Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RootRepeal and OTL Logs..


  • Please log in to reply

#1
indis

indis

    New Member

  • Member
  • Pip
  • 9 posts
Hi geeks to go
As my computer has automatically booted into safe mode, I'm afraid to have some kind of infections. So I've followed your Malware and Spyware Cleaning Guide and here are my RootRepeal and OTL Logs. Can you please tell me if everything is alright, I would be grateful..
Thanks a lot!

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/21 23:03
Program Version: Version 1.3.2.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8B23B000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8B230000 Size: 45056 File Visible: No Signed: -
Status: -

Name: NDProxy
Image Path: \Driver\NDProxy
Address: 0x8CC0F000 Size: 69632 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAABD1000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1204 Status: Locked to the Windows API!

SSDT
-------------------
#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b19be60

#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b19ada0

#: 022 Function Name: NtAlpcCreatePort
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b19a460

#: 042 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b19c5c0

#: 054 Function Name: NtConnectPort
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b19a610

#: 060 Function Name: NtCreateFile
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1a90d0

#: 064 Function Name: NtCreateKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1a7430

#: 071 Function Name: NtCreatePort
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b19a2c0

#: 072 Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b197580

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b197960

#: 075 Function Name: NtCreateSection
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b197060

#: 078 Function Name: NtCreateThread
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b198a40

#: 116 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1995a0

#: 122 Function Name: NtDeleteFile
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1a9b50

#: 123 Function Name: NtDeleteKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1a79e0

#: 126 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1a8330

#: 129 Function Name: NtDuplicateObject
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b199fe0

#: 133 Function Name: NtEnumerateKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1a9070

#: 136 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1a90a0

#: 165 Function Name: NtLoadDriver
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b19b5d0

#: 166 Function Name: NtLoadKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1a8780

#: 186 Function Name: NtOpenFile
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1a9760

#: 189 Function Name: NtOpenKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1a7c20

#: 194 Function Name: NtOpenProcess
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b198450

#: 197 Function Name: NtOpenSection
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b197300

#: 201 Function Name: NtOpenThread
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b198f00

#: 210 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b19c250

#: 218 Function Name: NtQueryDirectoryFile
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b19ba10

#: 234 Function Name: NtQueryKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1a9010

#: 252 Function Name: NtQueryValueKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1a9040

#: 255 Function Name: NtQueueApcThread
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b19c740

#: 268 Function Name: NtReplaceKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1a8b20

#: 276 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b19b180

#: 280 Function Name: NtRestoreKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1a8d80

#: 282 Function Name: NtResumeThread
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b199c90

#: 283 Function Name: NtSaveKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1a8ff0

#: 286 Function Name: NtSecureConnectPort
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b19a9d0

#: 289 Function Name: NtSetContextThread
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1993c0

#: 301 Function Name: NtSetInformationFile
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1a9e10

#: 317 Function Name: NtSetSystemInformation
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b199720

#: 324 Function Name: NtSetValueKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1a7c40

#: 326 Function Name: NtShutdownSystem
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b19b4d0

#: 330 Function Name: NtSuspendProcess
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b199e40

#: 331 Function Name: NtSuspendThread
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b199ac0

#: 332 Function Name: NtSystemDebugControl
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b199900

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b198800

#: 335 Function Name: NtTerminateThread
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b1991a0

#: 342 Function Name: NtUnloadDriver
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b19b7f0

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b19c400

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b198c80

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8b197e60

==EOF==

OTL logfile created on: 21/07/2009 23:11:35 - Run 1
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Users\Sonycarine\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1014,63 Mb Total Physical Memory | 180,37 Mb Available Physical Memory | 17,78% Memory free
2,24 Gb Paging File | 1,02 Gb Available in Paging File | 45,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 3,79 Gb Free Space | 5,09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 73,06 Gb Total Space | 16,97 Gb Free Space | 23,23% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-CITO
Current User Name: Sonycarine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/07/11 05:58:18 | 00,362,184 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe
PRC - [2009/07/11 05:58:14 | 03,142,344 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2007/02/05 18:13:14 | 00,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2009/02/05 23:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 23:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/07/13 11:50:54 | 00,719,392 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2006/10/05 13:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/11/14 20:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/03/12 11:22:00 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
PRC - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007/04/27 20:15:46 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2006/05/25 19:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/08/23 16:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2009/02/05 23:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 23:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/10/29 08:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/04/24 16:00:10 | 00,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007/03/22 17:09:28 | 02,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007/04/13 16:19:00 | 00,861,744 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/03/12 11:22:00 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2009/02/05 23:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/01/19 09:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/07/11 05:58:02 | 02,121,416 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2009/07/19 21:40:49 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/01/19 09:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/01/19 09:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2007/05/16 10:32:10 | 00,435,768 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2009/03/03 04:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/06/26 15:56:32 | 25,604,904 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/02/03 15:22:18 | 01,004,544 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
PRC - [2008/06/12 23:17:01 | 00,042,168 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2007/08/31 12:49:50 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2009/07/11 05:58:10 | 01,033,416 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
PRC - [2008/01/19 09:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/01/19 09:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/06/26 15:56:32 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2008/01/19 09:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/07/16 00:01:53 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/10/29 08:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/21 23:10:13 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Sonycarine\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/07/13 11:50:54 | 00,719,392 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Running])
SRV - [2006/10/05 13:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2008/01/19 09:33:43 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc [Auto | Running])
SRV - [2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/02/03 15:00:30 | 00,398,848 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped])
SRV - [2007/02/05 18:13:14 | 00,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService [Auto | Running])
SRV - [2009/02/05 23:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2007/08/31 12:49:50 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2009/02/05 23:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 23:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 23:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2006/11/14 20:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - [2008/07/27 20:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/19 09:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 14:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 14:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/19 09:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/20 03:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/06/02 22:11:39 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/06/20 03:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2007/08/23 14:35:24 | 03,192,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/03/12 11:22:00 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service [Auto | Running])
SRV - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/06/20 03:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/07/11 05:58:18 | 00,362,184 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/08/31 12:49:50 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Planificateur LiveUpdate automatique [Auto | Stopped])
SRV - [2009/07/11 05:58:14 | 03,142,344 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor [Auto | Running])
SRV - [2007/04/27 20:15:46 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv [Auto | Running])
SRV - [2006/05/25 19:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv [Auto | Running])
SRV - [2006/08/23 16:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2008/01/19 09:34:32 | 00,371,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC [Auto | Running])
SRV - [2008/01/19 09:34:32 | 00,371,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS [On_Demand | Running])
SRV - [2008/01/19 09:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 09:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = es.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.m...en-US:official"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 23:58:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/07/19 20:28:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/19 19:47:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/21 15:39:16 | 00,000,000 | ---D | M]

[2009/07/19 19:47:27 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\mozilla\Extensions
[2009/07/19 19:47:27 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/21 21:50:08 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\mozilla\Firefox\Profiles\tmw5xcul.default\extensions
[2009/07/19 19:50:55 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\mozilla\Firefox\Profiles\tmw5xcul.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/21 21:50:01 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\mozilla\Firefox\Profiles\tmw5xcul.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/07/21 17:26:54 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\mozilla\Firefox\Profiles\tmw5xcul.default\extensions\[email protected]
[2007/10/18 01:52:33 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\mozilla\Firefox\Profiles\xbxqeyw8.default\extensions
[2007/10/07 10:53:05 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\mozilla\Firefox\Profiles\xbxqeyw8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/19 21:41:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/19 19:47:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/19 21:41:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/16 00:01:54 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/16 00:01:55 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/01/23 08:20:30 | 00,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009/07/19 21:40:50 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/16 00:01:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/09/10 21:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/07 12:09:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/07 12:09:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/07 12:09:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/07 12:09:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/07 12:09:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/07 12:09:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/07 12:09:51 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/09/10 21:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/07/15 20:45:15 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/15 20:45:15 | 00,003,996 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
[2009/07/15 20:45:15 | 00,000,751 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
[2009/07/15 20:45:15 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/15 20:45:15 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
[2009/07/15 20:45:15 | 00,000,798 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: (618067 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 16367 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programmes\McAfee\SiteAdvisor\McIEPlg.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programmes\McAfee\SiteAdvisor\McIEPlg.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Programmes\Alwil Software\Avast4\ashDisp.exe File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] File not found
O4 - Startup: C:\Users\Sonycarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmes\Microsoft Office\Office12\REFIEBAR.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...S/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://copainsdavant...geUploader5.cab (Image Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai...all/xscan53.cab (HouseCall Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programmes\McAfee\SiteAdvisor\McIEPlg.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmes\Common Files\Skype\Skype4COM.dll File not found
O18 - Protocol\Filter: - text/xml - C:\Programmes\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL File not found
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Programmes\Tall Emu\Online Armor\oaevent.dll File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{026f2066-cd75-11dc-9bb7-001a92fb77df}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{2af7bb4f-146b-11de-a62f-001a92fb77df}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-5-21-1254416572-1263425100-317347820-0350\system.exe -- File not found
O33 - MountPoints2\{2af7bb4f-146b-11de-a62f-001a92fb77df}\Shell\open\command - "" = H:\RECYCLER\S-1-5-21-1254416572-1263425100-317347820-0350\system.exe -- File not found
O33 - MountPoints2\{5a544b8c-8145-11dc-a692-001a92fb77df}\Shell - "" = AutoRun
O33 - MountPoints2\{5a544b8c-8145-11dc-a692-001a92fb77df}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2 C:\Users\Sonycarine\Docs\*.tmp files]
[2009/07/21 14:28:51 | 00,200,132 | ---- | C] () -- C:\Users\Sonycarine\Docs\Billetes renfe aller.pdf
[2009/07/21 13:44:50 | 00,186,052 | ---- | C] () -- C:\Users\Sonycarine\Docs\Billet renfe.pdf
[2009/07/20 20:33:53 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/07/20 15:11:49 | 00,000,000 | ---D | C] -- C:\Users\Sonycarine\AppData\Roaming\Malwarebytes
[2009/07/20 15:11:11 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/20 15:11:06 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/20 15:11:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/20 15:11:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/20 12:33:55 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/20 12:33:06 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/20 10:58:39 | 00,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/19 22:37:42 | 00,000,000 | ---D | C] -- C:\Program Files\Ares
[2009/07/19 21:56:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/07/19 21:56:20 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/07/19 21:46:45 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/07/19 21:46:36 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/19 21:46:36 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/07/19 21:33:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/07/19 21:22:54 | 00,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2009/07/19 20:16:38 | 00,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2009/07/19 20:16:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/07/19 20:15:53 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/07/19 20:15:53 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/07/19 19:30:12 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/07/19 14:16:30 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/07/18 23:14:15 | 00,000,000 | ---D | C] -- C:\Users\Sonycarine\AppData\Roaming\OnlineArmor
[2009/07/18 23:14:15 | 00,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor
[2009/07/18 23:11:26 | 00,200,784 | ---- | C] (Tall Emu) -- C:\Windows\System32\drivers\OADriver.sys
[2009/07/18 23:11:26 | 00,030,800 | ---- | C] (Tall Emu Pty Ltd) -- C:\Windows\System32\drivers\OAnet.sys
[2009/07/18 23:11:26 | 00,024,656 | ---- | C] (Tall Emu) -- C:\Windows\System32\drivers\OAmon.sys
[2009/07/18 23:11:22 | 00,000,000 | ---D | C] -- C:\Program Files\Tall Emu
[2009/07/18 23:09:51 | 00,000,000 | ---D | C] -- C:\Users\Sonycarine\Docs\a-squared Free
[2009/07/18 15:53:48 | 00,001,044 | ---- | C] () -- C:\Users\Public\Desktop\SpyHunter.lnk
[2009/07/18 15:53:21 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/07/18 11:15:52 | 00,000,418 | ---- | C] () -- C:\Windows\tasks\Norton Security Scan for Sonycarine.job
[2009/07/18 10:46:53 | 00,000,000 | -HSD | C] -- C:\found.000
[2009/07/14 19:58:15 | 00,857,320 | ---- | C] () -- C:\Users\Sonycarine\Docs\Certificado de Francés.pdf
[2009/07/14 19:51:02 | 01,034,271 | ---- | C] () -- C:\Users\Sonycarine\Docs\Certificados de Inglés fusiones.pdf
[2009/07/14 19:51:02 | 00,336,317 | ---- | C] () -- C:\Users\Sonycarine\Docs\Certificados de Inglés.pdf
[2009/07/14 19:45:20 | 00,341,040 | ---- | C] () -- C:\Users\Sonycarine\Docs\Certificados de Inglés 2.pdf

========== Files - Modified Within 14 Days ==========

[1 C:\Windows\System32\drivers\*.tmp files]
[2 C:\Users\Sonycarine\Docs\*.tmp files]
[2009/07/21 22:18:25 | 00,705,694 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/07/21 22:18:25 | 00,618,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/21 22:18:25 | 00,134,170 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/07/21 22:18:24 | 01,558,254 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/21 22:18:24 | 00,109,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/21 22:11:42 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/21 22:11:32 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/21 22:11:31 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/21 22:11:23 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/21 22:08:38 | 03,600,492 | -H-- | M] () -- C:\Users\Sonycarine\AppData\Local\IconCache.db
[2009/07/21 20:56:02 | 00,100,899 | ---- | M] () -- C:\Users\Sonycarine\Docs\texto thesis 15.docx
[2009/07/21 20:48:17 | 00,219,136 | ---- | M] () -- C:\Users\Sonycarine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/21 20:02:37 | 00,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CC0696BB-857A-4735-88BB-8C2608C02E43}.job
[2009/07/21 16:36:48 | 00,000,302 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job
[2009/07/21 14:28:51 | 00,200,132 | ---- | M] () -- C:\Users\Sonycarine\Docs\Billetes renfe aller.pdf
[2009/07/21 13:44:50 | 00,186,052 | ---- | M] () -- C:\Users\Sonycarine\Docs\Billet renfe.pdf
[2009/07/20 11:42:35 | 00,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/07/19 18:45:51 | 00,119,932 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.idx
[2009/07/19 18:45:45 | 00,618,067 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/07/19 18:01:15 | 00,000,418 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Sonycarine.job
[2009/07/18 15:53:48 | 00,001,044 | ---- | M] () -- C:\Users\Public\Desktop\SpyHunter.lnk
[2009/07/16 09:34:51 | 00,442,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 19:58:18 | 00,857,320 | ---- | M] () -- C:\Users\Sonycarine\Docs\Certificado de Francés.pdf
[2009/07/14 19:51:18 | 01,034,271 | ---- | M] () -- C:\Users\Sonycarine\Docs\Certificados de Inglés fusiones.pdf
[2009/07/14 19:45:22 | 00,341,040 | ---- | M] () -- C:\Users\Sonycarine\Docs\Certificados de Inglés 2.pdf
[2009/07/14 19:44:30 | 00,336,317 | ---- | M] () -- C:\Users\Sonycarine\Docs\Certificados de Inglés.pdf
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/11 05:17:14 | 00,024,656 | ---- | M] (Tall Emu) -- C:\Windows\System32\drivers\OAmon.sys
[2009/07/11 05:17:06 | 00,030,800 | ---- | M] (Tall Emu Pty Ltd) -- C:\Windows\System32\drivers\OAnet.sys
[2009/07/11 05:17:00 | 00,200,784 | ---- | M] (Tall Emu) -- C:\Windows\System32\drivers\OADriver.sys

========== LOP Check ==========

[2009/07/20 15:11:49 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming
[2008/03/17 22:37:28 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\.ABC
[2007/11/11 00:20:31 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\ACD Systems
[2009/05/21 19:53:45 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\dvdcss
[2008/06/09 10:06:19 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\EndNote
[2006/11/02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\Media Center Programs
[2008/01/04 21:34:32 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\Move Networks
[2009/07/18 23:14:21 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\OnlineArmor
[2009/06/06 14:14:26 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\OpenOffice.org2
[2007/09/29 14:15:10 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\PeerNetworking
[2007/09/23 10:50:31 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\Toshiba
[2008/06/05 18:57:46 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\U3
[2008/11/15 23:35:42 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\Uniblue
[2007/10/24 20:27:43 | 00,000,000 | ---D | M] -- C:\Users\Sonycarine\AppData\Roaming\WordWeb
[2009/07/21 16:36:48 | 00,000,302 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume C Task.job
[2009/07/19 18:01:15 | 00,000,418 | ---- | M] () -- C:\Windows\Tasks\Norton Security Scan for Sonycarine.job
[2009/07/21 22:11:42 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/21 22:09:46 | 00,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/21 20:02:37 | 00,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CC0696BB-857A-4735-88BB-8C2608C02E43}.job

========== Purity Check ==========


< End of report >

OTL Extras logfile created on: 21/07/2009 23:11:35 - Run 1
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Users\Sonycarine\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1014,63 Mb Total Physical Memory | 180,37 Mb Available Physical Memory | 17,78% Memory free
2,24 Gb Paging File | 1,02 Gb Available in Paging File | 45,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 3,79 Gb Free Space | 5,09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 73,06 Gb Total Space | 16,97 Gb Free Space | 23,23% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-CITO
Current User Name: Sonycarine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- "%1" %*"
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0357306F-2E4E-44B7-98DF-76BE740B8A3B}" = lport=139 | protocol=6 | dir=in | app=system |
"{09E13CD3-4F26-4CEF-BC46-5A77FA4B2B8C}" = lport=18067 | protocol=17 | dir=in | name=bitcomet 18067 udp |
"{0BE35796-FED0-4350-8673-4F89507CF9FE}" = lport=137 | protocol=17 | dir=in | app=system |
"{24C0DDB8-7F8B-4E01-BECC-D8FBDF8D7EEF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2D944F97-32CC-4E09-9A90-B891A1B41DE4}" = lport=18067 | protocol=6 | dir=in | name=bitcomet 18067 tcp |
"{3F661F8A-CBB6-41E3-87D7-2EC13CFD9C7A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51D38A78-0AEF-4942-915A-B0E1AE1FEB64}" = rport=137 | protocol=17 | dir=out | app=system |
"{5AF8F686-B35C-4E2C-A647-B669DC759568}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5E57022B-4BC7-47D9-8006-593ED28091DF}" = lport=445 | protocol=6 | dir=in | app=system |
"{696690FE-42F7-448C-887D-12A12DF08A57}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B69E502-C8A0-4F4B-B51E-E1B482865F73}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{853742DC-AED0-4F31-BC7D-4F7DD159321A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88B02916-77AE-44D8-8BD8-949D1166916A}" = rport=445 | protocol=6 | dir=out | app=system |
"{AA94FD27-6261-42F5-BEE9-8C1F1ACFA9FF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B086F421-1502-4127-8B98-7239A42D546C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E5BBB533-D4E3-4EE1-9DAD-51E262C935A9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EDB26831-55E6-4F97-9928-B92E15DEAFB9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F02E4A40-287A-4705-AE62-9078817CCC76}" = rport=139 | protocol=6 | dir=out | app=system |
"{F0E5673B-4B67-4A52-9A11-D3AE1AD17DB6}" = lport=138 | protocol=17 | dir=in | app=system |
"{F6B2086C-3061-4DE1-9AB3-714297B74A14}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F6B78D81-A79B-4263-83D9-A00DB00C71B6}" = rport=138 | protocol=17 | dir=out | app=system |
"{FCF1A127-F0CE-46FD-8475-02862EF44A47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0020510B-7A0C-4F58-8FDF-6B35AB1A449A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{054951A1-834C-4BD7-8EF1-CFD39B3FB80D}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{0A56313B-E4E0-4CCC-8719-8B3F6DCDAC7B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{137BB264-34AA-4246-AFED-165BE2805C4A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{18E373FF-BD04-427C-B930-955A8C8323E1}" = protocol=58 | dir=in | [email protected],-28545 |
"{21708C0D-DF49-4AB7-B941-CEB782A608B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{232942A2-AE66-48DD-96A3-7E4032AB6261}" = protocol=58 | dir=out | [email protected],-28546 |
"{2D29A629-B650-49B6-BF14-619BE5A9D38F}" = protocol=1 | dir=out | [email protected],-28544 |
"{2FC5FA34-7844-419F-93D7-9FF4F37F8F01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3827686F-1A0B-4B25-9A7F-023B9EBDF3AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{476A4B35-67C4-4457-B6E8-802F70C83F6F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5635AE6E-D91C-4915-A1A3-F487C0DD175D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B119D04-EBBE-45CE-A28C-98FE258F3619}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{86BF5173-56DA-43CD-AAAC-6FAF31130BFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{87D0E042-FA0A-4D90-930F-ECB0F6602146}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8F65D53F-2FF9-462D-BAE0-53BCEC4FA941}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A80E2BA8-C987-42BE-9960-D99193DF2B0E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A9635474-A371-4372-A011-5466B0B1D9E3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9737C16-C78C-45EA-ACFF-CDBEE8A39AAA}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{B459CC2F-16DF-4EB1-9EB3-584B87F5EDFC}" = protocol=1 | dir=in | [email protected],-28543 |
"{C04C2497-F791-4DA9-9263-09DFA8AD993F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D115A0CA-B6B8-4AAB-A1DB-9E773C6A07ED}" = protocol=6 | dir=out | app=system |
"{DA90E4AB-0AB8-4614-B893-B753D8B8A788}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF2261D9-06E9-4C2E-8ED4-CA9111ED1BCE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0694488C-203C-43AA-85BD-F64789E2C5F0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{310F437A-5794-4008-BEC1-4FD6987E7E8A}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{6343B01F-A458-4148-9480-5D3109754501}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6DD4209A-0B23-4D8B-BAC6-EC2E80664A62}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{F9822D5F-6ED2-4667-8BF8-F1356BEA00F8}C:\program files\bitcomet\bitcomet_win9x.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet_win9x.exe |
"TCP Query User{FE2EDE59-4185-4171-8874-80EBCA24C69C}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{112A87F8-CBE5-42C5-B208-D90BDEED161F}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{1D620DCF-E3BD-4762-9A9F-63E44154D3DD}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{2811E5A0-625F-4A8E-8011-3015AAD67950}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5EC92C6D-D742-4A6A-8902-72680C0FF92B}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{BEA216AC-8148-4471-82B9-35E41A7D3067}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D6FD22E6-E5AD-495B-A1D1-CA755559EB7B}C:\program files\bitcomet\bitcomet_win9x.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet_win9x.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{338F20ED-5B8E-486D-8B27-0E6E96E3BE42}" = ACDSee for PENTAX 3.0
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{4944DAC1-2923-4D8E-908A-D08E2998ADBE}" = Trust Webcam Live
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5B1DD5AA-FF34-4D6E-A912-CB46BB7378DC}" = Manuels TOSHIBA
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{64D114CE-4234-45C2-B60A-2B07D5A48F72}" = Microsoft Works 7.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{993A352A-2957-4661-A1EF-2D8F6F3C9234}" = Belkin Wireless G Plus MIMO USB Network Adapter
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit du lecteur de CD/DVD
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C21C30F2-521C-4F86-882E-60CDCE615FBD}" = Intel® IPP Run-Time Installer 5.3 Update 2 for Windows* on IA-32
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Codeur Windows Media Série 9
"{E38D381A-ABCF-4D97-9D9C-B3A8529DCA15}" = OS Pack Works Suite
"{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C}" = Norton Security Scan
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F6B1CD0F-DB2D-4666-A168-C46390AD8C4A}" = Complément Microsoft Word pour Microsoft Works Suite
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ares" = Ares 2.1.1
"a-squared Free_is1" = a-squared Free 4.5
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Defraggler" = Defraggler (remove only)
"ERUNT_is1" = ERUNT 1.1j
"FileHippo.com" = FileHippo.com Update Checker
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{4944DAC1-2923-4D8E-908A-D08E2998ADBE}" = Trust Webcam Live
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{993A352A-2957-4661-A1EF-2D8F6F3C9234}" = Belkin Wireless G Plus MIMO USB Network Adapter
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.8.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"myphotobook" = myphotobook 3.1
"NSSSetup.{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C}" = Norton Security Scan (Symantec Corporation)
"OnlineArmor_is1" = Online Armor 3.5
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.0.6 for Windows
"Shockwave" = Shockwave
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 1.0.0-rc2
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Codeur Windows Media Série 9
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"WordWeb" = WordWeb
"Works2003Setup" = Sélecteur d'installation de Microsoft Works Suite 2003rdWeb
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"TimeAdjuster" = Time Adjuster STANDARD 3.1

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 30/05/2009 18:04:45 | Computer Name = PC-de-CITO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Sonycarine\AppData\Roaming\Microsoft\Office\Reciente\texto thesis.docx.LNK
failed, 00000026.

Error - 10/07/2009 09:33:00 | Computer Name = PC-de-CITO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\Downloads\Software\Defraggler\df.exe failed, 0000A413.

Error - 10/07/2009 09:33:49 | Computer Name = PC-de-CITO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://80.157.151.78...8SrJsOSq3e/1763 failed, 0000A413.

Error - 10/07/2009 10:30:19 | Computer Name = PC-de-CITO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx failed, 0000A413.

Error - 10/07/2009 10:30:20 | Computer Name = PC-de-CITO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\QuickTime\QTSystem\QuickTimeImage.qtx failed, 0000A413.

Error - 10/07/2009 10:30:21 | Computer Name = PC-de-CITO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.qtx failed, 0000A413.


Error - 10/07/2009 10:30:22 | Computer Name = PC-de-CITO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx failed, 0000A413.


Error - 10/07/2009 10:30:22 | Computer Name = PC-de-CITO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx failed, 0000A413.

Error - 10/07/2009 10:31:36 | Computer Name = PC-de-CITO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Google\Picasa3\plugins\Red.dll failed, 0000A413.

Error - 17/07/2009 17:03:10 | Computer Name = PC-de-CITO | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Sonycarine\AppData\Roaming\Skype\indis07\dc.db-journal failed, 00000005.


[ Application Events ]
Error - 05/10/2008 14:32:00 | Computer Name = PC-de-CITO | Source = RasClient | ID = 20227
Description =

Error - 05/10/2008 15:00:39 | Computer Name = PC-de-CITO | Source = Application Hang | ID = 1002
Description = Le programme Explorer.EXE version 6.0.6001.18000 a cessé d’interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l’historique du problème dans l’application Rapports
et solutions aux problèmes du Panneau de configuration. ID de processus : 85c Heure
de début : 01c9271c24236c55 Heure de fin : 0

Error - 05/10/2008 16:00:17 | Computer Name = PC-de-CITO | Source = Windows Search Service | ID = 3013
Description =

Error - 05/10/2008 16:00:17 | Computer Name = PC-de-CITO | Source = Windows Search Service | ID = 3013
Description =

Error - 05/10/2008 17:44:25 | Computer Name = PC-de-CITO | Source = Application Error | ID = 1000
Description = Application défaillante rundll32.exe, version 6.0.6000.16386, horodatage
0x4549b0e1, module défaillant ntdll.dll, version 6.0.6001.18000, horodatage 0x4791a7a6,
code d’exception 0xc0000005, décalage d’erreur 0x00043387, ID du processus 0x1724,
heure de début de l’application 0x01c9273326e455fb.

Error - 07/10/2008 08:55:20 | Computer Name = PC-de-CITO | Source = RasClient | ID = 20227
Description =

Error - 07/10/2008 09:28:32 | Computer Name = PC-de-CITO | Source = RasClient | ID = 20227
Description =

Error - 08/10/2008 15:44:21 | Computer Name = PC-de-CITO | Source = RasClient | ID = 20227
Description =

Error - 09/10/2008 09:50:35 | Computer Name = PC-de-CITO | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =

Error - 09/10/2008 09:50:35 | Computer Name = PC-de-CITO | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =

[ Media Center Events ]
Error - 16/04/2008 18:09:44 | Computer Name = PC-de-CITO | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete : échec du téléchargement du package
MCESpotlight.

[ OSession Events ]
Error - 02/05/2008 17:30:04 | Computer Name = PC-de-CITO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 23409
seconds with 12900 seconds of active time. This session ended with a crash.

Error - 09/05/2008 17:23:13 | Computer Name = PC-de-CITO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 09/03/2009 17:35:34 | Computer Name = PC-de-CITO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1566
seconds with 900 seconds of active time. This session ended with a crash.

Error - 21/03/2009 18:05:51 | Computer Name = PC-de-CITO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 127
seconds with 60 seconds of active time. This session ended with a crash.

Error - 22/03/2009 15:46:18 | Computer Name = PC-de-CITO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 171
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 21/07/2009 11:13:34 | Computer Name = PC-de-CITO | Source = netbt | ID = 4307
Description = L'initialisation a échoué car le transport a refusé d'ouvrir les adresses
initiales.

Error - 21/07/2009 11:13:54 | Computer Name = PC-de-CITO | Source = Service Control Manager | ID = 7011
Description =

Error - 21/07/2009 16:11:42 | Computer Name = PC-de-CITO | Source = HTTP | ID = 15016
Description =

Error - 21/07/2009 16:12:35 | Computer Name = PC-de-CITO | Source = Service Control Manager | ID = 7000
Description =

Error - 21/07/2009 16:12:35 | Computer Name = PC-de-CITO | Source = Service Control Manager | ID = 7023
Description =

Error - 21/07/2009 16:12:35 | Computer Name = PC-de-CITO | Source = Service Control Manager | ID = 7000
Description =

Error - 21/07/2009 16:12:35 | Computer Name = PC-de-CITO | Source = Service Control Manager | ID = 7000
Description =

Error - 21/07/2009 16:12:35 | Computer Name = PC-de-CITO | Source = Service Control Manager | ID = 7000
Description =

Error - 21/07/2009 16:14:48 | Computer Name = PC-de-CITO | Source = Service Control Manager | ID = 7023
Description =

Error - 21/07/2009 16:15:18 | Computer Name = PC-de-CITO | Source = DCOM | ID = 10010
Description =


< End of report >

Thanks again!
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP