Win7 Security

View previous topic View next topic Go down

Win7 Security

Post by fairydraik on Sat Dec 10, 2011 3:44 am

This virus is driving me BONKERS. It sometimes won't let me access programs, especially ones that ccess the internet, although opening a link from Skype or some such gets past its "this site is unsafe" fake warning pge and allows me access to the rest of the net. It can't seem to block access to programs run as Administrator.

Oh, BTW, I'm not on the computer listed in my profile - I'm on a 64-bit Windows 7 Lenovo ThinkPad, which ahppens to be my school computer. Which means I have this weekend to fix it bfore the teachers make me reformat my hard drive. Wonderful.

Is there anything we can do to at least get this under control? I've deleted all my cookies, all my temp internet files, etc. I don't remember the lessons my other computer teacher gave me on manully getting rid of virses, and I'm not confident enough to play around with the registry yet, which my mom is wonderful at but I just don't feel comfortable with.

The symptoms of the attack are the usual from a fake AV program - fake warning popups, balloons, etc., with the occasional fake "scan" showing zillions of viruses that don't exist.

The OTL scan is completing as we speak; when that's done, I'll edit it into my post. Thak you so much in advance for helping me out Big Grin

Edit: Okay, her'e the OTL files. Also, sorry I'm not in the GPA post, but since I haven't had a reply to my most recent message which was like, two months ago, I'm assuming I've been kicked out for good this time?

OTL logfile created on: 12/9/2011 10:31:03 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Miri\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 56.99% Memory free
7.68 Gb Paging File | 5.83 Gb Available in Paging File | 75.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.95 Gb Total Space | 48.39 Gb Free Space | 21.80% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 1.92 Gb Free Space | 19.69% Space Free | Partition Type: NTFS

Computer Name: MIRI-THINK | User Name: Miri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/09 22:30:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Miri\Desktop\OTL.com
PRC - [2011/12/09 22:00:52 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Users\Miri\AppData\Local\jts.exe
PRC - [2011/11/10 17:11:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/26 06:34:10 | 002,816,328 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2011/09/20 11:39:48 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/09/19 05:31:10 | 002,221,200 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2011/09/19 05:30:52 | 003,663,488 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/25 22:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011/03/25 22:42:04 | 000,129,648 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2011/03/25 22:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011/03/25 22:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011/03/25 21:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/07/30 02:07:50 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2010/07/27 15:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010/07/27 15:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/07/27 03:05:02 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/04/25 23:46:34 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/07 00:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/04/06 22:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/04/01 00:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009/11/23 23:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/08/28 16:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/03/05 02:28:28 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/08 10:42:48 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/10 17:11:24 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detour32.dll
MOD - [2011/06/21 08:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011/06/20 08:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011/06/20 06:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011/06/20 06:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011/06/20 06:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011/06/20 06:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011/05/26 04:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011/05/26 04:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2009/08/28 16:27:20 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\Lenovo\CDRecord.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/21 07:02:17 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/27 15:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2010/07/27 15:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2010/07/15 00:23:58 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2010/06/16 15:44:38 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2010/04/07 00:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010/04/06 22:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009/11/18 00:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Disabled | Stopped] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/09/21 18:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/09/21 18:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/09/19 05:31:10 | 002,221,200 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/25 22:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/03/25 22:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011/03/25 22:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/03/25 21:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/09/17 19:50:54 | 000,259,432 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010/09/17 19:50:48 | 000,124,264 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/08/24 13:30:00 | 000,075,112 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010/08/19 12:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 15:54:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/08/28 16:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/08/04 23:36:56 | 000,362,992 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/08/04 23:36:46 | 000,313,840 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/08/04 23:33:46 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2009/08/04 23:33:34 | 000,166,384 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2009/08/04 23:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 15:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 15:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 15:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 15:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 15:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 15:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/19 23:07:51 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/03/25 22:43:06 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011/03/25 22:43:04 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/03/25 22:41:18 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011/03/25 22:41:08 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011/03/25 21:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/03/25 19:05:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/03/25 19:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011/03/25 19:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 14:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/24 13:30:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/16 15:44:38 | 000,136,816 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2010/06/16 15:44:38 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/04/22 03:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/14 22:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/27 03:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/11/18 00:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009/09/15 14:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/08/13 00:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/09 16:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/18 00:23:42 | 000,143,320 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/05/12 04:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV - [2010/08/19 12:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.1.2008d
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.0.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.9
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/07 09:24:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 17:11:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/10 17:04:36 | 000,000,000 | ---D | M]

[2011/11/07 14:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miri\AppData\Roaming\Mozilla\Extensions
[2011/11/07 14:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miri\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2011/11/10 17:11:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/07 12:43:56 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2011/11/07 12:43:55 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2011/11/07 12:43:55 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2011/11/07 12:43:55 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2011/11/07 12:43:55 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2011/11/07 12:43:55 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2011/11/07 12:43:55 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2011/11/10 17:11:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/10/11 21:46:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 17:11:24 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3B24B18-B9F8-4C62-B567-B12B46B8907D}: DhcpNameServer = 99.99.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9FBDCF9-F1C7-4580-BE1C-44C69F5E07C6}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 11:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{7f4273f9-e37f-11e0-b016-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{7f4273f9-e37f-11e0-b016-005056c00008}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{ceb50219-8292-11e0-90c3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ceb50219-8292-11e0-90c3-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 16:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = ah] -- "C:\Users\Miri\AppData\Local\jts.exe" -a "%1" %* (Microsoft Corporation)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpReg: AcWin7Hlpr - hkey= - key= - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: ISW - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: LENOVO.TPKNRRES - hkey= - key= - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
MsConfig:64bit - StartUpReg: Message Center Plus - hkey= - key= - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MsConfig:64bit - StartUpReg: PlusService - hkey= - key= - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
MsConfig:64bit - StartUpReg: PWMTRV - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: TpShocks - hkey= - key= - C:\Windows\SysNative\TpShocks.exe (Lenovo.)
MsConfig:64bit - StartUpReg: ZoneAlarm Installer - hkey= - key= - C:\Program Files (x86)\CheckPoint\Install\Launcher.exe (Check Point Software Technologies LTD)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: vsmon - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.tscc - C:\Windows\SysWow64\TSCCVID.DLL (TechSmith Corporation)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
Drivers32: VIDC.WMV3 - C:\Windows\SysWow64\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/09 22:34:37 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Miri\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/09 22:32:30 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Miri\Desktop\aswMBR.exe
[2011/12/09 22:30:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Miri\Desktop\OTL.com
[2011/12/09 22:00:52 | 000,304,128 | ---- | C] (Microsoft Corporation) -- C:\Users\Miri\AppData\Local\jts.exe
[2011/12/09 11:57:17 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{499A00FA-F31F-426A-B101-A33589F4EAC0}
[2011/12/09 11:56:56 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{1188D66D-1515-4955-9492-EB7C88690264}
[2011/12/08 23:56:32 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{112E3B98-8EFF-4542-B43E-7BFD298E5CBB}
[2011/12/08 23:56:11 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{A5F88F3E-29D7-4682-AD4F-48701643944B}
[2011/12/08 11:55:46 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{1F1BA27B-6593-47AC-B004-835A0D992BCE}
[2011/12/08 11:55:36 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{93B07649-0C6B-41C0-A74B-38BD272C4D21}
[2011/12/07 23:26:11 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2011/12/07 23:26:11 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011/12/07 23:26:11 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2011/12/07 23:26:10 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011/12/07 23:26:10 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011/12/07 23:26:06 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2011/12/07 23:26:06 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win7 Security

Post by fairydraik on Sat Dec 10, 2011 3:58 am

[2011/12/07 23:26:04 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2011/12/07 23:26:04 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011/12/07 23:26:02 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2011/12/07 23:26:02 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011/12/07 23:26:01 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011/12/07 23:26:01 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2011/12/07 23:25:59 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2011/12/07 23:25:59 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/12/07 23:25:58 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2011/12/07 23:25:58 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011/12/07 23:25:58 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011/12/07 23:25:57 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011/12/07 23:25:57 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2011/12/07 23:25:56 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011/12/07 23:25:56 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011/12/07 23:25:55 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011/12/07 23:25:55 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011/12/07 23:25:55 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2011/12/07 23:25:55 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011/12/07 23:25:53 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2011/12/07 23:25:53 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/12/07 23:25:52 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2011/12/07 23:25:52 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011/12/07 23:25:52 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011/12/07 23:25:52 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011/12/07 23:25:51 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011/12/07 23:25:51 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2011/12/07 23:25:51 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011/12/07 23:25:51 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011/12/07 23:25:50 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2011/12/07 23:25:50 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/12/07 23:25:50 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011/12/07 23:25:50 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/12/07 23:25:49 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011/12/07 23:25:49 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2011/12/07 23:25:48 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011/12/07 23:25:48 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/12/07 23:25:48 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2011/12/07 23:25:48 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/12/07 23:25:47 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2011/12/07 23:25:47 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/12/07 23:25:46 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2011/12/07 23:25:46 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011/12/07 23:25:46 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011/12/07 23:25:46 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2011/12/07 23:25:46 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011/12/07 23:25:46 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011/12/07 23:25:45 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2011/12/07 23:25:45 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011/12/07 23:25:45 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2011/12/07 23:25:45 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011/12/07 23:25:45 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011/12/07 23:25:45 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011/12/07 23:25:43 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2011/12/07 23:25:43 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011/12/07 23:25:42 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2011/12/07 23:25:42 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011/12/07 23:25:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011/12/07 23:25:42 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2011/12/07 23:25:41 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011/12/07 23:25:41 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011/12/07 23:25:41 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2011/12/07 23:25:41 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011/12/07 23:25:41 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011/12/07 23:25:41 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011/12/07 23:25:40 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2011/12/07 23:25:40 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011/12/07 23:07:32 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{0C073C97-380B-49E5-8801-CAB313654FFD}
[2011/12/07 23:07:06 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{A4185D02-7121-4551-8A50-6A3B1B25591B}
[2011/12/07 11:56:31 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Roaming\Apple Computer
[2011/12/07 11:56:31 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\Apple Computer
[2011/12/07 11:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/07 11:55:35 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011/12/07 11:55:35 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011/12/07 11:55:35 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/12/07 11:55:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/12/07 11:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/07 11:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/07 11:54:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/07 11:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/12/07 11:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/12/07 11:54:01 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\Apple
[2011/12/07 11:53:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/12/07 11:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/12/07 11:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/07 11:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/12/07 11:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/12/07 11:53:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/12/07 11:06:42 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{BD2937EC-EB67-4ED4-8C2E-962724106475}
[2011/12/07 11:06:33 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{4D777C9F-5E32-4F6B-A4F0-08F01F19703A}
[2011/12/06 17:30:27 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{3A4743C0-3891-4309-BAC9-655D16C3B0DC}
[2011/12/06 17:30:04 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{091FBF51-FAD1-433E-AF5D-93EDC4EFA0F6}
[2011/12/05 20:36:12 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{A4CBF76C-B1EA-4C8A-B16D-C083B3B66050}
[2011/12/05 20:36:02 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{BD91AE26-458C-4760-8F20-103E6E660726}
[2011/12/05 09:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TestOut
[2011/12/05 09:33:15 | 000,215,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msadds32.ax
[2011/12/05 09:33:15 | 000,049,152 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\TSCCVID.DLL
[2011/12/05 09:33:15 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WMV9 VCM
[2011/12/05 09:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\WMV9_VCM
[2011/12/05 09:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TESTOUT
[2011/12/05 08:43:59 | 000,000,000 | ---D | C] -- C:\Users\Miri\Desktop\Labsims
[2011/12/05 08:06:08 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{B773FD27-3497-4240-AD60-B3D7F90687B1}
[2011/12/05 08:05:45 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{D5F3CE90-226F-4D01-A34C-B766EC5AA087}
[2011/12/02 21:59:19 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{1F7F73E1-52C7-4B8F-B32F-6E087019EBC0}
[2011/12/02 09:58:47 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{826E5231-EEA9-4FEC-BDEC-5C7B986A05B0}
[2011/12/02 09:58:37 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{7E329879-D995-46A7-9BF0-5083F5DA5302}
[2011/12/01 21:31:48 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{648FB1C1-8A6D-4F40-A880-3EDD977B3E97}
[2011/12/01 21:31:27 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{7361863B-E458-4384-ACA3-B233AF11213A}
[2011/12/01 09:31:02 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{EEB0FEB2-8EE3-4FAC-8C90-7FBC2380A5DB}
[2011/12/01 09:30:40 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{3C6B5A4B-DADC-4776-8A9C-C0C3283000D3}
[2011/11/30 21:30:16 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{EC5B8380-4B23-40A2-B4B1-76435FB04FBA}
[2011/11/30 21:29:32 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{09FDD3D2-3296-4842-91C1-D12F9A918797}
[2011/11/30 07:55:45 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{D1FAA860-2933-4702-84E8-5960A3204D0F}
[2011/11/30 07:55:21 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{7BD2C836-0AA1-4860-B2FE-67341CE14A12}
[2011/11/30 07:13:01 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{AA3C6CED-1391-4884-95C3-97211D0635AA}
[2011/11/29 11:00:39 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{52AF918F-177B-43F7-A6DF-B3CDA7752955}
[2011/11/29 11:00:17 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{BC031FCF-CB35-4203-99D6-07D680594639}
[2011/11/28 22:59:49 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{865A39F5-2DD7-4A7D-B4E1-FFDB09CAEAB5}
[2011/11/28 22:59:28 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{ED24E9B2-E9EC-4FC9-9481-0D824E53A2C5}
[2011/11/28 10:59:03 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{1CDB4020-E048-424D-A74D-92909FABD056}
[2011/11/28 10:58:52 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{9DE86002-840A-450D-B66F-9FB55032C5B3}
[2011/11/28 10:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2011/11/27 22:58:28 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{668FCFB5-FB53-499E-B21B-AE6531EC61DB}
[2011/11/27 22:58:07 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{FBCD19D6-326C-42FB-AE9E-DB446108D4EE}
[2011/11/27 10:57:44 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{759EE9E4-93E2-4E88-9E6A-6608F478F98C}
[2011/11/27 10:57:34 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{7B7BE6F8-1325-4EEF-AFF9-68DEB104E258}
[2011/11/26 22:34:12 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{01E19D1E-54EF-4752-8548-9CC9DEC73B81}
[2011/11/26 22:34:02 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{11AA1395-50C7-4A37-A541-1C9EF5720AAC}
[2011/11/26 12:04:42 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/11/25 20:59:09 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{FB580491-AFB6-4E43-91F0-035871D4A658}
[2011/11/25 10:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Giraffic
[2011/11/25 10:46:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Giraffic
[2011/11/25 10:46:09 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Veoh Networks, Inc
[2011/11/25 10:46:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh Networks
[2011/11/25 08:58:36 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{BD3AF16F-25DC-43C9-A2DF-E93EE7BA7F1D}
[2011/11/25 08:58:25 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{81BA77C6-5AB0-4BB1-8C40-6E67BB4E5466}
[2011/11/23 20:32:09 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{DA60C50B-9CAF-458D-A217-E04FAB707226}
[2011/11/23 20:31:48 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{A64049C9-FBEB-4A42-B779-85AB2D82F849}
[2011/11/23 12:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2011/11/23 08:31:22 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{1D63AB6C-E755-491A-AB43-54F972678290}
[2011/11/23 08:30:59 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{432ADF46-624A-4B03-B2DD-E1CD06497C84}
[2011/11/23 07:17:31 | 000,000,000 | ---D | C] -- C:\A
[2011/11/22 20:30:35 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{76EB3323-6007-4164-B00B-C252582514A3}
[2011/11/22 20:30:13 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{CACF822E-036F-4074-B0F0-E4A8AFD18A26}
[2011/11/22 08:29:47 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{F123BAFB-C55A-44FA-B9F2-7E0F99961BDD}
[2011/11/22 08:29:25 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{787870AF-61C0-43D6-9F36-33B19B6FF9BD}
[2011/11/21 20:29:00 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{914120B3-52CB-4FAC-88FB-40A2A7608F8C}
[2011/11/21 20:28:38 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{16F5C0B0-E730-4CC0-98CD-9DBC50A8AB9B}
[2011/11/21 08:28:12 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{E9A62586-18EE-474C-A88C-E912705A8D90}
[2011/11/21 08:27:48 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{96164D2E-3B84-4F2A-A8F2-DEFA4A23D174}
[2011/11/20 11:05:16 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{821DDA5A-261F-4825-BA6E-6C4407061466}
[2011/11/20 11:04:55 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{BF78473B-09C9-42C1-AA7E-46003BF37C55}
[2011/11/19 23:04:43 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{CBCBDEA7-DBAB-4261-8B87-619925F88EB9}
[2011/11/19 23:04:22 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{7366BD5F-41BA-4C64-8EEF-20A237029CF8}
[2011/11/19 11:03:40 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{C426D529-B806-4A93-9C0B-B670A29D6819}
[2011/11/19 11:03:15 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{6944FF94-C8BF-403F-9CFC-A825DA5C591C}
[2011/11/18 20:03:35 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{FA5AC243-52EA-4D3E-97F2-BC40084986C8}
[2011/11/18 20:03:14 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{A21088DC-C8D4-4091-9D70-4464DB309934}
[2011/11/18 08:02:49 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{6391F3E6-8A34-458F-B249-00B748908731}
[2011/11/18 08:02:27 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{EE31C8C5-8CD1-441A-8169-0C80DFD665DD}
[2011/11/17 20:02:02 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{44D1F652-2A03-4F71-B3DD-9E531BA4BBCC}
[2011/11/17 20:01:41 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{689B824A-6335-40E3-8D68-F51B2B47BF22}
[2011/11/17 08:01:15 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{056360A5-DDA7-46C1-9D99-05779143A88D}
[2011/11/17 08:00:53 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{812B1ABC-6FDC-48F7-B9F6-B6F495308AAB}
[2011/11/16 20:00:27 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{DE89E206-1431-4781-AC26-8B95597331BD}
[2011/11/16 20:00:06 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{1E5F1DB7-27F2-475C-9E3D-2D94DCC91EDE}
[2011/11/16 08:44:33 | 000,000,000 | ---D | C] -- C:\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
[2011/11/16 07:59:40 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{3ECB1ACC-87D6-4C6E-A806-2EDAA3CF9656}
[2011/11/16 07:59:28 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{46F479BA-04EE-401F-A271-4CAB69A97F8A}
[2011/11/15 19:59:05 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{901E2156-B813-4A54-A0C5-113EBC95D448}
[2011/11/15 19:58:44 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{649EFC5E-83F0-4900-8CBB-4F09AD01E4B4}
[2011/11/15 07:58:19 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{E8A2247F-E4C2-4A21-9C7A-E7D785D07B28}
[2011/11/15 07:58:07 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{2F154C05-B4F0-4B14-ADC0-A2FBDE52D5B1}
[2011/11/14 17:23:59 | 000,000,000 | ---D | C] -- C:\Users\Miri\Documents\Amazon MP3
[2011/11/14 17:23:59 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Roaming\Amazon
[2011/11/14 17:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2011/11/14 17:23:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2011/11/14 10:42:38 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{BAFDBCB5-BEF1-43F3-9729-E09B6113125B}
[2011/11/14 10:42:14 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{40015D4C-01FB-4B09-A223-6CC060B9FEF4}
[2011/11/13 22:41:47 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{498423DF-BC15-4655-9942-907AEA7A626C}
[2011/11/13 22:41:25 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{3E277610-F38A-47B2-AE1F-84CFC0A14517}
[2011/11/13 12:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011/11/13 12:29:04 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Roaming\Sony
[2011/11/13 10:40:58 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{A6FB9452-0E50-4702-A07B-C45CF3F313BC}
[2011/11/13 10:40:47 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{71327BFB-F168-4C36-9026-F45B71E57B59}
[2011/11/12 22:15:09 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{1A1B4ABE-752C-443F-A455-CF733994B1B9}
[2011/11/12 22:14:48 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{1937EFAB-AA13-4E93-9365-2345D9FC7BAD}
[2011/11/12 10:14:25 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{CB48C301-61E0-4A48-AD22-26A2A64665E6}
[2011/11/12 10:14:14 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{23F3988A-13AE-4A42-A284-FD65323717C6}
[2011/11/11 20:29:29 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{94DA375A-6D9D-4BD3-8110-6C79E11F6F23}
[2011/11/11 20:29:13 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{0D80746B-0293-4350-9852-2F2ACC277781}
[2011/11/10 22:45:52 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{DD19B0DC-0928-463F-8DF8-2F5ED074A85D}
[2011/11/10 22:45:30 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{8699531C-55A0-4410-BA63-C09BCD186D69}
[2011/11/10 10:45:05 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{8A4ED8D4-8FDF-4FE3-BD83-8833C69D53FF}
[2011/11/10 10:44:42 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{32EEDFCA-E973-4A9A-A1AF-FC923E0CE4A9}
[2011/11/09 22:44:18 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{23118D29-0637-4350-8A8D-22E2ADEEC063}
[2011/11/09 22:44:07 | 000,000,000 | ---D | C] -- C:\Users\Miri\AppData\Local\{A954E7C2-5808-466B-B4B5-C25D4A7F7584}
[2010/02/03 22:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Miri\Documents\*.tmp files -> C:\Users\Miri\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/09 22:34:58 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Miri\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/09 22:32:42 | 000,879,649 | ---- | M] () -- C:\Users\Miri\Desktop\SecurityCheck.exe
[2011/12/09 22:32:31 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Miri\Desktop\aswMBR.exe
[2011/12/09 22:30:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Miri\Desktop\OTL.com
[2011/12/09 22:30:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/09 22:27:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/12/09 22:05:47 | 000,009,826 | -HS- | M] () -- C:\Users\Miri\AppData\Local\763025o6x612j178g650o6kbd1h1
[2011/12/09 22:05:47 | 000,009,826 | -HS- | M] () -- C:\ProgramData\763025o6x612j178g650o6kbd1h1
[2011/12/09 22:02:52 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/09 22:02:52 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/09 22:00:58 | 000,734,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/09 22:00:58 | 000,629,766 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/09 22:00:58 | 000,108,576 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/09 22:00:52 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Users\Miri\AppData\Local\jts.exe
[2011/12/09 21:54:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/09 21:54:18 | 3092,926,464 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/08 10:42:49 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/07 23:27:56 | 000,001,236 | ---- | M] () -- C:\Users\Miri\Desktop\Star Trek Online.lnk
[2011/12/07 22:47:20 | 000,014,211 | ---- | M] () -- C:\Users\Miri\.recently-used.xbel
[2011/12/07 14:43:11 | 000,000,022 | -H-- | M] () -- C:\Users\Miri\AppData\Local\xftredahs.dat
[2011/12/07 11:56:27 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/05 09:33:22 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\TestOut Navigator (Stand-Alone Version).lnk
[2011/11/30 08:41:55 | 000,001,363 | ---- | M] () -- C:\Users\Miri\Desktop\Resume ZoneAlarm Security Install.lnk
[2011/11/28 11:48:40 | 001,846,075 | ---- | M] () -- C:\Users\Miri\Desktop\ProcessExplorer.zip
[2011/11/28 10:57:56 | 000,000,017 | ---- | M] () -- C:\Users\Miri\AppData\Local\resmon.resmoncfg
[2011/11/28 09:00:09 | 000,003,622 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/11/25 10:46:10 | 000,002,248 | ---- | M] () -- C:\Users\Miri\Application Data\Microsoft\Internet Explorer\Quick Launch\Veoh Web Player Beta.lnk
[2011/11/25 10:46:10 | 000,002,226 | ---- | M] () -- C:\Users\Miri\Desktop\Veoh Web Player.lnk
[2011/11/21 17:44:25 | 000,041,745 | ---- | M] () -- C:\Users\Miri\Documents\Shisora thingy.rtf
[2011/11/20 20:20:14 | 000,019,968 | ---- | M] () -- C:\Users\Miri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/17 15:43:35 | 000,019,036 | ---- | M] () -- C:\Users\Miri\Documents\DU ep.3.celtx
[2011/11/16 18:57:21 | 000,007,411 | ---- | M] () -- C:\Users\Miri\Documents\Drake Unleashed- Dark Flame (Episode 3).pdf
[2011/11/14 17:23:35 | 000,002,226 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2011/11/14 17:22:54 | 001,636,096 | ---- | M] () -- C:\Users\Miri\Desktop\AmazonMP3DownloaderInstall.exe
[2011/11/11 22:33:54 | 000,144,428 | ---- | M] () -- C:\Users\Miri\Documents\Rise of Network.rtf
[2011/11/11 12:12:15 | 000,465,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/11 03:35:44 | 000,014,682 | ---- | M] () -- C:\Users\Miri\Desktop\burtons_nightmare.zip
[2011/11/10 14:30:27 | 000,313,770 | ---- | M] () -- C:\Users\Miri\Documents\Picture of me 4.png
[2011/11/10 14:30:02 | 000,319,767 | ---- | M] () -- C:\Users\Miri\Documents\Picture of me 3.png
[2011/11/10 14:29:31 | 000,303,839 | ---- | M] () -- C:\Users\Miri\Documents\Picture of me 2.png
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Miri\Documents\*.tmp files -> C:\Users\Miri\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/09 22:32:42 | 000,879,649 | ---- | C] () -- C:\Users\Miri\Desktop\SecurityCheck.exe
[2011/12/09 22:00:58 | 000,009,826 | -HS- | C] () -- C:\Users\Miri\AppData\Local\763025o6x612j178g650o6kbd1h1
[2011/12/09 22:00:58 | 000,009,826 | -HS- | C] () -- C:\ProgramData\763025o6x612j178g650o6kbd1h1
[2011/12/07 23:27:56 | 000,001,236 | ---- | C] () -- C:\Users\Miri\Desktop\Star Trek Online.lnk
[2011/12/07 22:47:20 | 000,014,211 | ---- | C] () -- C:\Users\Miri\.recently-used.xbel
[2011/12/07 11:56:27 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/07 11:53:58 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/05 09:33:22 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\TestOut Navigator (Stand-Alone Version).lnk
[2011/11/28 11:48:39 | 001,846,075 | ---- | C] () -- C:\Users\Miri\Desktop\ProcessExplorer.zip
[2011/11/28 10:57:56 | 000,000,017 | ---- | C] () -- C:\Users\Miri\AppData\Local\resmon.resmoncfg
[2011/11/28 10:35:16 | 000,001,363 | ---- | C] () -- C:\Users\Miri\Desktop\Resume ZoneAlarm Security Install.lnk
[2011/11/28 09:00:09 | 000,003,622 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/11/25 10:46:10 | 000,002,248 | ---- | C] () -- C:\Users\Miri\Application Data\Microsoft\Internet Explorer\Quick Launch\Veoh Web Player Beta.lnk
[2011/11/25 10:46:10 | 000,002,226 | ---- | C] () -- C:\Users\Miri\Desktop\Veoh Web Player.lnk
[2011/11/21 17:44:25 | 000,041,745 | ---- | C] () -- C:\Users\Miri\Documents\Shisora thingy.rtf
[2011/11/17 15:43:35 | 000,019,036 | ---- | C] () -- C:\Users\Miri\Documents\DU ep.3.celtx
[2011/11/16 18:37:06 | 000,007,411 | ---- | C] () -- C:\Users\Miri\Documents\Drake Unleashed- Dark Flame (Episode 3).pdf
[2011/11/14 17:23:35 | 000,002,226 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2011/11/14 17:22:53 | 001,636,096 | ---- | C] () -- C:\Users\Miri\Desktop\AmazonMP3DownloaderInstall.exe
[2011/11/11 03:35:43 | 000,014,682 | ---- | C] () -- C:\Users\Miri\Desktop\burtons_nightmare.zip
[2011/11/10 14:39:16 | 000,319,767 | ---- | C] () -- C:\Users\Miri\Documents\Picture of me 3.png
[2011/11/10 14:39:16 | 000,313,770 | ---- | C] () -- C:\Users\Miri\Documents\Picture of me 4.png
[2011/11/10 14:39:16 | 000,303,839 | ---- | C] () -- C:\Users\Miri\Documents\Picture of me 2.png
[2011/11/10 14:39:16 | 000,224,091 | ---- | C] () -- C:\Users\Miri\Documents\Picture of me 1.png
[2011/10/14 07:01:06 | 000,019,968 | ---- | C] () -- C:\Users\Miri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/29 09:27:29 | 000,000,022 | -H-- | C] () -- C:\Users\Miri\AppData\Local\xftredahs.dat
[2011/09/06 09:21:35 | 000,747,682 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/02 00:35:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/08/01 20:00:52 | 000,000,074 | ---- | C] () -- C:\Users\Miri\AppData\Roaming\evplay.prf
[2010/12/29 00:23:14 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/06/23 10:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/23 10:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/03/15 03:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/09/10 02:34:15 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/09/10 02:34:13 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/09/10 02:34:13 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/09/10 02:34:12 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/02/05 18:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/11/14 17:22:54 | 001,636,096 | ---- | M] () -- C:\Users\Miri\Desktop\AmazonMP3DownloaderInstall.exe
[2011/12/09 22:32:31 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Miri\Desktop\aswMBR.exe
[2011/12/09 22:34:58 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Miri\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/09 22:32:42 | 000,879,649 | ---- | M] () -- C:\Users\Miri\Desktop\SecurityCheck.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/11/10 17:11:24 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2011/11/10 17:11:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2011/11/10 17:11:24 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[2011/11/10 17:11:24 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/07/28 01:19:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/11/14 17:23:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Amazon
[2011/12/07 11:53:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011/11/01 22:52:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2011/08/04 20:19:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Belarc
[2011/12/07 11:53:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011/11/27 00:05:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Celtx
[2011/11/28 10:35:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CheckPoint
[2011/05/19 22:47:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2011/09/29 08:10:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Combined Community Codec Pack
[2011/12/07 11:53:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/12/09 22:25:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Giraffic
[2011/05/19 22:59:28 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/05/19 22:46:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2011/08/02 03:15:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/05/19 22:59:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\InterVideo
[2011/12/07 11:55:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2011/10/10 17:04:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/05/19 22:46:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JMicron
[2011/11/01 22:27:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lame For Audacity
[2011/05/19 23:16:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lenovo
[2011/08/17 10:52:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/19 23:16:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/08/02 01:50:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2011/07/28 21:25:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011/05/19 23:11:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/05/19 23:15:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/07/28 21:25:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011/07/28 21:22:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/08/02 01:46:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2011/07/28 21:25:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011/11/10 17:11:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2011/07/28 21:25:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/08/02 01:50:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011/10/22 12:36:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NCH Software
[2011/07/30 05:56:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Oldgames
[2011/10/29 10:09:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
[2011/10/10 10:17:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PuTTY
[2011/05/19 22:49:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/05/19 23:02:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio
[2011/11/08 19:24:53 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2011/05/19 23:02:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sonic Icons for Lenovo
[2011/05/19 22:49:10 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2011/12/05 09:33:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TESTOUT
[2011/05/19 22:52:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ThinkPad
[2009/07/13 23:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2011/11/25 10:46:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Veoh Networks
[2011/05/19 23:07:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Verizon Wireless
[2011/07/28 01:18:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2011/09/06 09:20:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VMware
[2011/07/28 01:03:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Win7codecs
[2011/09/28 14:05:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Winamp
[2011/09/28 14:05:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Winamp Detect
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/05/19 23:15:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2010/11/20 22:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/09/21 11:55:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinPcap
[2011/10/10 17:22:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\YouTube Downloader
[2011/10/12 18:26:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yuna Software


< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTOR.SYS >
[2010/01/14 22:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\SWTOOLS\DRIVERS\IMSM\iaStor.sys
[2010/01/14 22:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/01/14 22:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5d42c6448888c5bd\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 22:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 22:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 22:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 22:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 22:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 22:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/10 17:11:24 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/10 17:11:24 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/10 17:11:24 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Users\Miri\AppData\Local\jts.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2011/12/09 22:00:52 | 000,304,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/11/10 17:11:24 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Users\Miri\AppData\Local\jts.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/09 22:00:52 | 000,304,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 22:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 22:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 22:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 22:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Users\Miri\AppData\Local\jts.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/12/09 22:00:52 | 000,304,128 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/11/10 17:11:24 | 000,713,560 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/11/10 17:11:24 | 000,713,560 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/11/10 17:11:24 | 000,713,560 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\USERS\MIRI\APPDATA\LOCAL\JTS.EXE" -A "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2011/12/09 22:00:52 | 000,304,128 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/11/10 17:11:24 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\USERS\MIRI\APPDATA\LOCAL\JTS.EXE" -A "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/12/09 22:00:52 | 000,304,128 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 22:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\USERS\MIRI\APPDATA\LOCAL\JTS.EXE" -A "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/12/09 22:00:52 | 000,304,128 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Miri\Documents\X-Ray Dog - The Prophet.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Miri\Documents\Two Steps From Hell - Ironheart.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Miri\Documents\Here Comes The King - X Ray Dog.mp3:TOC.WMV

< End of report >

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win7 Security

Post by fairydraik on Sat Dec 10, 2011 3:59 am

Aaaand here's the Extras log. Next, the aswMBR!

OTL Extras logfile created on: 12/9/2011 10:31:03 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Miri\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 56.99% Memory free
7.68 Gb Paging File | 5.83 Gb Available in Paging File | 75.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.95 Gb Total Space | 48.39 Gb Free Space | 21.80% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 1.92 Gb Free Space | 19.69% Space Free | Partition Type: NTFS

Computer Name: MIRI-THINK | User Name: Miri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = ah] -- C:\Users\Miri\AppData\Local\jts.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{031DC872-4607-463F-927C-D6C3B35AEB3D}" = Blaine's Flash Transition
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{259614D5-E8B8-4963-A2C6-F7B1946F73A6}" = Blaine's TV Ratings Overlay Titles
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{2C094D44-8F5E-4F7F-83AE-719B486E7672}" = Blaine's Blends (Translucency and Compositing)
"{35F7B5BB-670F-4E71-9ED2-C772F17B3C8F}" = Blaine's Custom Speed Effects
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4CE1D157-CFEB-480B-92B9-3E3E344FFEE4}" = Blaine's Camcorder Overlay Title
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9554461E-95E6-4798-B2FB-F9907FBD88B3}" = Blaine's Letterbox Effects
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C2285FCD-C476-463F-AF7C-A7A9715F8CC3}" = Blaine's Resize Effects
"{C426AF87-96B7-4A03-86CB-0CA81213F131}" = Blaine's Transition Pack 2 (MultiSlide)
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6" = Windows Driver Package - Intel (iaStor) hdc (01/15/2010 9.5.7.1002)
"CCleaner" = CCleaner
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"GIMP-2_is1" = GIMP 2.6.10
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"ShaderTFX_is1" = ShaderTFX version 1.1
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7
"Windows Movie Maker" = Windows Movie Maker

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{986AB50A-A527-4F6D-8E8B-87FC3F0C2DBA}" = Mobile Broadband
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.14
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.2
"Celtx (2.9.1)" = Celtx (2.9.1)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"DragonNest" = DragonNest
"ExpressZip" = Express Zip File Compression Software
"Giraffic" = Veoh Giraffic Video Accelerator
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Lenovo Welcome_is1" = Lenovo Welcome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Messenger Plus!" = Messenger Plus! 5
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Prism" = Prism Video File Converter
"PROPLUS" = Microsoft Office Professional Plus 2007
"PuTTY_is1" = PuTTY version 0.60
"Star Trek Online" = Star Trek Online
"Switch" = Switch Sound File Converter
"TestOut Product Navigator (SA)" = TestOut Navigator (Stand-Alone Version)
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.11
"VMware_Workstation" = VMware Workstation
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.2
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"ZoneAlarm Free" = ZoneAlarm Free

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/3/2011 7:21:42 PM | Computer Name = Miri-THINK | Source = Application Error | ID = 1000
Description = Faulting application name: winamp.exe, version: 5.6.2.3173, time stamp:
0x4e1b6f92 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000001 Faulting process id: 0xdf8 Faulting application
start time: 0x01cc8222c9b90479 Faulting application path: C:\Program Files (x86)\Winamp\winamp.exe
Faulting
module path: unknown Report Id: 73a97dc6-ee16-11e0-885d-005056c00008

Error - 10/4/2011 3:31:36 PM | Computer Name = Miri-THINK | Source = Application Error | ID = 1000
Description = Faulting application name: winamp.exe, version: 5.6.2.3173, time stamp:
0x4e1b6f92 Faulting module name: ieframe.dll, version: 8.0.7601.17601, time stamp:
0x4db1d0c1 Exception code: 0xc0000005 Fault offset: 0x00033752 Faulting process id:
0x1708 Faulting application start time: 0x01cc82c8710ffa84 Faulting application path:
C:\Program Files (x86)\Winamp\winamp.exe Faulting module path: C:\Windows\SysWOW64\ieframe.dll
Report
Id: 7928c511-eebf-11e0-bcb2-005056c00008

Error - 10/5/2011 1:06:23 PM | Computer Name = Miri-THINK | Source = Application Hang | ID = 1002
Description = The program vmware.exe version 7.1.4.16648 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 4b0 Start
Time: 01cc8380da96d845 Termination Time: 14 Application Path: C:\Program Files (x86)\VMware\VMware
Workstation\vmware.exe Report Id: 55966f9e-ef74-11e0-bcb2-005056c00008

Error - 10/10/2011 9:24:07 AM | Computer Name = Miri-THINK | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 6.0.2.4262 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 12b8 Start
Time: 01cc874f982037cc Termination Time: 16 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 00dec020-f343-11e0-a378-005056c00008

Error - 10/13/2011 9:32:15 AM | Computer Name = Miri-THINK | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3508.1109, time
stamp: 0x4cda7240 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7ba58 Exception code: 0xc0000374 Fault offset: 0x000ce653 Faulting process
id: 0xfc4 Faulting application start time: 0x01cc89aae5f54b40 Faulting application
path: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: c361c7c1-f59f-11e0-aea4-005056c00008

Error - 10/19/2011 10:34:13 AM | Computer Name = Miri-THINK | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 7.0.1.4288 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c24 Start
Time: 01cc8e6bfbbb90d4 Termination Time: 15 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 5900c6a9-fa5f-11e0-8cf4-005056c00008

Error - 10/19/2011 10:36:02 AM | Computer Name = Miri-THINK | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 7.0.1.4288 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b74 Start
Time: 01cc8e6c2eb8d789 Termination Time: 62 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: a1d581e5-fa5f-11e0-8cf4-005056c00008

Error - 10/19/2011 2:50:37 PM | Computer Name = Miri-THINK | Source = Application Error | ID = 1000
Description = Faulting application name: vmware.exe, version: 7.1.4.16648, time
stamp: 0x4d8d8674 Faulting module name: MSVCR80.dll, version: 8.0.50727.4940, time
stamp: 0x4ca2b271 Exception code: 0xc000000d Fault offset: 0x00008aa0 Faulting process
id: 0xc44 Faulting application start time: 0x01cc8e6bfb09099f Faulting application
path: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe Faulting module
path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
Report
Id: 3b2e28ca-fa83-11e0-8cf4-005056c00008

Error - 10/20/2011 7:36:49 PM | Computer Name = Miri-THINK | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3508.1109, time
stamp: 0x4cda7240 Faulting module name: UXCore.dll, version: 15.4.3508.1109, time
stamp: 0x4cda6252 Exception code: 0xc0000005 Fault offset: 0x00072378 Faulting process
id: 0x540 Faulting application start time: 0x01cc8f7672b997df Faulting application
path: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe Faulting module
path: C:\Program Files (x86)\Windows Live\Shared\UXCore.dll Report Id: 61181b37-fb74-11e0-b57b-005056c00008

Error - 10/21/2011 12:43:27 PM | Computer Name = Miri-THINK | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Windows Live Messenger' could not be shut
down.

[ System Events ]
Error - 11/26/2011 3:23:19 AM | Computer Name = Miri-THINK | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Windows7_OS.

Error - 11/26/2011 3:23:19 AM | Computer Name = Miri-THINK | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Windows7_OS.

Error - 11/26/2011 3:23:19 AM | Computer Name = Miri-THINK | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Windows7_OS.

Error - 11/26/2011 3:23:19 AM | Computer Name = Miri-THINK | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Windows7_OS.

Error - 11/26/2011 1:07:57 PM | Computer Name = Miri-THINK | Source = Service Control Manager | ID = 7000
Description = The regi service failed to start due to the following error: %%2

Error - 11/26/2011 1:23:27 PM | Computer Name = Miri-THINK | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/26/2011 1:23:32 PM | Computer Name = Miri-THINK | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/26/2011 1:23:37 PM | Computer Name = Miri-THINK | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/26/2011 1:24:18 PM | Computer Name = Miri-THINK | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/26/2011 1:24:23 PM | Computer Name = Miri-THINK | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.


< End of report >

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win7 Security

Post by fairydraik on Sat Dec 10, 2011 4:08 am

Here's the aswMBR! Just the SecurityCheck left now~

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-09 23:00:03
-----------------------------
23:00:03.793 OS Version: Windows x64 6.1.7601 Service Pack 1
23:00:03.793 Number of processors: 2 586 0x170A
23:00:03.794 ComputerName: MIRI-THINK UserName: Miri
23:00:05.776 Initialize success
23:00:06.286 AVAST engine defs: 11120902
23:00:08.756 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:00:08.760 Disk 0 Vendor: WDC_WD25 02.0 Size: 238475MB BusType: 3
23:00:08.775 Disk 0 MBR read successfully
23:00:08.779 Disk 0 MBR scan
23:00:08.785 Disk 0 unknown MBR code
23:00:08.791 Service scanning
23:00:10.430 Modules scanning
23:00:10.437 Disk 0 trace - called modules:
23:00:10.485 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
23:00:10.491 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004869060]
23:00:10.498 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa800468f530]
23:00:10.505 5 ACPI.sys[fffff88000f087a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004695050]
23:00:11.622 AVAST engine scan C:\Windows
23:00:14.388 AVAST engine scan C:\Windows\system32
23:01:46.533 AVAST engine scan C:\Windows\system32\drivers
23:01:55.301 AVAST engine scan C:\Users\Miri
23:04:41.874 AVAST engine scan C:\ProgramData
23:06:02.746 Scan finished successfully
23:07:23.525 Disk 0 MBR has been saved successfully to "C:\Users\Miri\Desktop\MBR.dat"
23:07:23.531 The log file has been saved successfully to "C:\Users\Miri\Desktop\aswMBR.txt"

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win7 Security

Post by fairydraik on Sat Dec 10, 2011 4:10 am

Aaaand that's done! I'll scan with MBAM now to see if it can get rid of anything for me. *nod*

Results of screen317's Security Check version 0.99.28
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
avast! Free Antivirus
ZoneAlarm Free
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Java version out of date!
Adobe Reader X (10.1.0) Adobe Reader out of Date!
Mozilla Firefox (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
``````````End of Log````````````

Actually, that's not quite accurate. I uninstalled Zonealarm; when I went to put it back on, something went funky and it wouldn't reinstall properly. It's been attempting to complete the download on startup ever since, but since I really don't want it anymore (not with the hassle I've gone through with it) I stopped it from auto-running and I've been keeping it from completing by telling the auto-run not to run every time it tries. *sigh*

Edit: Here's the MBAM report. Gonna restart now so that the deletion can go through.

Malwarebytes' Anti-Malware 1.51.2.1300
[You must be registered and logged in to see this link.]

Database version: 8345

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12/9/2011 11:32:39 PM
mbam-log-2011-12-09 (23-32-39).txt

Scan type: Quick scan
Objects scanned: 167215
Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (PUM.HijackExefiles) -> Bad: (ah) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Miri\AppData\Local\jts.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Miri\AppData\Local\jts.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Miri\AppData\Local\jts.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win7 Security

Post by fairydraik on Sat Dec 10, 2011 5:00 am

I thought it was solved for a while... but it's back. And back to its old tricks. I'm actually only posting this because I can't delete the previous post, which said it was gone. It did do something interesting, where it closed my Firefox and opened a fake version which had all my tabs but redirected to its fake warning page.

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win7 Security

Post by Belahzur on Mon Dec 12, 2011 12:23 am

Hello.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win7 Security

Post by fairydraik on Mon Dec 12, 2011 1:45 am

THank goodness! I was beginning to get really worried.

Here's the Combofix log:

ComboFix 11-12-11.02 - Miri 12/11/2011 19:57:43.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3933.2718 [GMT -5:00]
Running from: c:\users\Miri\Desktop\commy.exe
Command switches used :: /stepdel
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\_desktop.ini
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\BIN\_desktop.ini
c:\users\Miri\AppData\Local\igs.exe
c:\users\Miri\Documents\~WRL0005.tmp
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
c:\windows\system32\slwga.dll
c:\windows\system32\srrstr.dll
c:\windows\system32\systemcpl.dll
c:\windows\system32\termsrv.dll
c:\windows\system32\Thumbs.db
Q:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-10 04:37 . 2011-12-10 04:37 -------- d-----w- C:\B
2011-12-08 04:25 . 2009-03-09 20:27 5425496 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-12-08 04:23 . 2011-12-08 04:23 -------- d-----w- c:\users\Public\Games
2011-12-07 16:56 . 2011-12-07 16:56 -------- d-----w- c:\users\Miri\AppData\Roaming\Apple Computer
2011-12-07 16:56 . 2011-12-07 16:56 -------- d-----w- c:\users\Miri\AppData\Local\Apple Computer
2011-12-07 16:55 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-07 16:55 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-12-07 16:55 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-12-07 16:55 . 2011-12-07 16:55 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-07 16:54 . 2011-12-07 16:54 -------- d-----w- c:\program files\iPod
2011-12-07 16:54 . 2011-12-07 16:55 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-07 16:54 . 2011-12-07 16:55 -------- d-----w- c:\program files\iTunes
2011-12-07 16:54 . 2011-12-07 16:55 -------- d-----w- c:\program files (x86)\iTunes
2011-12-07 16:54 . 2011-12-07 16:54 -------- d-----w- c:\programdata\Apple Computer
2011-12-07 16:54 . 2011-12-07 16:54 -------- d-----w- c:\users\Miri\AppData\Local\Apple
2011-12-07 16:53 . 2011-12-07 16:53 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-12-07 16:53 . 2011-12-07 16:53 -------- d-----w- c:\program files\Common Files\Apple
2011-12-07 16:53 . 2011-12-07 16:53 -------- d-----w- c:\program files\Bonjour
2011-12-07 16:53 . 2011-12-07 16:53 -------- d-----w- c:\program files (x86)\Bonjour
2011-12-07 16:53 . 2011-12-07 16:54 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-12-07 16:53 . 2011-12-07 16:53 -------- d-----w- c:\programdata\Apple
2011-12-05 14:33 . 1999-12-16 05:01 49152 ----a-w- c:\windows\SysWow64\TSCCVID.DLL
2011-12-05 14:33 . 1999-11-12 21:25 215216 ----a-w- c:\windows\SysWow64\msadds32.ax
2011-12-05 14:33 . 2011-12-05 14:33 -------- d-----w- c:\program files\WMV9_VCM
2011-12-05 14:05 . 2011-12-05 14:33 -------- d-----w- c:\program files (x86)\TESTOUT
2011-11-28 15:35 . 2011-11-28 15:35 -------- d-----w- c:\program files (x86)\CheckPoint
2011-11-26 17:04 . 2011-11-26 17:04 -------- d-----w- C:\found.000
2011-11-25 15:46 . 2011-12-12 01:16 -------- d-----w- c:\program files (x86)\Giraffic
2011-11-25 15:46 . 2011-11-25 15:46 -------- d-----w- c:\programdata\Giraffic
2011-11-25 15:46 . 2011-11-25 15:46 -------- d-----w- c:\program files (x86)\Veoh Networks
2011-11-23 17:24 . 2011-11-23 17:26 -------- d-----w- c:\program files\Windows XP Mode
2011-11-23 12:17 . 2011-11-23 12:17 -------- d-----w- C:\A
2011-11-16 13:44 . 2011-11-16 13:44 -------- d-----w- C:\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2011-11-14 22:23 . 2011-11-14 22:23 -------- d-----w- c:\users\Miri\AppData\Roaming\Amazon
2011-11-14 22:23 . 2011-11-14 22:23 -------- d-----w- c:\program files (x86)\Amazon
2011-11-13 17:29 . 2011-11-13 17:29 -------- d-----w- c:\users\Miri\AppData\Roaming\Sony
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 15:42 . 2011-07-28 06:10 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-07-28 05:27 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-07-28 05:27 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-07-28 05:27 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-07-28 05:27 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-07-28 05:28 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-07-28 05:28 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-07-28 05:27 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-07-28 05:27 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-07-28 05:28 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-21 16:45 . 2011-10-21 16:45 18328 ------w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
.
c:\windows\system32\termsrv.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-17 5495680]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-10-26 2816328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-03-26 129648]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-09-20 801792]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-21 140672]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R4 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-24 75112]
R4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-05 313840]
R4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-05 362992]
R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-05 309744]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
R4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-05 166384]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2011-09-19 2221200]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-07-15 199272]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-11-12 01:34]
.
2011-12-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-11-12 01:34]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"combofix"="c:\commy\CF28725.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Miri\AppData\Roaming\Mozilla\Firefox\Profiles\vop3w1vf.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Completion time: 2011-12-11 20:39:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-12 01:39
.
Pre-Run: 49,266,143,232 bytes free
Post-Run: 48,600,924,160 bytes free
.
- - End Of File - - 8592D667DD6B54D3FFE0B4654DF23108

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win7 Security

Post by fairydraik on Tue Dec 13, 2011 4:02 pm

Hey there.

The people at my school helped me clean the virus manually; I found a guide online with the latest locations and such that this particular virus hides in. It appears to be 100% gone and hasn't come back after several hours - but I would like you to help me make sure it's completely, 100% gone. MBAM and Avast! haven't found anything; are there other scans you would like me to try?

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win7 Security

Post by Belahzur on Wed Dec 14, 2011 10:19 pm

Hello.
I just want to repair 1 thing that Combofix caused.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    DeQuarantine::
    c:\qoobox\quarantine\c\windows\system32\jucheck.exe.vir
    c:\qoobox\quarantine\c\windows\system32\jusched.exe.vir
    c:\qoobox\quarantine\c\windows\system32\slwga.dll.vir
    c:\qoobox\quarantine\c\windows\system32\srrstr.dll.vir
    c:\qoobox\quarantine\c\windows\system32\systemcpl.dll.vir
    c:\qoobox\quarantine\c\windows\system32\termsrv.dll.vir
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\DeQuarantine.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win7 Security

Post by fairydraik on Mon Dec 19, 2011 3:21 am

I updated Java anyway, so should I still do that? Sorry it took me so long to get back to you.

fairydraik
Intermediate
Intermediate

Posts Posts : 194
Joined Joined : 2009-10-31
Gender Gender : Female
OS OS : Windows XP
Protection Protection : Avira Antivir
Points Points : 27766
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win7 Security

Post by Belahzur on Tue Dec 20, 2011 11:27 pm

Yes please, it deleted a system file.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum