DCA015999BA}" = protocol=17 | dir=in | app=c:\program files\playlogic\worldshift\bin\worldshift.exe |
      "{4A712209-8B7F-4771-BBEB-3D518A0D816D}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
      "{5064848E-060E-4C38-8C34-02B7CC4A1364}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
      "{55512657-650F-444D-8DCB-FF6CEECC876C}" = protocol=6 | dir=in | app=c:\program files\activision\spider-man - web of shadows\image\pc\spider-man web of shadows.exe |
      "{5DD7AA30-6ACB-4DC6-B4B5-D667FE87F4FD}" = protocol=17 | dir=in | app=c:\program files\activision\spider-man - web of shadows\image\pc\spider-man web of shadows.exe |
      "{62BE9815-947C-4476-A4D9-61E87D4D28A3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
      "{7B655A1D-AA05-44D6-AA7B-B36173FDBC33}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
      "{7B872A4B-2B0B-4281-9BE6-D6B03AF592FF}" = protocol=6 | dir=in | app=c:\program files\playlogic\worldshift\bin\worldshift.exe |
      "{7CE18639-87C8-434E-9136-EC50E4F2D69F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
      "{94382E16-1886-4DF7-ABFA-14E87CAE5C1B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
      "{BF430D41-1657-4B12-9119-C677A11ECC02}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
      "{C54F749D-BDF6-40BF-8DD2-C062448FEA60}" = protocol=6 | dir=in | app=c:\program files\team jpn\spiderman web of shadows\image\pc\spider-man web of shadows.exe |
      "{D26F5FB0-96A6-4F03-926E-14E5F1A66D8C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
      "{D5A780B1-3926-4EC2-A045-223D0F6A77FD}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
      "{F28990B9-6185-4335-A8FF-34B26A9680FF}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
      "TCP Query User{1B04D1C9-5A21-471F-8E99-652C868B9DC5}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
      "TCP Query User{7BB44F2C-8F0B-49A8-AF55-335091FEA469}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
      "TCP Query User{9AC00AF6-E683-4CC0-8374-49FBAD11FFF3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
      "TCP Query User{F11E50CE-8383-4863-8D99-14BCF32A5CD4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
      "UDP Query User{2D1BC8E5-1285-4393-BDF2-0D114C493C5C}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
      "UDP Query User{38D971B7-957F-4E61-BB87-2BF14D34EFAF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
      "UDP Query User{BBBD4648-6DE0-4D71-8DAB-4BDBB63A9DFB}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
      "UDP Query User{E621414A-990D-4D02-B623-CC55F8B6B181}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
       
      ========== HKEY_LOCAL_MACHINE Uninstall List ==========
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
      "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
      "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.1.0.5100
      "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
      "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
      "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = כלי ההעלאה של Windows Live
      "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
      "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
      "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
      "{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
      "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
      "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
      "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
      "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
      "{3D5C877F-8C4B-4623-BAD0-1BCD6FEA297B}" = Windows Live Essentials
      "{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
      "{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
      "{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
      "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
      "{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
      "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
      "{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
      "{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement
      "{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
      "{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
      "{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
      "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
      "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
      "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
      "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
      "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
      "{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
      "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
      "{83FB9DEC-89ED-4D9D-AE85-F2752D107C79}" = Windows Live Messenger
      "{85AFE875-7ACC-48CE-B87B-B51188602741}" = Windows Live Toolbar
      "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
      "{885A5214-9CDD-40E0-A89D-7672588748E1}" = Windows Live Call
      "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
      "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
      "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
      "{9011040D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
      "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
      "{9208F706-6528-4591-A997-F41395FBD8A7}" = Spider-Man(TM) - Web of Shadows 1.1 Patch
      "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
      "{961688FD-5FD8-3D21-BE82-ACB1800EBEA2}" = Microsoft .NET Framework 3.5 Language Pack SP1 - heb
      "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
      "{A6D96D8E-04C4-47E8-A681-F7C9C6444B9A}" = NVIDIA PhysX v8.06.16
      "{A8DE8C34-7F51-4cc8-B326-C425793EE741}" = The Chronicles of Riddick: Escape From Butcher Bay
      "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
      "{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
      "{AF70B943-5081-4BD8-88F2-75637FD34364}" = ThinkVantage Status Gadget
      "{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
      "{B1F625EB-9691-4889-A864-DA085739F3F0}" = Power Ux Customization
      "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
      "{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
      "{BCBA462D-3E1B-416C-89F8-492020D4BBF4}" = מסייע הכניסה של Windows Live
      "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
      "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
      "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
      "{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
      "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
      "{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}" = Command & Conquer™ Red Alert™ 3 Uprising
      "{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
      "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
      "{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
      "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
      "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
      "{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
      "{F691A1F5-2789-46CE-A45A-57763198D384}" = FxVisor
      "{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer
      "{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
      "{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
      "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
      "7-Zip" = 7-Zip 4.65
      "AC3Filter" = AC3Filter (remove only)
      "Adobe AIR" = Adobe AIR
      "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
      "AT&T Connect Participant" = AT&T Connect Participant
      "AVG9Uninstall" = AVG Free 9.0
      "AVI & MPEG Splitter_is1" = AVI & MPEG Splitter 1.48
      "Babylon" = Babylon
      "BitComet" = BitComet 1.12
      "CCleaner" = CCleaner (remove only)
      "CNXT_AUDIO_HDA" = Conexant HD Audio
      "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
      "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
      "COMODO Internet Security" = COMODO Internet Security
      "Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
      "eMule" = eMule
      "ffdshow_is1" = ffdshow [rev 2280] [2008-11-02]
      "Foxit PDF Editor" = Foxit PDF Editor
      "FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
      "Free Download Manager_is1" = Free Download Manager 3.0
      "HDMI" = Intel(R) Graphics Media Accelerator Driver
      "HebPod Pro" = HebPod Pro
      "ImgBurn" = ImgBurn
      "InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
      "InstallShield_{9208F706-6528-4591-A997-F41395FBD8A7}" = Spider-Man(R) - Web of Shadows(TM) 1.1 Patch
      "iPodHE" = iPodHE - הסרת התוכנה
      "Lenovo Registration" = Lenovo Registration
      "LENOVO.SMIIF" = Lenovo System Interface Driver
      "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
      "Microsoft .NET Framework 3.5 Language Pack SP1 - heb" = ערכת שפה של Microsoft .NET Framework 3.5 SP1  - heb
      "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
      "mIRC" = mIRC
      "Monkey's Audio_is1" = Monkey's Audio
      "Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
      "MP3 Splitter & Joiner_is1" = MP3 Splitter & Joiner
      "Mp3tag" = Mp3tag v2.43
      "OnScreenDisplay" = On Screen Display
      "PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
      "ProInst" = Intel PROSet Wireless
      "SubtitleWorkshop" = Subtitle Workshop 2.51
      "USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
      "Winamp" = Winamp
      "WinLiveSuite_Wave3" = Windows Live Essentials
      "WinRAR archiver" = WinRAR archiver
      "WorldShift" = WorldShift
      "XP Codec Pack" = XP Codec Pack
       
      ========== Last 10 Event Log Errors ==========
       
      [ Application Events ]
      Error - 19/11/2009 09:32:13 | Computer Name = david | Source = VSS | ID = 8194
      Description =
       
      Error - 19/11/2009 09:33:00 | Computer Name = david | Source = System Restore | ID = 8193
      Description =
       
      Error - 19/11/2009 09:45:47 | Computer Name = david | Source = System Restore | ID = 8193
      Description =
       
      Error - 19/11/2009 10:12:27 | Computer Name = david | Source = System Restore | ID = 8193
      Description =
       
      Error - 22/11/2009 02:40:59 | Computer Name = david | Source = VSS | ID = 8194
      Description =
       
      Error - 22/11/2009 02:41:52 | Computer Name = david | Source = VSS | ID = 8194
      Description =
       
      Error - 22/11/2009 14:21:59 | Computer Name = david | Source = System Restore | ID = 8193
      Description =
       
      Error - 22/11/2009 14:40:21 | Computer Name = david | Source = System Restore | ID = 8193
      Description =
       
      Error - 22/11/2009 15:38:13 | Computer Name = david | Source = WinMgmt | ID = 10
      Description =
       
      Error - 23/11/2009 06:42:22 | Computer Name = david | Source = WinMgmt | ID = 10
      Description =
       
      [ Media Center Events ]
      Error - 26/03/2009 11:19:21 | Computer Name = david | Source = Media Center Guide | ID = 0
      Description = ‏‏נתוני אירוע: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32
      GetLastError returned 0D ‏ תהליך: DefaultDomain‏ שם אוביקט: Media Center Guide‏
       
      Error - 26/03/2009 14:24:12 | Computer Name = david | Source = Media Center Guide | ID = 0
      Description = ‏‏נתוני אירוע: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
       returned 10000105 ‏ תהליך: DefaultDomain‏ שם אוביקט: Media Center Guide‏
       
      Error - 27/03/2009 12:08:04 | Computer Name = david | Source = Media Center Guide | ID = 0
      Description = ‏‏נתוני אירוע: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
       returned 10000105 ‏ תהליך: DefaultDomain‏ שם אוביקט: Media Center Guide‏
       
      Error - 27/03/2009 13:39:56 | Computer Name = david | Source = Media Center Guide | ID = 0
      Description = ‏‏נתוני אירוע: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
       returned 10000105 ‏ תהליך: DefaultDomain‏ שם אוביקט: Media Center Guide‏
       
      Error - 20/04/2009 06:32:16 | Computer Name = david | Source = Media Center Guide | ID = 0
      Description = ‏‏נתוני אירוע: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
       returned 10000105 ‏ תהליך: DefaultDomain‏ שם אוביקט: Media Center Guide‏
       
      Error - 20/04/2009 06:32:24 | Computer Name = david | Source = Media Center Guide | ID = 0
      Description = ‏‏נתוני אירוע: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
       returned 10000105 ‏ תהליך: DefaultDomain‏ שם אוביקט: Media Center Guide‏
       
      Error - 20/04/2009 06:35:25 | Computer Name = david | Source = Media Center Guide | ID = 0
      Description = ‏‏נתוני אירוע: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
       returned 10000105 ‏ תהליך: DefaultDomain‏ שם אוביקט: Media Center Guide‏
       
       
      ========== Last 10 Event Log Errors ==========
       
      Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
       
      < End of report >


      Also, I ran AVG again after all these scans and the 2 files are still there.
      That's all. Your help is greatly appreciated. Thanks a lot.
      David

      Black MilkTopic starter

      • Full Member
      • **
      • Offline Offline
      • Posts: 15
      Second post:

      OTL log:

      OTL logfile created on: 23/11/2009 15:57:43 - Run 1
      OTL by OldTimer - Version 3.1.7.0     Folder = C:\Users\איריס\Desktop
      Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.6001.18828)
      Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy
       
      2.00 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 89.03% Memory free
      4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]
       
      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 221.65 Gb Total Space | 38.02 Gb Free Space | 17.15% Space Free | Partition Type: NTFS
      D: Drive not present or media not loaded
      E: Drive not present or media not loaded
      F: Drive not present or media not loaded
      G: Drive not present or media not loaded
      H: Drive not present or media not loaded
      I: Drive not present or media not loaded
      Drive Q: | 9.77 Gb Total Space | 3.00 Gb Free Space | 30.70% Space Free | Partition Type: NTFS
      Drive S: | 1.46 Gb Total Space | 0.65 Gb Free Space | 44.39% Space Free | Partition Type: NTFS
       
      Computer Name: DAVID
      Current User Name: איריס
      Logged in as Administrator.
       
      Current Boot Mode: Normal
      Scan Mode: Current user
      Company Name Whitelist: Off
      Skip Microsoft Files: Off
      File Age = 30 Days
      Output = Minimal
       
      ========== Processes (SafeList) ==========
       
      PRC - C:\Users\איריס\Desktop\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
      PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
      PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
      PRC - C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
      PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
      PRC - C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
      PRC - C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
      PRC - C:\Program Files\XP Codec Pack\mpc\mplayerc.exe (Gabest)
      PRC - C:\Windows\explorer.exe (Microsoft Corporation)
      PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)
      PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
      PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
      PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
      PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
      PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
      PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
      PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
      PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
      PRC - C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)
      PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
      PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
       
       
      ========== Modules (SafeList) ==========
       
      MOD - C:\Users\איריס\Desktop\OTL.exe (OldTimer Tools)
      MOD - C:\Windows\System32\guard32.dll (COMODO)
      MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
      MOD - C:\Program Files\Babylon\Babylon-Pro\captlib.dll (Babylon Ltd.)
      MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
       
       
      ========== Win32 Services (SafeList) ==========
       
      SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
      SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
      SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
      SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
      SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
      SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
      SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
      SRV - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
      SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
      SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
      SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
      SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
      SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
      SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
      SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
      SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
      SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
      SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
      SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
      SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
      SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
      SRV - (FNF5SVC) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)
      SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
      SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
      SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
      SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
      SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
      SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
      SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
      SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
      SRV - (PMSveH) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe (Lenovo)
      SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
      SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
       
       
      ========== Driver Services (SafeList) ==========
       
      DRV - (Inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
      DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
      DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdguard.sys (COMODO)
      DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
      DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
      DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
      DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
      DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
      DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
      DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
      DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
      DRV - (tvtfilter) -- C:\Windows\System32\drivers\tvtfilter.sys (Lenovo)
      DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
      DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
      DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
      DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
      DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
      DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
      DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
      DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
      DRV - (vm331avs) -- C:\Windows\System32\drivers\vm331avs.sys (Vimicro Corporation)
      DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
      DRV - (tvtumon) -- C:\Windows\System32\drivers\tvtumon.sys (Lenovo)
      DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
      DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
      DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
      DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
      DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
      DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
      DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
      DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
      DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
      DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
      DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
      DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
      DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
      DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
      DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
      DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
      DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
      DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
      DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
      DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
      DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
      DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
      DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
      DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
      DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
      DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
      DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
      DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
      DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
      DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
      DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
      DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
      DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
      DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
      DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
      DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
      DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
      DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
      DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
      DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
      DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
      DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
      DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
      DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
      DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
      DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
      DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
      DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
      DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
      DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
      DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
      DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
      DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
      DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
      DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
      DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
      DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
      DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant)
      DRV - (Aspi32) -- C:\Windows\System32\drivers\aspi32.sys (Adaptec)
       
       
      ========== Standard Registry (SafeList) ==========
       
       
      ========== Internet Explorer ==========
       
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
       
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/3000notebook [binary data]
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
       
      ========== FireFox ==========
       
      FF - prefs.js..browser.startup.homepage: "http://www.google.co.il/"
      FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
      FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
      FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
      FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
      FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
      FF - prefs.js..extensions.enabledItems: {45925a5c-e3de-447f-bed2-ded87acae111}:1.9
      FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
       
      FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 01:12:55 | 00,000,000 | ---D | M]
      FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/10 14:13:12 | 00,000,000 | ---D | M]
      FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/30 20:31:57 | 00,000,000 | ---D | M]
      FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/30 20:31:57 | 00,000,000 | ---D | M]
       
      [2009/01/20 00:52:35 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\mozilla\Extensions
      [2009/01/20 00:52:35 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
      [2009/11/22 20:07:08 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\mozilla\Firefox\Profiles\gnpixu0o.default\extensions
      [2009/07/01 11:32:31 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\mozilla\Firefox\Profiles\gnpixu0o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
      [2009/10/02 10:00:34 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\mozilla\Firefox\Profiles\gnpixu0o.default\extensions\{45925a5c-e3de-447f-bed2-ded87acae111}
      [2009/06/05 17:36:40 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\mozilla\Firefox\Profiles\gnpixu0o.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
      [2009/10/02 10:00:27 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\mozilla\Firefox\Profiles\gnpixu0o.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
      [2009/11/06 14:38:02 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\mozilla\Firefox\Profiles\gnpixu0o.default\extensions\SkipScreen@SkipScreen
      [2009/10/02 10:00:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
      [2009/01/21 12:12:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{45925a5c-e3de-447f-bed2-ded87acae111}
      [2009/10/30 20:31:57 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      [2009/10/30 20:31:56 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
      [2009/10/30 20:31:56 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
      [2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
      [2009/10/30 20:31:56 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
      [2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
      [2009/01/26 23:04:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
      [2009/01/26 23:04:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
      [2009/01/26 23:04:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
      [2009/01/26 23:04:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
      [2009/01/26 23:04:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
      [2009/01/26 23:04:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
      [2009/01/26 23:04:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
      [2009/10/04 11:23:52 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
      [2009/10/04 11:23:52 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
      [2009/03/29 16:02:23 | 00,002,194 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
      [2009/10/04 11:23:52 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
      [2009/10/04 11:23:52 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
      [2009/10/04 11:23:52 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
      [2009/10/04 11:23:52 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
      [2009/10/04 11:23:52 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
       
      O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1       localhost
      O1 - Hosts: ::1             localhost
      O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
      O2 - BHO: (עוזר הכניסה של Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
      O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
      O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
      O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
      O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
      O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
      O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
      O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
      O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
      O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
      O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
      O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
      O4 - HKLM..\Run: [NWEReboot]  File not found
      O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
      O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
      O8 - Extra context menu item: &יצא ל- Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
      O8 - Extra context menu item: Download all by Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
      O8 - Extra context menu item: Download by Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
      O8 - Extra context menu item: Download selected by Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
      O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
      O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found
      O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
      O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
      O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
      O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
      O9 - Extra Button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
      O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
      O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
      O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
      O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
      O13 - gopher Prefix: missing
      O15 - HKCU\..Trusted Domains: tapuz.co.il ([www] http in Trusted sites)
      O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
      O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
      O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
      O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} http://www.tapuz.co.il/irc/main/launcher.cab (LauncherV1 Class)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 194.90.1.5 212.143.212.143
      O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
      O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp - No CLSID value found
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
      O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
      O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
      O31 - SafeBoot: AlternateShell - cmd.exe
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2006/09/18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O32 - AutoRun File - [2008/06/10 18:32:46 | 00,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
      O32 - AutoRun File - [2008/06/03 00:46:54 | 00,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ]
      O33 - MountPoints2\{312730fb-dd2f-11dd-8e7d-002269f399ed}\Shell - "" = AutoRun
      O33 - MountPoints2\{312730fb-dd2f-11dd-8e7d-002269f399ed}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
      O33 - MountPoints2\{65201ec2-b11b-11dd-93b2-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{65201ec2-b11b-11dd-93b2-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008/07/21 18:09:40 | 00,262,144 | -HS- | M] (Lenovo Group Limited)
      O33 - MountPoints2\{66e78e1f-3baf-11de-a65c-002269f399ed}\Shell - "" = AutoRun
      O33 - MountPoints2\{66e78e1f-3baf-11de-a65c-002269f399ed}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
      O33 - MountPoints2\{902da760-7541-11de-b02f-002269f399ed}\Shell\AutoRun\command - "" = F:\videos\player\winopen.exe \The DaVinci Code.exe -- File not found
      O33 - MountPoints2\{aa4b7f7b-f7ad-11dd-b3cf-002269f399ed}\Shell - "" = AutoRun
      O33 - MountPoints2\{aa4b7f7b-f7ad-11dd-b3cf-002269f399ed}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
      O33 - MountPoints2\{aca4ebd7-b112-11dd-8553-001eec9af225}\Shell - "" = AutoRun
      O33 - MountPoints2\{aca4ebd7-b112-11dd-8553-001eec9af225}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008/07/30 00:37:58 | 00,180,224 | -HS- | M] ()
      O33 - MountPoints2\F\Shell - "" = AutoRun
      O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
      O34 - HKLM BootExecute: (autocheck) -  File not found
      O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
      O34 - HKLM BootExecute: (*) -  File not found
      O35 - comfile [open] -- "%1" %* File not found
      O35 - exefile [open] -- "%1" %* File not found
       
      ========== Files/Folders - Created Within 30 Days ==========
       
      [2009/11/23 15:53:25 | 00,472,064 | ---- | C] ( ) -- C:\Users\איריס\Desktop\RootRepeal.exe
      [2009/11/23 13:17:45 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\איריס\Desktop\HJTInstall.exe
      [2009/11/23 13:15:38 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Users\איריס\Desktop\OTL.exe
      [2009/11/23 13:08:48 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Users\איריס\Desktop\TFC.exe
      [2009/11/20 10:54:24 | 00,000,000 | ---D | C] -- C:\Users\איריס\Desktop\KW
      [2009/11/19 22:37:35 | 00,000,000 | ---D | C] -- C:\Users\איריס\Desktop\TW
      [2009/11/19 16:12:26 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
      [2009/11/19 16:12:26 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
      [2009/11/19 16:12:26 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
      [2009/11/19 15:45:47 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
      [2009/11/19 15:36:36 | 00,000,000 | ---D | C] -- C:\Users\איריס\AppData\Roaming\WorldShift
      [2009/11/19 15:31:33 | 00,000,000 | ---D | C] -- C:\Program Files\Playlogic
      [2009/11/19 15:05:22 | 00,000,000 | ---D | C] -- C:\Users\איריס\Desktop\C.A.C.Red.Alert.3.Uprising-RELOADED
      [2009/11/13 11:50:42 | 00,000,000 | ---D | C] -- C:\Users\איריס\AppData\Local\Microsoft Games
      [2009/11/12 03:01:23 | 00,000,000 | ---D | C] -- C:\3f0bef8f1f7379a07cf3f65e0fe016be
      [2009/11/11 15:22:31 | 02,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
      [2009/11/11 15:21:40 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
      [2009/11/10 14:35:20 | 00,000,000 | ---D | C] -- C:\Users\איריס\Documents\The Path
      [2009/11/10 14:35:20 | 00,000,000 | ---D | C] -- C:\Users\איריס\AppData\Roaming\The Path
      [2009/11/09 18:14:08 | 00,000,000 | -H-D | C] -- C:\$AVG
      [2009/11/09 18:13:20 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
      [2009/11/05 19:46:28 | 00,000,000 | ---D | C] -- C:\Program Files\Starbreeze Studios
      [2009/11/04 15:04:45 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
      [2009/11/04 15:04:44 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
      [2009/11/02 18:33:28 | 00,000,000 | ---D | C] -- C:\Users\איריס\Desktop\Ramzor
      [2009/10/29 19:16:53 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
      [2009/10/29 19:16:51 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
      [2009/10/29 19:16:50 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
      [2004/11/24 21:25:52 | 00,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
       
      ========== Files - Modified Within 30 Days ==========
       
      [2009/11/23 15:57:08 | 02,621,440 | -HS- | M] () -- C:\Users\איריס\ntuser.dat
      [2009/11/23 15:53:57 | 00,000,000 | ---- | M] () -- C:\Users\איריס\Desktop\settings.dat
      [2009/11/23 15:39:36 | 45,612,964 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
      [2009/11/23 15:38:54 | 00,098,641 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
      [2009/11/23 15:35:34 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
      [2009/11/23 15:35:34 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
      [2009/11/23 15:35:28 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
      [2009/11/23 15:35:21 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2009/11/23 15:35:18 | 31,798,76352 | -HS- | M] () -- C:\hiberfil.sys
      [2009/11/23 15:34:20 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
      [2009/11/23 15:34:19 | 00,524,288 | -HS- | M] () -- C:\Users\איריס\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
      [2009/11/23 15:34:19 | 00,065,536 | -HS- | M] () -- C:\Users\איריס\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
      [2009/11/23 15:28:44 | 04,282,602 | -H-- | M] () -- C:\Users\איריס\AppData\Local\IconCache.db
      [2009/11/23 13:57:07 | 57,831,0144 | ---- | M] () -- C:\Users\איריס\Desktop\dexter.409.hdtv.xvid-sys.avi
      [2009/11/23 13:17:59 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\איריס\Desktop\HJTInstall.exe
      [2009/11/23 13:16:14 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\איריס\Desktop\OTL.exe
      [2009/11/23 13:08:56 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Users\איריס\Desktop\TFC.exe
      [2009/11/23 11:57:42 | 00,067,483 | ---- | M] () -- C:\Users\איריס\Desktop\dexter.409.hdtv.xvid-sys.srt
      [2009/11/23 08:15:40 | 00,060,376 | ---- | M] () -- C:\Users\איריס\Desktop\Pandorum.srt
      [2009/11/22 20:43:08 | 00,001,043 | ---- | M] () -- C:\Users\איריס\Desktop\Tiberium Wars.lnk
      [2009/11/22 20:42:43 | 00,001,151 | ---- | M] () -- C:\Users\איריס\Desktop\Kane's Wrath.lnk
      [2009/11/22 13:59:38 | 00,045,704 | ---- | M] () -- C:\Users\איריס\Desktop\greys.anatomy.s06e10.hdtv.xvid-2hd.srt
      [2009/11/21 21:57:23 | 73,421,2096 | ---- | M] () -- C:\Users\איריס\Desktop\Pandorum.avi
      [2009/11/20 21:18:34 | 00,034,629 | ---- | M] () -- C:\Users\איריס\Desktop\The.Prisoner.2009.Part01.Arrival.HDTV.XviD-FQM.srt
      [2009/11/20 11:07:31 | 00,025,600 | ---- | M] () -- C:\Users\איריס\Desktop\Dear Mary.doc
      [2009/11/20 03:51:56 | 36,750,1738 | ---- | M] () -- C:\Users\איריס\Desktop\greys.anatomy.s06e10.hdtv.xvid-2hd.avi
      [2009/11/19 21:27:19 | 00,181,760 | ---- | M] () -- C:\Users\איריס\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2009/11/19 16:22:04 | 00,001,062 | ---- | M] () -- C:\Users\איריס\Desktop\RA3 Uprising.lnk
      [2009/11/19 16:09:35 | 00,000,980 | ---- | M] () -- C:\Users\איריס\Desktop\RA3.lnk
      [2009/11/19 15:36:39 | 00,001,050 | ---- | M] () -- C:\Users\Public\Desktop\WorldShift.lnk
      [2009/11/19 14:44:19 | 00,030,720 | ---- | M] () -- C:\Users\איריס\Desktop\קורות חיים דוידי.doc
      [2009/11/18 15:05:37 | 73,189,1712 | ---- | M] () -- C:\Users\איריס\Desktop\inglourious.basterds.cd2.avi
      [2009/11/18 13:26:44 | 00,048,218 | ---- | M] () -- C:\Users\איריס\Desktop\inglourious.basterds.cd2.srt
      [2009/11/18 13:26:20 | 00,060,272 | ---- | M] () -- C:\Users\איריס\Desktop\inglourious.basterds.cd1.srt
      [2009/11/17 23:27:16 | 73,390,8992 | ---- | M] () -- C:\Users\איריס\Desktop\inglourious.basterds.cd1.avi
      [2009/11/17 18:34:21 | 73,492,8896 | ---- | M] () -- C:\Users\איריס\Desktop\Paranormal.Activity.LIMITED.DVDSCR.XViD-BLUR.avi
      [2009/11/16 14:18:06 | 00,066,179 | ---- | M] () -- C:\Users\איריס\Desktop\Zombieland.srt
      [2009/11/16 10:54:52 | 36,712,8917 | ---- | M] () -- C:\Users\איריס\Desktop\The.Prisoner.2009.Part01.Arrival.HDTV.XviD-FQM.avi
      [2009/11/15 20:43:39 | 76,583,4240 | ---- | M] () -- C:\Users\איריס\Desktop\Ajami.avi
      [2009/11/12 03:21:28 | 00,403,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
      [2009/11/11 11:07:28 | 00,001,741 | ---- | M] () -- C:\Users\איריס\Desktop\     .lnk
      [2009/11/10 14:25:05 | 00,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
      [2009/11/10 14:23:51 | 00,179,792 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
      [2009/11/10 14:23:44 | 00,029,520 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
      [2009/11/10 14:23:43 | 00,128,888 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
      [2009/11/10 09:24:01 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
      [2009/11/09 18:14:01 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
      [2009/11/09 18:14:01 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
      [2009/11/09 18:13:55 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
      [2009/11/09 18:13:55 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
      [2009/11/08 22:57:47 | 01,105,950 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
      [2009/11/08 22:57:47 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2009/11/08 22:57:47 | 00,359,042 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
      [2009/11/08 22:57:47 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
      [2009/11/08 22:57:47 | 00,068,638 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
      [2009/11/06 17:07:04 | 73,375,5392 | ---- | M] () -- C:\Users\איריס\Desktop\Yeladim Sorgim.avi
      [2009/11/05 19:53:10 | 00,001,140 | ---- | M] () -- C:\Users\איריס\Desktop\Riddick.lnk
      [2009/11/05 19:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
      [2009/11/03 05:38:53 | 15,201,73056 | ---- | M] () -- C:\Users\איריס\Desktop\Zombieland.avi
      [2009/11/02 20:15:38 | 00,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
      [2009/11/02 05:25:49 | 72,728,6138 | ---- | M] () -- C:\Users\איריס\Desktop\My Sister's Keeper.avi
      [2009/10/29 17:53:03 | 00,001,737 | ---- | M] () -- C:\Users\איריס\Desktop\      .lnk
      [2009/10/28 18:11:18 | 00,000,896 | ---- | M] () -- C:\Users\איריס\Desktop\some more music.lnk
      [2009/10/26 20:32:45 | 00,001,730 | ---- | M] () -- C:\Users\איריס\Desktop\        .lnk
       
      ========== Files Created - No Company Name ==========
       
      [2009/11/23 15:53:57 | 00,000,000 | ---- | C] () -- C:\Users\איריס\Desktop\settings.dat
      [2009/11/23 15:26:50 | 73,421,2096 | ---- | C] () -- C:\Users\איריס\Desktop\Pandorum.avi
      [2009/11/23 13:23:33 | 00,067,483 | ---- | C] () -- C:\Users\איריס\Desktop\dexter.409.hdtv.xvid-sys.srt
      [2009/11/23 13:23:32 | 00,060,376 | ---- | C] () -- C:\Users\איריס\Desktop\Pandorum.srt
      [2009/11/23 12:55:51 | 57,831,0144 | ---- | C] () -- C:\Users\איריס\Desktop\dexter.409.hdtv.xvid-sys.avi
      [2009/11/22 21:50:04 | 36,712,8917 | ---- | C] () -- C:\Users\איריס\Desktop\The.Prisoner.2009.Part01.Arrival.HDTV.XviD-FQM.avi
      [2009/11/22 21:18:54 | 36,750,1738 | ---- | C] () -- C:\Users\איריס\Desktop\greys.anatomy.s06e10.hdtv.xvid-2hd.avi
      [2009/11/22 20:43:08 | 00,001,043 | ---- | C] () -- C:\Users\איריס\Desktop\Tiberium Wars.lnk
      [2009/11/22 20:42:43 | 00,001,151 | ---- | C] () -- C:\Users\איריס\Desktop\Kane's Wrath.lnk
      [2009/11/22 20:11:08 | 00,045,704 | ---- | C] () -- C:\Users\איריס\Desktop\greys.anatomy.s06e10.hdtv.xvid-2hd.srt
      [2009/11/22 20:11:06 | 00,034,629 | ---- | C] () -- C:\Users\איריס\Desktop\The.Prisoner.2009.Part01.Arrival.HDTV.XviD-FQM.srt
      [2009/11/19 16:57:45 | 00,025,600 | ---- | C] () -- C:\Users\איריס\Desktop\Dear Mary.doc
      [2009/11/19 16:22:04 | 00,001,062 | ---- | C] () -- C:\Users\איריס\Desktop\RA3 Uprising.lnk
      [2009/11/19 16:09:35 | 00,000,980 | ---- | C] () -- C:\Users\איריס\Desktop\RA3.lnk
      [2009/11/19 15:36:39 | 00,001,050 | ---- | C] () -- C:\Users\Public\Desktop\WorldShift.lnk
      [2009/11/19 14:54:54 | 28,138,53695 | ---- | C] () -- C:\Users\איריס\Desktop\REDZIKIII.iso
      [2009/11/19 14:11:25 | 00,030,720 | ---- | C] () -- C:\Users\איריס\Desktop\קורות חיים דוידי.doc
      [2009/11/18 13:56:31 | 00,060,272 | ---- | C] () -- C:\Users\איריס\Desktop\inglourious.basterds.cd1.srt
      [2009/11/18 13:56:31 | 00,048,218 | ---- | C] () -- C:\Users\איריס\Desktop\inglourious.basterds.cd2.srt
      [2009/11/18 13:54:51 | 73,189,1712 | ---- | C] () -- C:\Users\איריס\Desktop\inglourious.basterds.cd2.avi
      [2009/11/17 18:12:09 | 73,390,8992 | ---- | C] () -- C:\Users\איריס\Desktop\inglourious.basterds.cd1.avi
      [2009/11/16 13:49:57 | 15,201,73056 | ---- | C] () -- C:\Users\איריס\Desktop\Zombieland.avi
      [2009/11/16 13:49:01 | 73,492,8896 | ---- | C] () -- C:\Users\איריס\Desktop\Paranormal.Activity.LIMITED.DVDSCR.XViD-BLUR.avi
      [2009/11/15 19:38:18 | 76,583,4240 | ---- | C] () -- C:\Users\איריס\Desktop\Ajami.avi
      [2009/11/15 18:05:10 | 00,066,179 | ---- | C] () -- C:\Users\איריס\Desktop\Zombieland.srt
      [2009/11/11 11:06:50 | 72,728,6138 | ---- | C] () -- C:\Users\איריס\Desktop\My Sister's Keeper.avi
      [2009/11/06 15:07:51 | 73,375,5392 | ---- | C] () -- C:\Users\איריס\Desktop\Yeladim Sorgim.avi
      [2009/11/05 19:53:10 | 00,001,140 | ---- | C] () -- C:\Users\איריס\Desktop\Riddick.lnk
      [2009/11/05 13:36:14 | 74,184,0896 | ---- | C] () -- C:\Users\איריס\Desktop\Vicky Christina Barcelona.avi
      [2009/11/02 17:55:23 | 73,449,6768 | ---- | C] () -- C:\Users\איריס\Desktop\Ma Kashur.avi
      [2009/11/02 17:53:29 | 50,987,4176 | ---- | C] () -- C:\Users\איריס\Desktop\Asi Ve Guri.avi
      [2009/10/29 12:46:28 | 73,181,7984 | ---- | C] () -- C:\Users\איריס\Desktop\Eddie Murphy.avi
      [2009/10/29 12:45:02 | 38,299,1877 | ---- | C] () -- C:\Users\איריס\Desktop\Eli Ve Mariano.wmv
      [2009/10/27 20:23:21 | 88,375,9104 | ---- | C] () -- C:\Users\איריס\Desktop\Into The Wild.AVI
      [2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
      [2009/04/27 21:45:23 | 00,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
      [2009/04/27 21:45:21 | 00,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
      [2009/04/26 20:50:53 | 00,000,145 | ---- | C] () -- C:\Windows\game.INI
      [2009/03/19 13:08:00 | 00,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
      [2009/03/19 13:08:00 | 00,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
      [2009/01/22 23:09:26 | 00,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
      [2009/01/08 05:03:26 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
      [2009/01/08 04:47:51 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
      [2009/01/06 02:24:56 | 00,181,760 | ---- | C] () -- C:\Users\איריס\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2009/01/04 22:51:43 | 00,000,039 | ---- | C] () -- C:\Windows\ideq32.ini
      [2009/01/04 20:59:46 | 00,789,962 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
      [2009/01/04 20:59:46 | 00,229,376 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
      [2009/01/04 20:59:46 | 00,204,800 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
      [2009/01/04 20:59:46 | 00,156,715 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
      [2009/01/04 20:59:46 | 00,111,616 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
      [2009/01/04 20:59:45 | 00,242,688 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
      [2009/01/04 20:59:45 | 00,146,944 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
      [2009/01/04 20:59:45 | 00,111,104 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
      [2009/01/04 20:59:45 | 00,082,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
      [2009/01/04 20:59:45 | 00,044,544 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
      [2009/01/04 20:59:45 | 00,041,472 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
      [2008/12/19 17:15:58 | 04,031,334 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
      [2008/12/17 19:41:18 | 00,871,556 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
      [2008/12/17 19:22:58 | 00,026,112 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
      [2008/12/17 19:22:48 | 00,011,264 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
      [2008/12/17 19:17:34 | 00,225,866 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
      [2008/12/17 18:59:54 | 00,532,011 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
      [2008/12/16 12:28:49 | 04,282,602 | -H-- | C] () -- C:\Users\איריס\AppData\Local\IconCache.db
      [2008/12/16 11:54:53 | 00,113,280 | ---- | C] () -- C:\Users\איריס\AppData\Local\GDIPFONTCACHEV1.DAT
      [2008/12/11 13:27:02 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
      [2008/11/21 23:47:52 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
      [2008/11/21 23:45:16 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
      [2008/11/21 23:45:16 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
      [2008/11/21 23:44:16 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
      [2008/11/13 03:08:28 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
      [2008/11/13 03:08:28 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
      [2008/11/13 03:08:28 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
      [2008/11/13 03:08:28 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
      [2008/11/13 03:08:28 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
      [2008/11/13 03:08:28 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
      [2008/11/13 02:59:13 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
      [2008/11/13 02:59:12 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
      [2008/11/13 02:49:48 | 00,001,291 | ---- | C] () -- C:\Windows\vm331Rmv.ini
      [2008/08/26 22:54:12 | 00,057,344 | ---- | C] () -- C:\Windows\System32\BtwNamespaceExt2.dll
      [2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
      [2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
      [2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
      [2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
      [2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
      [2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
      [2008/06/11 09:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
      [2008/06/11 09:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
      [2008/06/11 09:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
      [2008/06/05 08:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
      [2008/04/18 20:44:19 | 01,105,950 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
      [2008/01/21 04:24:38 | 00,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
      [2008/01/21 04:24:29 | 00,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
      [2006/11/02 14:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
      [2006/11/02 14:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
      [2006/11/02 14:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
      [2006/11/02 14:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
      [2006/11/02 14:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
      [2006/11/02 14:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
      [2006/11/02 12:24:31 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
      [2006/11/02 12:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
      [2006/11/02 12:23:31 | 00,000,128 | ---- | C] () -- C:\Windows\win.ini
      [2006/11/02 09:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
      [2006/11/02 09:09:45 | 00,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
      [2006/11/02 09:09:44 | 00,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
      [2006/11/02 09:09:44 | 00,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
      [2006/11/02 09:09:42 | 00,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
      [2006/11/02 09:09:41 | 00,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
      [2006/11/02 09:09:40 | 00,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
      [2006/11/02 09:09:38 | 00,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
      [2006/11/02 09:09:35 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
      [2006/11/02 09:09:31 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
      [2006/11/02 09:09:29 | 00,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
      [2006/11/02 09:09:26 | 00,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
      [2006/11/02 09:09:24 | 00,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
      [2006/11/02 09:09:23 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
      [2006/11/02 09:09:22 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
      [2006/11/02 09:09:20 | 00,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
      [2006/11/02 08:25:08 | 00,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
      [2004/10/03 19:50:54 | 00,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
      [2001/11/14 23:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
       
      ========== LOP Check ==========
       
      [2009/01/09 01:05:35 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Adobe
      [2009/01/23 23:47:35 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Ahead
      [2009/01/26 23:07:10 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Apple Computer
      [2009/09/16 16:58:35 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Babylon
      [2009/05/03 00:21:37 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Command & Conquer 3 Tiberium Wars
      [2009/01/08 04:54:00 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\DAEMON Tools
      [2009/01/08 04:58:14 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\DAEMON Tools Lite
      [2009/01/08 04:53:58 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\DAEMON Tools Pro
      [2009/01/06 02:24:57 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\DivX
      [2009/11/23 16:00:13 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Free Download Manager
      [2008/12/16 11:54:25 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Identities
      [2009/05/08 20:24:18 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\ImgBurn
      [2009/01/17 22:48:40 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Intel
      [2008/12/16 12:13:21 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Macromedia
      [2009/01/17 13:47:01 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Malwarebytes
      [2006/11/02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Media Center Programs
      [2009/01/06 02:56:00 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Media Player Classic
      [2009/06/10 22:11:47 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Medieval Software
      [2009/03/25 18:03:37 | 00,000,000 | --SD | M] -- C:\Users\איריס\AppData\Roaming\Microsoft
      [2009/04/20 01:08:38 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\mIRC
      [2009/01/20 00:52:35 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Mozilla
      [2009/07/22 19:08:21 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Mp3tag
      [2009/05/01 13:19:52 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Red Alert 3
      [2009/10/13 00:26:31 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Skype
      [2009/10/13 00:06:26 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\skypePM
      [2009/04/24 21:23:43 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\The Longest Journey
      [2009/11/10 15:10:44 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\The Path
      [2009/02/18 21:47:28 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\U3
      [2009/01/17 18:39:56 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Winamp
      [2009/01/17 12:41:26 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\WinRAR
      [2009/02/09 23:26:50 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Wisco
      [2009/11/19 16:58:54 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\WorldShift
      [2009/11/23 15:35:28 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
      [2009/11/23 15:34:20 | 00,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
       
      ========== Purity Check ==========
       
       
       
      ========== Alternate Data Streams ==========
       
      @Alternate Data Stream - 64 bytes -> C:\Users\איריס\Desktop\Paranormal.Activity.LIMITED.DVDSCR.XViD-BLUR.avi:TOC.WMV
      @Alternate Data Stream - 12 bytes -> C:\Users\איריס\Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
      < End of report >


      next post...

      Black MilkTopic starter

      • Full Member
      • **
      • Offline Offline
      • Posts: 15
      Hi,

      Hope you guys can help me with this one. I ran an AVG scan and it came up with 2 infections it couldn't remove. Here's the log:

      "Scan ""Scheduled scan"" was finished."
      "Infections";"2";"0";"2"
      "Folders selected for scanning:";"Scan whole computer"
      "Scan started:";"23 November 2009, Monday, 05:00:01"
      "Scan finished:";"23 November 2009, Monday, 05:34:50 (34 minute(s) 48 second(s))"
      "Total object scanned:";"511050"
      "User who launched the scan:";"SYSTEM"

      "Infections"
      "File";"Infection";"Result"
      "C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe:\$JF\wmplayer.exe";"Trojan horse Dropper.Generic.AQAO";"Infected"
      "C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe";"Trojan horse Dropper.Generic.AQAO";"Infected"

      When I try to remove the infections manually (or put them in the vault), I receive this error:



      Clicking "Ignore" brings up this error:



      Clicking "Go to file"" brings up the same error and takes me to the recycle bin (C:\$Recycle.Bin), which is empty.

      So what's with this file? and what's with "wmplayer.exe" that also shows up as an infection?
      When I saw that "$JF\wmplayer.exe" bit, I thought maybe it was my friend who plugged in his disk-on-key a few days ago while I was away (hence the letter "F" showing up. Also I have no driver named "F"). His disk-on-key had many files on it and maybe he ran this "Fast and Furious 4.exe" file. Could this be a "ghost" file or something?  :o

      MBAM log:

      Malwarebytes' Anti-Malware 1.41
      Database version: 3217
      Windows 6.0.6001 Service Pack 1

      23/11/2009 15:51:56
      mbam-log-2009-11-23 (15-51-56).txt

      Scan type: Quick Scan
      Objects scanned: 92213
      Time elapsed: 5 minute(s), 27 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 0

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      (No malicious items detected)


      RootRepeal log:

      ROOTREPEAL (c) AD, 2007-2009
      ==================================================
      Scan Start Time:      2009/11/23 15:54
      Program Version:      Version 1.3.5.0
      Windows Version:      Windows Vista SP1
      ==================================================

      Drivers
      -------------------
      Name: dump_dumpata.sys
      Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
      Address: 0x904B0000   Size: 45056   File Visible: No   Signed: -
      Status: -

      Name: dump_msahci.sys
      Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
      Address: 0x904BB000   Size: 40960   File Visible: No   Signed: -
      Status: -

      Name: rootrepeal.sys
      Image Path: C:\Windows\system32\drivers\rootrepeal.sys
      Address: 0xAF96A000   Size: 49152   File Visible: No   Signed: -
      Status: -

      Name: splz.sys
      Image Path: C:\Windows\System32\Drivers\splz.sys
      Address: 0x8068B000   Size: 1048576   File Visible: No   Signed: -
      Status: -

      Name: sptd
      Image Path: \Driver\sptd
      Address: 0x00000000   Size: 0   File Visible: No   Signed: -
      Status: -

      Name:
      Image Path:
      Address: 0x8F9C3000   Size: 53248   File Visible: No   Signed: -
      Status: Hidden from the Windows API!

      Name:
      Image Path:
      Address: 0x8F6CD000   Size: 249856   File Visible: No   Signed: -
      Status: Hidden from the Windows API!

      Processes
      -------------------
      Path: System
      PID: 4   Status: Locked to the Windows API!

      Path: C:\Windows\System32\audiodg.exe
      PID: 1688   Status: Locked to the Windows API!

      SSDT
      -------------------
      #: 012   Function Name: NtAdjustPrivilegesToken
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d5f32

      #: 021   Function Name: NtAlpcConnectPort
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d7182

      #: 022   Function Name: NtAlpcCreatePort
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d6118

      #: 054   Function Name: NtConnectPort
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d5292

      #: 060   Function Name: NtCreateFile
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d5ad6

      #: 071   Function Name: NtCreatePort
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d5174

      #: 075   Function Name: NtCreateSection
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d592c

      #: 077   Function Name: NtCreateSymbolicLinkObject
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d6e3c

      #: 078   Function Name: NtCreateThread
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d4d3a

      #: 129   Function Name: NtDuplicateObject
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d4a9c

      #: 165   Function Name: NtLoadDriver
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d6abe

      #: 174   Function Name: NtMakeTemporaryObject
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d5516

      #: 186   Function Name: NtOpenFile
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d5d1a

      #: 194   Function Name: NtOpenProcess
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d47cc

      #: 197   Function Name: NtOpenSection
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d57a6

      #: 201   Function Name: NtOpenThread
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d4944

      #: 276   Function Name: NtRequestWaitReplyPort
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d65d8

      #: 286   Function Name: NtSecureConnectPort
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d685a

      #: 317   Function Name: NtSetSystemInformation
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d6c6c

      #: 326   Function Name: NtShutdownSystem
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d54b0

      #: 332   Function Name: NtSystemDebugControl
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d569a

      #: 334   Function Name: NtTerminateProcess
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d503e

      #: 335   Function Name: NtTerminateThread
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d4f0c

      #: 382   Function Name: NtCreateThreadEx
      Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d6224

      ==EOF==


      next post...
       

      * Permissions
      You can post new topics.
      You can post replies.
      You can post attachments.
      You can modify your posts.
      BBCode Enabled
      Smilies Enabled
      [img] Enabled
      HTML Disabled

      + Quick Reply


      Except where otherwise stated, all content © 2006 - 2010 Smokey Services™ -- All rights reserved
      Design of all board graphics, banners and images by Emma aka Tinker - © 2006 - 2010 Smokey Services™ -- All rights reserved
      Smokey's Security Forums is member AQMRB - Alliance of Qualified Malware Removal Boards™, an organisation of Approved Qualified Malware Removal Help & Support Boards
      Member ASAP - Alliance of Security Analysis Professionals™

          

        

      Smokey's provide fully qualified OTL (OldTimer ListIt) Log Analysis & Malware Removal services in English, German and Spanish language