Topic: [RESOLVED] [3 Posts] "Fast and Furious 4.exe" / "Trojan horse Dropper.Generic.AQAO" (Read 557 times)

Black Milk · « **Reply #13 on:** November 25, 2009, 08:15:24 PM »

Done. Thank you.

Essexboy · « **Reply #12 on:** November 24, 2009, 09:39:43 PM »

Glad to hear - and I now have way to check the recycle out as well thanks to OT

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..Run OTS and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 17.
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u17-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u17-windows-i586-p.exe and select "Run as an Administrator.")

VISTA
To manually create a new Restore Point

Go to Control Panel and select System and Maintenance
Select System
On the left select Advance System Settings and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the infected ones

Go back to the System and Maintenance page
Select Performance Information and Tools
On the left select Open Disk Cleanup
Select Files from all users and accept the warning if you get one
In the drop down box select your main drive i.e. C
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

You are now done

SPRING CLEAN

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download and run Auslogics Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

SpywareBlaster to help prevent spyware from installing in the first place.
SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :wave:

Black Milk · « **Reply #11 on:** November 24, 2009, 08:11:40 PM »

None.

AVG came up with nothing, it's all gone.
Thank you so much Essexboy!

Essexboy · « **Reply #10 on:** November 24, 2009, 07:03:24 PM »

The big question now is ... What problems if any are you experiencing ?

Black Milk · « **Reply #9 on:** November 24, 2009, 06:02:22 PM »

Okay, I removed the two quarantined files.
And attached is a new OTS Fix log.

Thank you very much for your time Essexboy

Essexboy · « **Reply #8 on:** November 24, 2009, 03:46:15 PM »

This is the one area where my scans don't look yet - I will have a word with OT to see if there is a way of looking there

You can delete dr web and the quarantined files as I do not believe you wish to keep those

I will remove the one Dr Web left

Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]

[Unregister Dlls]
[Custom Items]
:files
C:\Windows\Downloaded Program Files\launcher.ocx 
:end
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Black Milk · « **Reply #7 on:** November 24, 2009, 12:59:37 PM »

Okay, I think these tests proved to be useful.

Attached: OTS Fix log, new OTS log (the Dr.Web report is posted at the end of this message).

The Dr.Web CuireIt Express scan came up with nothing, but the complete scan came up with some stuff.
Except for the Dr.Web report (which is posted at the bottom), a CureIt log was also created. Unfortunately it's 50mb in size, so I'll only post what's important (basically it just lists my entire hard drive and a summary at the end).

There is now a file named "Fast and Furious 0.exe" showing in: C:\Users\my username\DoctorWeb\Quarantine (689mb in size)
There is also a file there called "descript.ion" (220 bytes)
What's "descript.ion"? Are these files safe to delete? I'll just wait for further instructions and leave them as they are for now.

Also, the scan came up with an infected file named "launcher.ocx" (C:\Windows\Downloaded Program Files\launcher.ocx), which was incurable, so I cured it manually through the program. Is that ok? It was the only infected file that I was able to cure manually via the program, by the way.

I also reboot my system when everything was finished.

Here are the highlights from CureIt.log:

C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe packed by BINARYRES
>C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe - archive NSIS
>>C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe/data001 - OK
>>C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe/data002 - archive RAR
>>>C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe/data002/coa-faf-xvid.avi - OK
>>C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe/data002 - OK
>>C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe/data003 infected with Win32.HLLW.Autoruner.6554
>C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe - archive contains infected objects - moved

C:\Documents and Settings\איריס\DoctorWeb\Quarantine\descript.ion - OK
C:\Documents and Settings\איריס\DoctorWeb\Quarantine\Fast and Furious 4.exe packed by BINARYRES
>C:\Documents and Settings\איריס\DoctorWeb\Quarantine\Fast and Furious 4.exe - archive NSIS
>>C:\Documents and Settings\איריס\DoctorWeb\Quarantine\Fast and Furious 4.exe/data001 - OK
>>C:\Documents and Settings\איריס\DoctorWeb\Quarantine\Fast and Furious 4.exe/data002 - archive RAR
>>>C:\Documents and Settings\איריס\DoctorWeb\Quarantine\Fast and Furious 4.exe/data002/coa-faf-xvid.avi - OK
>>C:\Documents and Settings\איריס\DoctorWeb\Quarantine\Fast and Furious 4.exe/data002 - OK
>>C:\Documents and Settings\איריס\DoctorWeb\Quarantine\Fast and Furious 4.exe/data003 infected with Win32.HLLW.Autoruner.6554
>C:\Documents and Settings\איריס\DoctorWeb\Quarantine\Fast and Furious 4.exe - archive contains infected objects - moved

C:\Windows\Downloaded Program Files\launcher.ocx is an adware Adware.I2ISolutions

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Scanned: 403014
Infected: 2
Modifications: 0
Suspicious: 0
Adware: 1
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 2
Ignored: 0
Scan speed: 3 Kb/s
Scan time: 11:47:26 (I went to sleep half way through the scan, so...)
-----------------------------------------------------------------------------

C:\Windows\Downloaded Program Files\launcher.ocx - incurable - deleted

=============================================================================
Total session statistics
=============================================================================
Scanned: 431479
Infected: 2
Modifications: 0
Suspicious: 0
Adware: 1
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 1
Renamed: 0
Moved: 2
Ignored: 0
Scan speed: 1 Kb/s
Scan time: 12:28:55
=============================================================================

Dr.Web report:

Fast and Furious 4.exe\data003;C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe;Win32.HLLW.Autoruner.6554;;
Fast and Furious 4.exe;C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU;Archive contains infected objects;Moved.;
Fast and Furious 4.exe\data003;C:\Documents and Settings\איריס\DoctorWeb\Quarantine\Fast and Furious 4.exe;Win32.HLLW.Autoruner.6554;;
Fast and Furious 4.exe;C:\Documents and Settings\איריס\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
launcher.ocx;C:\Windows\Downloaded Program Files;Adware.I2ISolutions;Incurable.Deleted.;

That's it.

Essexboy · « **Reply #6 on:** November 23, 2009, 07:26:20 PM »

OK not a great deal showing there - However, you do have a lot of AV files which may be carrying the infection. So we shall scan them next

Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]

[Unregister Dlls]
[Registry - Safe List]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{902da760-7541-11de-b02f-002269f399ed}\shell\AutoRun\command\\"" -> F:\videos\player\winopen.exe \The DaVinci Code.exe [F:\videos\player\winopen.exe "\The DaVinci Code.exe"]
YN -> \{aa4b7f7b-f7ad-11dd-b3cf-002269f399ed} -> 
[Files/Folders - Modified Within 30 Days]
NY ->       .lnk -> C:\Users\איריס\Desktop\     .lnk
NY ->        .lnk -> C:\Users\איריס\Desktop\      .lnk
NY ->          .lnk -> C:\Users\איריס\Desktop\        .lnk
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.

I will review the information when it comes back in.

THEN

Please download Dr.Web CureIt . Save it to your desktop:

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in the pop-up window to allow the scan.
This will scan the files currently running in memory and if something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, select [color="#006400"]Complete scan[/color].
Click the green arrow at the right, and the scan will start.
Click Yes to all if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click File and choose Save report list
Save the report to your desktop. The report will be called DrWeb.csv
Note:this report may need to be renamed to Dr.Web.txt in order to post it on the forum.
Please post the Dr.Web.txt report in your next reply
Close Dr.Web Cureit.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Black Milk · « **Reply #5 on:** November 23, 2009, 04:58:54 PM »

Thank you for your reply Essexboy.
Sorry about the length, guess I should have attached those logs...
I ran the TFC scan and the OTS scan. Hope I managed to attach the latter...

Essexboy · « **Reply #4 on:** November 23, 2009, 04:31:32 PM »

Hi there that log is a tad big to get posted in one by the looks of it

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Under Additional Scans check the following:
Reg - Shell Spawning
File - Lop Check
File - Purity Scan
Evnt - EvtViewer (last 10)

Under custom scans copy and paste the following

%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5[/list]

Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

Black Milk · « **Reply #3 on:** November 23, 2009, 04:29:27 PM »

Third and last post:

OTL Extras:

OTL Extras logfile created on: 23/11/2009 15:57:43 - Run 1
OTL by OldTimer - Version 3.1.7.0 Folder = C:\Users\איריס\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 89.03% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.65 Gb Total Space | 38.02 Gb Free Space | 17.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9.77 Gb Total Space | 3.00 Gb Free Space | 30.70% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.65 Gb Free Space | 44.39% Space Free | Partition Type: NTFS

Computer Name: DAVID
Current User Name: איריס
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4097568201-891318238-3029008619-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14CD58AC-6428-42A5-94AA-2811C880479C}" = lport=20601 | protocol=17 | dir=in | name=bitcomet 20601 udp |
"{1526F8F0-F294-48CB-ABCB-95C669A56A81}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1C4E8E1C-2354-4B30-9537-A314E1FBDE98}" = rport=138 | protocol=17 | dir=out | app=system |
"{2375B2E0-51FC-44A0-A8BF-6371B926A8D6}" = lport=48982 | protocol=17 | dir=in | name=emule udp |
"{49880F5F-E493-4CE9-969E-F186461CDC21}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{49E39B55-7C3F-4D78-8303-6066F4FEF567}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61205922-68DB-4290-948A-0366E8788045}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6837F8B3-DF45-4B17-802B-DED849EA68D8}" = rport=445 | protocol=6 | dir=out | app=system |
"{78CE222A-1271-4CE5-A01C-491F6A923B09}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7EDC4AEB-41FE-4AE4-85EC-3C74016E7709}" = rport=137 | protocol=17 | dir=out | app=system |
"{7F688D28-5E0C-48D1-80F9-CAF732D23AF2}" = lport=12147 | protocol=6 | dir=in | name=bitcomet 12147 tcp |
"{8CFF943F-8EC2-4CDB-9E85-5727A0488474}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8E81835E-74CE-4794-AC30-CCC1ADE7CF57}" = lport=26716 | protocol=17 | dir=in | name=bitcomet 26716 udp |
"{9689C29E-4A10-4653-99A5-81AFBF755B3E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A1DA4E07-6A57-4273-B21E-03D45B13426A}" = lport=26716 | protocol=6 | dir=in | name=bitcomet 26716 tcp |
"{A251D2BE-05D9-4E09-A12D-DBE0BD4B2A28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AEF83E4B-8E9B-4DD4-B612-3F2FCE5B5CFA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B5418761-61D9-4C80-91DE-E5EF0FA18E8D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6D912AC-E6B3-4D97-837D-26DBF42A775C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BB91C055-A3E3-4503-80EA-0DED1C2B73FB}" = lport=139 | protocol=6 | dir=in | app=system |
"{BC3C2940-DCF2-45FC-84D0-4502DA2BC2FB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D47D30C8-6563-446D-AF64-B7B54CCE81CC}" = lport=12147 | protocol=6 | dir=in | name=emule tcp |
"{D4D533F7-4A78-4E7B-8267-24D9DFE88C24}" = lport=12147 | protocol=17 | dir=in | name=bitcomet 12147 udp |
"{DC4005CB-5985-4912-8B5F-357825AC8B3D}" = lport=137 | protocol=17 | dir=in | app=system |
"{E6FAD59A-B8F9-4651-B73E-3A6935812B50}" = lport=138 | protocol=17 | dir=in | app=system |
"{F3DFE9F6-EED2-485B-BE91-7032672A870C}" = lport=20601 | protocol=6 | dir=in | name=bitcomet 20601 tcp |
"{F56C4A73-01D9-4AF5-8F39-B9148BFB3EFC}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE6BB987-4204-494A-9426-E449BB2E57BA}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0397D343-1309-4DD8-A4B2-2B314E9E77C1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{054A7DFF-7231-4041-93AA-631BBB2FA72E}" = protocol=17 | dir=in | app=c:\program files\team jpn\spiderman web of shadows\image\pc\spider-man web of shadows.exe |
"{1BD80C0D-9FAF-4A4A-983E-56F0D898F993}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{217306EC-ECFE-46CB-BF70-6A67B91A2F98}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2242D925-2B07-49C0-89D0-F4D53FE06F42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2E0DAFA7-81EA-4C3C-824E-7EE8840B903B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3615DC8D-4A28-4D1A-A0D8-281685895224}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4523DBC4-C446-403E-914F-8DCA015999BA}" = protocol=17 | dir=in | app=c:\program files\playlogic\worldshift\bin\worldshift.exe |
"{4A712209-8B7F-4771-BBEB-3D518A0D816D}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{5064848E-060E-4C38-8C34-02B7CC4A1364}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{55512657-650F-444D-8DCB-FF6CEECC876C}" = protocol=6 | dir=in | app=c:\program files\activision\spider-man - web of shadows\image\pc\spider-man web of shadows.exe |
"{5DD7AA30-6ACB-4DC6-B4B5-D667FE87F4FD}" = protocol=17 | dir=in | app=c:\program files\activision\spider-man - web of shadows\image\pc\spider-man web of shadows.exe |
"{62BE9815-947C-4476-A4D9-61E87D4D28A3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7B655A1D-AA05-44D6-AA7B-B36173FDBC33}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7B872A4B-2B0B-4281-9BE6-D6B03AF592FF}" = protocol=6 | dir=in | app=c:\program files\playlogic\worldshift\bin\worldshift.exe |
"{7CE18639-87C8-434E-9136-EC50E4F2D69F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94382E16-1886-4DF7-ABFA-14E87CAE5C1B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BF430D41-1657-4B12-9119-C677A11ECC02}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{C54F749D-BDF6-40BF-8DD2-C062448FEA60}" = protocol=6 | dir=in | app=c:\program files\team jpn\spiderman web of shadows\image\pc\spider-man web of shadows.exe |
"{D26F5FB0-96A6-4F03-926E-14E5F1A66D8C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D5A780B1-3926-4EC2-A045-223D0F6A77FD}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{F28990B9-6185-4335-A8FF-34B26A9680FF}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"TCP Query User{1B04D1C9-5A21-471F-8E99-652C868B9DC5}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{7BB44F2C-8F0B-49A8-AF55-335091FEA469}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{9AC00AF6-E683-4CC0-8374-49FBAD11FFF3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F11E50CE-8383-4863-8D99-14BCF32A5CD4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2D1BC8E5-1285-4393-BDF2-0D114C493C5C}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{38D971B7-957F-4E61-BB87-2BF14D34EFAF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BBBD4648-6DE0-4D71-8DAB-4BDBB63A9DFB}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{E621414A-990D-4D02-B623-CC55F8B6B181}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.1.0.5100
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = כלי ההעלאה של Windows Live
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5C877F-8C4B-4623-BAD0-1BCD6FEA297B}" = Windows Live Essentials
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FB9DEC-89ED-4D9D-AE85-F2752D107C79}" = Windows Live Messenger
"{85AFE875-7ACC-48CE-B87B-B51188602741}" = Windows Live Toolbar
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{885A5214-9CDD-40E0-A89D-7672588748E1}" = Windows Live Call
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9011040D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9208F706-6528-4591-A997-F41395FBD8A7}" = Spider-Man(TM) - Web of Shadows 1.1 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961688FD-5FD8-3D21-BE82-ACB1800EBEA2}" = Microsoft .NET Framework 3.5 Language Pack SP1 - heb
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A6D96D8E-04C4-47E8-A681-F7C9C6444B9A}" = NVIDIA PhysX v8.06.16
"{A8DE8C34-7F51-4cc8-B326-C425793EE741}" = The Chronicles of Riddick: Escape From Butcher Bay
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{AF70B943-5081-4BD8-88F2-75637FD34364}" = ThinkVantage Status Gadget
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B1F625EB-9691-4889-A864-DA085739F3F0}" = Power Ux Customization
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BCBA462D-3E1B-416C-89F8-492020D4BBF4}" = מסייע הכניסה של Windows Live
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}" = Command & Conquer™ Red Alert™ 3 Uprising
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F691A1F5-2789-46CE-A45A-57763198D384}" = FxVisor
"{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AT&T Connect Participant" = AT&T Connect Participant
"AVG9Uninstall" = AVG Free 9.0
"AVI & MPEG Splitter_is1" = AVI & MPEG Splitter 1.48
"Babylon" = Babylon
"BitComet" = BitComet 1.12
"CCleaner" = CCleaner (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"COMODO Internet Security" = COMODO Internet Security
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"eMule" = eMule
"ffdshow_is1" = ffdshow [rev 2280] [2008-11-02]
"Foxit PDF Editor" = Foxit PDF Editor
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"Free Download Manager_is1" = Free Download Manager 3.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HebPod Pro" = HebPod Pro
"ImgBurn" = ImgBurn
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"InstallShield_{9208F706-6528-4591-A997-F41395FBD8A7}" = Spider-Man(R) - Web of Shadows(TM) 1.1 Patch
"iPodHE" = iPodHE - הסרת התוכנה
"Lenovo Registration" = Lenovo Registration
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - heb" = ערכת שפה של Microsoft .NET Framework 3.5 SP1 - heb
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MP3 Splitter & Joiner_is1" = MP3 Splitter & Joiner
"Mp3tag" = Mp3tag v2.43
"OnScreenDisplay" = On Screen Display
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"ProInst" = Intel PROSet Wireless
"SubtitleWorkshop" = Subtitle Workshop 2.51
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WorldShift" = WorldShift
"XP Codec Pack" = XP Codec Pack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/11/2009 09:32:13 | Computer Name = david | Source = VSS | ID = 8194
Description =

Error - 19/11/2009 09:33:00 | Computer Name = david | Source = System Restore | ID = 8193
Description =

Error - 19/11/2009 09:45:47 | Computer Name = david | Source = System Restore | ID = 8193
Description =

Error - 19/11/2009 10:12:27 | Computer Name = david | Source = System Restore | ID = 8193
Description =

Error - 22/11/2009 02:40:59 | Computer Name = david | Source = VSS | ID = 8194
Description =

Error - 22/11/2009 02:41:52 | Computer Name = david | Source = VSS | ID = 8194
Description =

Error - 22/11/2009 14:21:59 | Computer Name = david | Source = System Restore | ID = 8193
Description =

Error - 22/11/2009 14:40:21 | Computer Name = david | Source = System Restore | ID = 8193
Description =

Error - 22/11/2009 15:38:13 | Computer Name = david | Source = WinMgmt | ID = 10
Description =

Error - 23/11/2009 06:42:22 | Computer Name = david | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 26/03/2009 11:19:21 | Computer Name = david | Source = Media Center Guide | ID = 0
Description = ‏‏נתוני אירוע: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32
GetLastError returned 0D ‏ תהליך: DefaultDomain‏ שם אוביקט: Media Center Guide‏

Error - 26/03/2009 14:24:12 | Computer Name = david | Source = Media Center Guide | ID = 0
Description = ‏‏נתוני אירוע: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 ‏ תהליך: DefaultDomain‏ שם אוביקט: Media Center Guide‏

Error - 27/03/2009 12:08:04 | Computer Name = david | Source = Media Center Guide | ID = 0
Description = ‏‏נתוני אירוע: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 ‏ תהליך: DefaultDomain‏ שם אוביקט: Media Center Guide‏

Error - 27/03/2009 13:39:56 | Computer Name = david | Source = Media Center Guide | ID = 0
Description = ‏‏נתוני אירוע: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 ‏ תהליך: DefaultDomain‏ שם אוביקט: Media Center Guide‏

Error - 20/04/2009 06:32:16 | Computer Name = david | Source = Media Center Guide | ID = 0
Description = ‏‏נתוני אירוע: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 ‏ תהליך: DefaultDomain‏ שם אוביקט: Media Center Guide‏

Error - 20/04/2009 06:32:24 | Computer Name = david | Source = Media Center Guide | ID = 0
Description = ‏‏נתוני אירוע: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 ‏ תהליך: DefaultDomain‏ שם אוביקט: Media Center Guide‏

Error - 20/04/2009 06:35:25 | Computer Name = david | Source = Media Center Guide | ID = 0
Description = ‏‏נתוני אירוע: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 ‏ תהליך: DefaultDomain‏ שם אוביקט: Media Center Guide‏

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Also, I ran AVG again after all these scans and the 2 files are still there.
That's all. Your help is greatly appreciated. Thanks a lot.
David

Black Milk · « **Reply #2 on:** November 23, 2009, 04:26:02 PM »

Second post:

OTL log:

OTL logfile created on: 23/11/2009 15:57:43 - Run 1
OTL by OldTimer - Version 3.1.7.0 Folder = C:\Users\איריס\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 89.03% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.65 Gb Total Space | 38.02 Gb Free Space | 17.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9.77 Gb Total Space | 3.00 Gb Free Space | 30.70% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.65 Gb Free Space | 44.39% Space Free | Partition Type: NTFS

Computer Name: DAVID
Current User Name: איריס
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\איריס\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
PRC - C:\Program Files\XP Codec Pack\mpc\mplayerc.exe (Gabest)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\איריס\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\guard32.dll (COMODO)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Program Files\Babylon\Babylon-Pro\captlib.dll (Babylon Ltd.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (FNF5SVC) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (PMSveH) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe (Lenovo)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdguard.sys (COMODO)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (tvtfilter) -- C:\Windows\System32\drivers\tvtfilter.sys (Lenovo)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (vm331avs) -- C:\Windows\System32\drivers\vm331avs.sys (Vimicro Corporation)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (tvtumon) -- C:\Windows\System32\drivers\tvtumon.sys (Lenovo)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant)
DRV - (Aspi32) -- C:\Windows\System32\drivers\aspi32.sys (Adaptec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/3000notebook [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.il/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {45925a5c-e3de-447f-bed2-ded87acae111}:1.9
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 01:12:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/10 14:13:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/30 20:31:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/30 20:31:57 | 00,000,000 | ---D | M]

[2009/01/20 00:52:35 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\mozilla\Extensions
[2009/01/20 00:52:35 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/22 20:07:08 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\mozilla\Firefox\Profiles\gnpixu0o.default\extensions
[2009/07/01 11:32:31 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\mozilla\Firefox\Profiles\gnpixu0o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/02 10:00:34 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\mozilla\Firefox\Profiles\gnpixu0o.default\extensions\{45925a5c-e3de-447f-bed2-ded87acae111}
[2009/06/05 17:36:40 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\mozilla\Firefox\Profiles\gnpixu0o.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/10/02 10:00:27 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\mozilla\Firefox\Profiles\gnpixu0o.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/06 14:38:02 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\mozilla\Firefox\Profiles\gnpixu0o.default\extensions\SkipScreen@SkipScreen
[2009/10/02 10:00:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/21 12:12:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{45925a5c-e3de-447f-bed2-ded87acae111}
[2009/10/30 20:31:57 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/30 20:31:56 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/30 20:31:56 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/10/30 20:31:56 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/01/26 23:04:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/01/26 23:04:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/01/26 23:04:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/01/26 23:04:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/01/26 23:04:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/01/26 23:04:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/01/26 23:04:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/10/04 11:23:52 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/04 11:23:52 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/03/29 16:02:23 | 00,002,194 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2009/10/04 11:23:52 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/04 11:23:52 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/04 11:23:52 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/04 11:23:52 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/04 11:23:52 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (עוזר הכניסה של Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &יצא ל- Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Download all by Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download by Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download selected by Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: tapuz.co.il ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} http://www.tapuz.co.il/irc/main/launcher.cab (LauncherV1 Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 194.90.1.5 212.143.212.143
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 18:32:46 | 00,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008/06/03 00:46:54 | 00,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{312730fb-dd2f-11dd-8e7d-002269f399ed}\Shell - "" = AutoRun
O33 - MountPoints2\{312730fb-dd2f-11dd-8e7d-002269f399ed}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O33 - MountPoints2\{65201ec2-b11b-11dd-93b2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{65201ec2-b11b-11dd-93b2-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008/07/21 18:09:40 | 00,262,144 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{66e78e1f-3baf-11de-a65c-002269f399ed}\Shell - "" = AutoRun
O33 - MountPoints2\{66e78e1f-3baf-11de-a65c-002269f399ed}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{902da760-7541-11de-b02f-002269f399ed}\Shell\AutoRun\command - "" = F:\videos\player\winopen.exe \The DaVinci Code.exe -- File not found
O33 - MountPoints2\{aa4b7f7b-f7ad-11dd-b3cf-002269f399ed}\Shell - "" = AutoRun
O33 - MountPoints2\{aa4b7f7b-f7ad-11dd-b3cf-002269f399ed}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{aca4ebd7-b112-11dd-8553-001eec9af225}\Shell - "" = AutoRun
O33 - MountPoints2\{aca4ebd7-b112-11dd-8553-001eec9af225}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008/07/30 00:37:58 | 00,180,224 | -HS- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/23 15:53:25 | 00,472,064 | ---- | C] ( ) -- C:\Users\איריס\Desktop\RootRepeal.exe
[2009/11/23 13:17:45 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\איריס\Desktop\HJTInstall.exe
[2009/11/23 13:15:38 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Users\איריס\Desktop\OTL.exe
[2009/11/23 13:08:48 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Users\איריס\Desktop\TFC.exe
[2009/11/20 10:54:24 | 00,000,000 | ---D | C] -- C:\Users\איריס\Desktop\KW
[2009/11/19 22:37:35 | 00,000,000 | ---D | C] -- C:\Users\איריס\Desktop\TW
[2009/11/19 16:12:26 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2009/11/19 16:12:26 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2009/11/19 16:12:26 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2009/11/19 15:45:47 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2009/11/19 15:36:36 | 00,000,000 | ---D | C] -- C:\Users\איריס\AppData\Roaming\WorldShift
[2009/11/19 15:31:33 | 00,000,000 | ---D | C] -- C:\Program Files\Playlogic
[2009/11/19 15:05:22 | 00,000,000 | ---D | C] -- C:\Users\איריס\Desktop\C.A.C.Red.Alert.3.Uprising-RELOADED
[2009/11/13 11:50:42 | 00,000,000 | ---D | C] -- C:\Users\איריס\AppData\Local\Microsoft Games
[2009/11/12 03:01:23 | 00,000,000 | ---D | C] -- C:\3f0bef8f1f7379a07cf3f65e0fe016be
[2009/11/11 15:22:31 | 02,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/11 15:21:40 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/10 14:35:20 | 00,000,000 | ---D | C] -- C:\Users\איריס\Documents\The Path
[2009/11/10 14:35:20 | 00,000,000 | ---D | C] -- C:\Users\איריס\AppData\Roaming\The Path
[2009/11/09 18:14:08 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/09 18:13:20 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/11/05 19:46:28 | 00,000,000 | ---D | C] -- C:\Program Files\Starbreeze Studios
[2009/11/04 15:04:45 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/11/04 15:04:44 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/11/02 18:33:28 | 00,000,000 | ---D | C] -- C:\Users\איריס\Desktop\Ramzor
[2009/10/29 19:16:53 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/29 19:16:51 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/10/29 19:16:50 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2004/11/24 21:25:52 | 00,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll

========== Files - Modified Within 30 Days ==========

[2009/11/23 15:57:08 | 02,621,440 | -HS- | M] () -- C:\Users\איריס\ntuser.dat
[2009/11/23 15:53:57 | 00,000,000 | ---- | M] () -- C:\Users\איריס\Desktop\settings.dat
[2009/11/23 15:39:36 | 45,612,964 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/23 15:38:54 | 00,098,641 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/23 15:35:34 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/23 15:35:34 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/23 15:35:28 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/23 15:35:21 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/23 15:35:18 | 31,798,76352 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/23 15:34:20 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/11/23 15:34:19 | 00,524,288 | -HS- | M] () -- C:\Users\איריס\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/23 15:34:19 | 00,065,536 | -HS- | M] () -- C:\Users\איריס\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/23 15:28:44 | 04,282,602 | -H-- | M] () -- C:\Users\איריס\AppData\Local\IconCache.db
[2009/11/23 13:57:07 | 57,831,0144 | ---- | M] () -- C:\Users\איריס\Desktop\dexter.409.hdtv.xvid-sys.avi
[2009/11/23 13:17:59 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\איריס\Desktop\HJTInstall.exe
[2009/11/23 13:16:14 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\איריס\Desktop\OTL.exe
[2009/11/23 13:08:56 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Users\איריס\Desktop\TFC.exe
[2009/11/23 11:57:42 | 00,067,483 | ---- | M] () -- C:\Users\איריס\Desktop\dexter.409.hdtv.xvid-sys.srt
[2009/11/23 08:15:40 | 00,060,376 | ---- | M] () -- C:\Users\איריס\Desktop\Pandorum.srt
[2009/11/22 20:43:08 | 00,001,043 | ---- | M] () -- C:\Users\איריס\Desktop\Tiberium Wars.lnk
[2009/11/22 20:42:43 | 00,001,151 | ---- | M] () -- C:\Users\איריס\Desktop\Kane's Wrath.lnk
[2009/11/22 13:59:38 | 00,045,704 | ---- | M] () -- C:\Users\איריס\Desktop\greys.anatomy.s06e10.hdtv.xvid-2hd.srt
[2009/11/21 21:57:23 | 73,421,2096 | ---- | M] () -- C:\Users\איריס\Desktop\Pandorum.avi
[2009/11/20 21:18:34 | 00,034,629 | ---- | M] () -- C:\Users\איריס\Desktop\The.Prisoner.2009.Part01.Arrival.HDTV.XviD-FQM.srt
[2009/11/20 11:07:31 | 00,025,600 | ---- | M] () -- C:\Users\איריס\Desktop\Dear Mary.doc
[2009/11/20 03:51:56 | 36,750,1738 | ---- | M] () -- C:\Users\איריס\Desktop\greys.anatomy.s06e10.hdtv.xvid-2hd.avi
[2009/11/19 21:27:19 | 00,181,760 | ---- | M] () -- C:\Users\איריס\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/19 16:22:04 | 00,001,062 | ---- | M] () -- C:\Users\איריס\Desktop\RA3 Uprising.lnk
[2009/11/19 16:09:35 | 00,000,980 | ---- | M] () -- C:\Users\איריס\Desktop\RA3.lnk
[2009/11/19 15:36:39 | 00,001,050 | ---- | M] () -- C:\Users\Public\Desktop\WorldShift.lnk
[2009/11/19 14:44:19 | 00,030,720 | ---- | M] () -- C:\Users\איריס\Desktop\קורות חיים דוידי.doc
[2009/11/18 15:05:37 | 73,189,1712 | ---- | M] () -- C:\Users\איריס\Desktop\inglourious.basterds.cd2.avi
[2009/11/18 13:26:44 | 00,048,218 | ---- | M] () -- C:\Users\איריס\Desktop\inglourious.basterds.cd2.srt
[2009/11/18 13:26:20 | 00,060,272 | ---- | M] () -- C:\Users\איריס\Desktop\inglourious.basterds.cd1.srt
[2009/11/17 23:27:16 | 73,390,8992 | ---- | M] () -- C:\Users\איריס\Desktop\inglourious.basterds.cd1.avi
[2009/11/17 18:34:21 | 73,492,8896 | ---- | M] () -- C:\Users\איריס\Desktop\Paranormal.Activity.LIMITED.DVDSCR.XViD-BLUR.avi
[2009/11/16 14:18:06 | 00,066,179 | ---- | M] () -- C:\Users\איריס\Desktop\Zombieland.srt
[2009/11/16 10:54:52 | 36,712,8917 | ---- | M] () -- C:\Users\איריס\Desktop\The.Prisoner.2009.Part01.Arrival.HDTV.XviD-FQM.avi
[2009/11/15 20:43:39 | 76,583,4240 | ---- | M] () -- C:\Users\איריס\Desktop\Ajami.avi
[2009/11/12 03:21:28 | 00,403,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/11 11:07:28 | 00,001,741 | ---- | M] () -- C:\Users\איריס\Desktop\ .lnk
[2009/11/10 14:25:05 | 00,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2009/11/10 14:23:51 | 00,179,792 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2009/11/10 14:23:44 | 00,029,520 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2009/11/10 14:23:43 | 00,128,888 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2009/11/10 09:24:01 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/11/09 18:14:01 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/11/09 18:14:01 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/11/09 18:13:55 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/11/09 18:13:55 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/11/08 22:57:47 | 01,105,950 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/08 22:57:47 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/08 22:57:47 | 00,359,042 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2009/11/08 22:57:47 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/08 22:57:47 | 00,068,638 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
[2009/11/06 17:07:04 | 73,375,5392 | ---- | M] () -- C:\Users\איריס\Desktop\Yeladim Sorgim.avi
[2009/11/05 19:53:10 | 00,001,140 | ---- | M] () -- C:\Users\איריס\Desktop\Riddick.lnk
[2009/11/05 19:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/11/03 05:38:53 | 15,201,73056 | ---- | M] () -- C:\Users\איריס\Desktop\Zombieland.avi
[2009/11/02 20:15:38 | 00,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/11/02 05:25:49 | 72,728,6138 | ---- | M] () -- C:\Users\איריס\Desktop\My Sister's Keeper.avi
[2009/10/29 17:53:03 | 00,001,737 | ---- | M] () -- C:\Users\איריס\Desktop\ .lnk
[2009/10/28 18:11:18 | 00,000,896 | ---- | M] () -- C:\Users\איריס\Desktop\some more music.lnk
[2009/10/26 20:32:45 | 00,001,730 | ---- | M] () -- C:\Users\איריס\Desktop\ .lnk

========== Files Created - No Company Name ==========

[2009/11/23 15:53:57 | 00,000,000 | ---- | C] () -- C:\Users\איריס\Desktop\settings.dat
[2009/11/23 15:26:50 | 73,421,2096 | ---- | C] () -- C:\Users\איריס\Desktop\Pandorum.avi
[2009/11/23 13:23:33 | 00,067,483 | ---- | C] () -- C:\Users\איריס\Desktop\dexter.409.hdtv.xvid-sys.srt
[2009/11/23 13:23:32 | 00,060,376 | ---- | C] () -- C:\Users\איריס\Desktop\Pandorum.srt
[2009/11/23 12:55:51 | 57,831,0144 | ---- | C] () -- C:\Users\איריס\Desktop\dexter.409.hdtv.xvid-sys.avi
[2009/11/22 21:50:04 | 36,712,8917 | ---- | C] () -- C:\Users\איריס\Desktop\The.Prisoner.2009.Part01.Arrival.HDTV.XviD-FQM.avi
[2009/11/22 21:18:54 | 36,750,1738 | ---- | C] () -- C:\Users\איריס\Desktop\greys.anatomy.s06e10.hdtv.xvid-2hd.avi
[2009/11/22 20:43:08 | 00,001,043 | ---- | C] () -- C:\Users\איריס\Desktop\Tiberium Wars.lnk
[2009/11/22 20:42:43 | 00,001,151 | ---- | C] () -- C:\Users\איריס\Desktop\Kane's Wrath.lnk
[2009/11/22 20:11:08 | 00,045,704 | ---- | C] () -- C:\Users\איריס\Desktop\greys.anatomy.s06e10.hdtv.xvid-2hd.srt
[2009/11/22 20:11:06 | 00,034,629 | ---- | C] () -- C:\Users\איריס\Desktop\The.Prisoner.2009.Part01.Arrival.HDTV.XviD-FQM.srt
[2009/11/19 16:57:45 | 00,025,600 | ---- | C] () -- C:\Users\איריס\Desktop\Dear Mary.doc
[2009/11/19 16:22:04 | 00,001,062 | ---- | C] () -- C:\Users\איריס\Desktop\RA3 Uprising.lnk
[2009/11/19 16:09:35 | 00,000,980 | ---- | C] () -- C:\Users\איריס\Desktop\RA3.lnk
[2009/11/19 15:36:39 | 00,001,050 | ---- | C] () -- C:\Users\Public\Desktop\WorldShift.lnk
[2009/11/19 14:54:54 | 28,138,53695 | ---- | C] () -- C:\Users\איריס\Desktop\REDZIKIII.iso
[2009/11/19 14:11:25 | 00,030,720 | ---- | C] () -- C:\Users\איריס\Desktop\קורות חיים דוידי.doc
[2009/11/18 13:56:31 | 00,060,272 | ---- | C] () -- C:\Users\איריס\Desktop\inglourious.basterds.cd1.srt
[2009/11/18 13:56:31 | 00,048,218 | ---- | C] () -- C:\Users\איריס\Desktop\inglourious.basterds.cd2.srt
[2009/11/18 13:54:51 | 73,189,1712 | ---- | C] () -- C:\Users\איריס\Desktop\inglourious.basterds.cd2.avi
[2009/11/17 18:12:09 | 73,390,8992 | ---- | C] () -- C:\Users\איריס\Desktop\inglourious.basterds.cd1.avi
[2009/11/16 13:49:57 | 15,201,73056 | ---- | C] () -- C:\Users\איריס\Desktop\Zombieland.avi
[2009/11/16 13:49:01 | 73,492,8896 | ---- | C] () -- C:\Users\איריס\Desktop\Paranormal.Activity.LIMITED.DVDSCR.XViD-BLUR.avi
[2009/11/15 19:38:18 | 76,583,4240 | ---- | C] () -- C:\Users\איריס\Desktop\Ajami.avi
[2009/11/15 18:05:10 | 00,066,179 | ---- | C] () -- C:\Users\איריס\Desktop\Zombieland.srt
[2009/11/11 11:06:50 | 72,728,6138 | ---- | C] () -- C:\Users\איריס\Desktop\My Sister's Keeper.avi
[2009/11/06 15:07:51 | 73,375,5392 | ---- | C] () -- C:\Users\איריס\Desktop\Yeladim Sorgim.avi
[2009/11/05 19:53:10 | 00,001,140 | ---- | C] () -- C:\Users\איריס\Desktop\Riddick.lnk
[2009/11/05 13:36:14 | 74,184,0896 | ---- | C] () -- C:\Users\איריס\Desktop\Vicky Christina Barcelona.avi
[2009/11/02 17:55:23 | 73,449,6768 | ---- | C] () -- C:\Users\איריס\Desktop\Ma Kashur.avi
[2009/11/02 17:53:29 | 50,987,4176 | ---- | C] () -- C:\Users\איריס\Desktop\Asi Ve Guri.avi
[2009/10/29 12:46:28 | 73,181,7984 | ---- | C] () -- C:\Users\איריס\Desktop\Eddie Murphy.avi
[2009/10/29 12:45:02 | 38,299,1877 | ---- | C] () -- C:\Users\איריס\Desktop\Eli Ve Mariano.wmv
[2009/10/27 20:23:21 | 88,375,9104 | ---- | C] () -- C:\Users\איריס\Desktop\Into The Wild.AVI
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/27 21:45:23 | 00,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/04/27 21:45:21 | 00,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/04/26 20:50:53 | 00,000,145 | ---- | C] () -- C:\Windows\game.INI
[2009/03/19 13:08:00 | 00,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2009/03/19 13:08:00 | 00,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2009/01/22 23:09:26 | 00,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/01/08 05:03:26 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/01/08 04:47:51 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/01/06 02:24:56 | 00,181,760 | ---- | C] () -- C:\Users\איריס\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/04 22:51:43 | 00,000,039 | ---- | C] () -- C:\Windows\ideq32.ini
[2009/01/04 20:59:46 | 00,789,962 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/01/04 20:59:46 | 00,229,376 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/01/04 20:59:46 | 00,204,800 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/01/04 20:59:46 | 00,156,715 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/01/04 20:59:46 | 00,111,616 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/01/04 20:59:45 | 00,242,688 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/01/04 20:59:45 | 00,146,944 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/01/04 20:59:45 | 00,111,104 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/01/04 20:59:45 | 00,082,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/01/04 20:59:45 | 00,044,544 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/01/04 20:59:45 | 00,041,472 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2008/12/19 17:15:58 | 04,031,334 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008/12/17 19:41:18 | 00,871,556 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008/12/17 19:22:58 | 00,026,112 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008/12/17 19:22:48 | 00,011,264 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/17 19:17:34 | 00,225,866 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008/12/17 18:59:54 | 00,532,011 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008/12/16 12:28:49 | 04,282,602 | -H-- | C] () -- C:\Users\איריס\AppData\Local\IconCache.db
[2008/12/16 11:54:53 | 00,113,280 | ---- | C] () -- C:\Users\איריס\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/12/11 13:27:02 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/11/21 23:47:52 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/21 23:45:16 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/11/21 23:45:16 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/11/21 23:44:16 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/11/13 03:08:28 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/11/13 03:08:28 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/11/13 03:08:28 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/11/13 03:08:28 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/11/13 03:08:28 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/11/13 03:08:28 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/11/13 02:59:13 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/11/13 02:59:12 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008/11/13 02:49:48 | 00,001,291 | ---- | C] () -- C:\Windows\vm331Rmv.ini
[2008/08/26 22:54:12 | 00,057,344 | ---- | C] () -- C:\Windows\System32\BtwNamespaceExt2.dll
[2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/06/11 09:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/06/11 09:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/06/11 09:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/05 08:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/04/18 20:44:19 | 01,105,950 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2008/01/21 04:24:38 | 00,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2008/01/21 04:24:29 | 00,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2006/11/02 14:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 14:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 14:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 14:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 14:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 14:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:24:31 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 12:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 12:23:31 | 00,000,128 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 09:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:09:45 | 00,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006/11/02 09:09:44 | 00,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 09:09:44 | 00,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 09:09:42 | 00,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006/11/02 09:09:41 | 00,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 09:09:40 | 00,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 09:09:38 | 00,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 09:09:35 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 09:09:31 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 09:09:29 | 00,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 09:09:26 | 00,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 09:09:24 | 00,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 09:09:23 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 09:09:22 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006/11/02 09:09:20 | 00,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 08:25:08 | 00,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2004/10/03 19:50:54 | 00,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
[2001/11/14 23:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/01/09 01:05:35 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Adobe
[2009/01/23 23:47:35 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Ahead
[2009/01/26 23:07:10 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Apple Computer
[2009/09/16 16:58:35 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Babylon
[2009/05/03 00:21:37 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009/01/08 04:54:00 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\DAEMON Tools
[2009/01/08 04:58:14 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\DAEMON Tools Lite
[2009/01/08 04:53:58 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\DAEMON Tools Pro
[2009/01/06 02:24:57 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\DivX
[2009/11/23 16:00:13 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Free Download Manager
[2008/12/16 11:54:25 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Identities
[2009/05/08 20:24:18 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\ImgBurn
[2009/01/17 22:48:40 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Intel
[2008/12/16 12:13:21 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Macromedia
[2009/01/17 13:47:01 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Malwarebytes
[2006/11/02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Media Center Programs
[2009/01/06 02:56:00 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Media Player Classic
[2009/06/10 22:11:47 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Medieval Software
[2009/03/25 18:03:37 | 00,000,000 | --SD | M] -- C:\Users\איריס\AppData\Roaming\Microsoft
[2009/04/20 01:08:38 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\mIRC
[2009/01/20 00:52:35 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Mozilla
[2009/07/22 19:08:21 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Mp3tag
[2009/05/01 13:19:52 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Red Alert 3
[2009/10/13 00:26:31 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Skype
[2009/10/13 00:06:26 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\skypePM
[2009/04/24 21:23:43 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\The Longest Journey
[2009/11/10 15:10:44 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\The Path
[2009/02/18 21:47:28 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\U3
[2009/01/17 18:39:56 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Winamp
[2009/01/17 12:41:26 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\WinRAR
[2009/02/09 23:26:50 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\Wisco
[2009/11/19 16:58:54 | 00,000,000 | ---D | M] -- C:\Users\איריס\AppData\Roaming\WorldShift
[2009/11/23 15:35:28 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/23 15:34:20 | 00,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\איריס\Desktop\Paranormal.Activity.LIMITED.DVDSCR.XViD-BLUR.avi:TOC.WMV
@Alternate Data Stream - 12 bytes -> C:\Users\איריס\Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
< End of report >

next post...

Black Milk · « **Reply #1 on:** November 23, 2009, 04:19:31 PM »

Hi,

Hope you guys can help me with this one. I ran an AVG scan and it came up with 2 infections it couldn't remove. Here's the log:

"Scan ""Scheduled scan"" was finished."
"Infections";"2";"0";"2"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"23 November 2009, Monday, 05:00:01"
"Scan finished:";"23 November 2009, Monday, 05:34:50 (34 minute(s) 48 second(s))"
"Total object scanned:";"511050"
"User who launched the scan:";"SYSTEM"

"Infections"
"File";"Infection";"Result"
"C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe:\$JF\wmplayer.exe";"Trojan horse Dropper.Generic.AQAO";"Infected"
"C:\$Recycle.Bin\S-1-5-21-4097568201-891318238-3029008619-1000\$RQ56APU\Fast and Furious 4.exe";"Trojan horse Dropper.Generic.AQAO";"Infected"

When I try to remove the infections manually (or put them in the vault), I receive this error:

Clicking "Ignore" brings up this error:

Clicking "Go to file"" brings up the same error and takes me to the recycle bin (C:\$Recycle.Bin), which is empty.

So what's with this file? and what's with "wmplayer.exe" that also shows up as an infection?
When I saw that "$JF\wmplayer.exe" bit, I thought maybe it was my friend who plugged in his disk-on-key a few days ago while I was away (hence the letter "F" showing up. Also I have no driver named "F"). His disk-on-key had many files on it and maybe he ran this "Fast and Furious 4.exe" file. Could this be a "ghost" file or something?

MBAM log:

Malwarebytes' Anti-Malware 1.41
Database version: 3217
Windows 6.0.6001 Service Pack 1

23/11/2009 15:51:56
mbam-log-2009-11-23 (15-51-56).txt

Scan type: Quick Scan
Objects scanned: 92213
Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

RootRepeal log:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2009/11/23 15:54
Program Version:      Version 1.3.5.0
Windows Version:      Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x904B0000   Size: 45056   File Visible: No   Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x904BB000   Size: 40960   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAF96A000   Size: 49152   File Visible: No   Signed: -
Status: -

Name: splz.sys
Image Path: C:\Windows\System32\Drivers\splz.sys
Address: 0x8068B000   Size: 1048576   File Visible: No   Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000   Size: 0   File Visible: No   Signed: -
Status: -

Name:
Image Path:
Address: 0x8F9C3000   Size: 53248   File Visible: No   Signed: -
Status: Hidden from the Windows API!

Name:
Image Path:
Address: 0x8F6CD000   Size: 249856   File Visible: No   Signed: -
Status: Hidden from the Windows API!

Processes
-------------------
Path: System
PID: 4   Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1688   Status: Locked to the Windows API!

SSDT
-------------------
#: 012   Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d5f32

#: 021   Function Name: NtAlpcConnectPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d7182

#: 022   Function Name: NtAlpcCreatePort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d6118

#: 054   Function Name: NtConnectPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d5292

#: 060   Function Name: NtCreateFile
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d5ad6

#: 071   Function Name: NtCreatePort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d5174

#: 075   Function Name: NtCreateSection
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d592c

#: 077   Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d6e3c

#: 078   Function Name: NtCreateThread
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d4d3a

#: 129   Function Name: NtDuplicateObject
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d4a9c

#: 165   Function Name: NtLoadDriver
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d6abe

#: 174   Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d5516

#: 186   Function Name: NtOpenFile
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d5d1a

#: 194   Function Name: NtOpenProcess
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d47cc

#: 197   Function Name: NtOpenSection
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d57a6

#: 201   Function Name: NtOpenThread
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d4944

#: 276   Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d65d8

#: 286   Function Name: NtSecureConnectPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d685a

#: 317   Function Name: NtSetSystemInformation
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d6c6c

#: 326   Function Name: NtShutdownSystem
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d54b0

#: 332   Function Name: NtSystemDebugControl
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d569a

#: 334   Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d503e

#: 335   Function Name: NtTerminateThread
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d4f0c

#: 382   Function Name: NtCreateThreadEx
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8f5d6224

==EOF==

next post...

News:

AuthorTopic: [RESOLVED] [3 Posts] "Fast and Furious 4.exe" / "Trojan horse Dropper.Generic.AQAO" (Read 557 times)

Black Milk

Re: [3 Posts] "Fast and Furious 4.exe" / "Trojan horse Dropper.Generic.AQAO"

Essexboy

Re: [3 Posts] "Fast and Furious 4.exe" / "Trojan horse Dropper.Generic.AQAO"

Black Milk

Re: [3 Posts] "Fast and Furious 4.exe" / "Trojan horse Dropper.Generic.AQAO"

Essexboy

Re: [3 Posts] "Fast and Furious 4.exe" / "Trojan horse Dropper.Generic.AQAO"

Black Milk

Re: [3 Posts] "Fast and Furious 4.exe" / "Trojan horse Dropper.Generic.AQAO"

Essexboy

Re: [3 Posts] "Fast and Furious 4.exe" / "Trojan horse Dropper.Generic.AQAO"

Black Milk

Re: [3 Posts] "Fast and Furious 4.exe" / "Trojan horse Dropper.Generic.AQAO"

Essexboy

Re: [3 Posts] "Fast and Furious 4.exe" / "Trojan horse Dropper.Generic.AQAO"

Black Milk

Re: [3 Posts] "Fast and Furious 4.exe" / "Trojan horse Dropper.Generic.AQAO"

Essexboy

Re: [3 Posts] "Fast and Furious 4.exe" / "Trojan horse Dropper.Generic.AQAO"

Black Milk

Re: [3 Posts] "Fast and Furious 4.exe" / "Trojan horse Dropper.Generic.AQAO"

Black Milk

Re: [2 Posts] "Fast and Furious 4.exe" / "Trojan horse Dropper.Generic.AQAO"

Black Milk

[RESOLVED] [3 Posts] "Fast and Furious 4.exe" / "Trojan horse Dropper.Generic.AQAO"

Quick Reply

==>Think your PC is infected? Click here for OTL Log Analysis and Malware Removal Assistance<==